This document discusses strengthening governance of IT through enhancing employee responsibility. It presents a literature review on responsibility concepts and proposes a responsibility model. The model defines key responsibility concepts like accountability, capability, commitment and their relationships. It also applies the model to analyze the COBIT framework's RACI chart for assigning roles and responsibilities. The analysis finds areas where the model could provide improvements to COBIT, such as clarifying different types of responsibilities like being responsible versus accountable. The document concludes that defining an innovative responsibility model can help improve governance of IT.
Thinking of COBIT implementation – Where to start?Vyom Labs
Executives today are increasingly under pressure to manage IT risk and to transform the way business value can be generated from IT.In this Webinar you will learn how to apply COBIT to specific business problems, pain points, trigger events and risk scenarios within the organization.Also how to effectively use it for client initiatives.
Personally designed (content + graphics design), officially accredited COBIT®5 Foundation courseware.
COBIT® is a trademark of ISACA® registered in the United States and other countries.
Trademarks are properties of the holders, who are not affiliated with courseware author.
Strengthening employee’s responsibility to enhance governance of it – cobit r...christophefeltus
This document presents a study that aims to develop and validate a responsibility model to improve IT governance. The researchers analyzed existing responsibility concepts from literature and frameworks like COBIT. They developed a UML model of responsibility with key concepts like obligation, accountability, right, and commitment. The researchers then compared their model to COBIT's representation of responsibility. They propose enhancements to COBIT based on responsibility concepts from their model, aiming to provide a common understanding of responsibility across frameworks to benefit IT governance. The paper illustrates proposed changes to COBIT's process for identifying system owners.
COBIT 5 IT Governance Model: an Introductionaqel aqel
This lecture provides quick and direct insight about Information technologies governance using COBIT 5 framework. COBIT 5 in its fifth edition released by information systems audit and control association (www.isaca.org) in 2012 to supersede the version 4.1 / 2007. It also included ISACA’s VAL-IT model that aimed to manage the financial perspective of IT as well as RISK-IT framework.
The lecture was part of ISACA- Riyadh chapter activities in April 2015 under the sponsorship of Al-Fisal University.
Methodology to align business and it policies use case from an it companychristophefeltus
This document proposes a methodology for aligning business and IT policies using a responsibility model. The methodology is a five-step approach consisting of collecting information, defining capabilities, accountabilities and commitments, linking responsibilities to processes, validating the model, and defining policies. It is illustrated with a case study from an IT company where they define an access control policy using this methodology and responsibility model. The responsibility model defines three components - capabilities, accountabilities, and commitments - to clarify roles and responsibilities for policy definition.
This document proposes a methodology for aligning business and IT policies using a responsibility model. The methodology is a five-step approach consisting of collecting information, defining capabilities, accountabilities and commitments, linking responsibilities to processes, validating the model, and defining policies. It is illustrated with a case study from an IT company where they define an access control policy using this methodology and responsibility model. The responsibility model defines three components - capabilities, accountabilities, and commitments - to clarify roles and responsibilities for policy definition.
This document presents a study that aims to develop and validate a responsibility model to improve IT governance. It analyzes concepts of responsibility from literature and frameworks like COBIT. The researchers developed a responsibility model with key concepts like obligation, accountability, right, and commitment. They then compare this model to COBIT's representation of responsibility to identify areas for potential enhancement, like adding concepts that COBIT lacks. The document illustrates how the responsibility model could be used to refine COBIT's process for identifying system owners and their responsibilities.
Thinking of COBIT implementation – Where to start?Vyom Labs
Executives today are increasingly under pressure to manage IT risk and to transform the way business value can be generated from IT.In this Webinar you will learn how to apply COBIT to specific business problems, pain points, trigger events and risk scenarios within the organization.Also how to effectively use it for client initiatives.
Personally designed (content + graphics design), officially accredited COBIT®5 Foundation courseware.
COBIT® is a trademark of ISACA® registered in the United States and other countries.
Trademarks are properties of the holders, who are not affiliated with courseware author.
Strengthening employee’s responsibility to enhance governance of it – cobit r...christophefeltus
This document presents a study that aims to develop and validate a responsibility model to improve IT governance. The researchers analyzed existing responsibility concepts from literature and frameworks like COBIT. They developed a UML model of responsibility with key concepts like obligation, accountability, right, and commitment. The researchers then compared their model to COBIT's representation of responsibility. They propose enhancements to COBIT based on responsibility concepts from their model, aiming to provide a common understanding of responsibility across frameworks to benefit IT governance. The paper illustrates proposed changes to COBIT's process for identifying system owners.
COBIT 5 IT Governance Model: an Introductionaqel aqel
This lecture provides quick and direct insight about Information technologies governance using COBIT 5 framework. COBIT 5 in its fifth edition released by information systems audit and control association (www.isaca.org) in 2012 to supersede the version 4.1 / 2007. It also included ISACA’s VAL-IT model that aimed to manage the financial perspective of IT as well as RISK-IT framework.
The lecture was part of ISACA- Riyadh chapter activities in April 2015 under the sponsorship of Al-Fisal University.
Methodology to align business and it policies use case from an it companychristophefeltus
This document proposes a methodology for aligning business and IT policies using a responsibility model. The methodology is a five-step approach consisting of collecting information, defining capabilities, accountabilities and commitments, linking responsibilities to processes, validating the model, and defining policies. It is illustrated with a case study from an IT company where they define an access control policy using this methodology and responsibility model. The responsibility model defines three components - capabilities, accountabilities, and commitments - to clarify roles and responsibilities for policy definition.
This document proposes a methodology for aligning business and IT policies using a responsibility model. The methodology is a five-step approach consisting of collecting information, defining capabilities, accountabilities and commitments, linking responsibilities to processes, validating the model, and defining policies. It is illustrated with a case study from an IT company where they define an access control policy using this methodology and responsibility model. The responsibility model defines three components - capabilities, accountabilities, and commitments - to clarify roles and responsibilities for policy definition.
This document presents a study that aims to develop and validate a responsibility model to improve IT governance. It analyzes concepts of responsibility from literature and frameworks like COBIT. The researchers developed a responsibility model with key concepts like obligation, accountability, right, and commitment. They then compare this model to COBIT's representation of responsibility to identify areas for potential enhancement, like adding concepts that COBIT lacks. The document illustrates how the responsibility model could be used to refine COBIT's process for identifying system owners and their responsibilities.
This document provides an agenda and overview for a joint workshop on security modeling hosted by the ArchiMate Forum and Security Forum. The workshop aims to identify opportunities to improve the conceptual and visual modeling of enterprise information security using TOGAF and ArchiMate. The agenda includes introductions, a research spotlight on strengthening role-based access control with responsibility modeling, an open discussion on complementing TOGAF and ArchiMate with enhanced security modeling, and identifying next steps. The workshop purpose is to enable better security architecture decisions and drive usage of TOGAF and ArchiMate for security architecture.
Accountability vs Responsibility At Work.pdfStaff Connect
Understand the key distinctions between accountability vs responsibility at work. Gain insights into how these concepts shape workplace dynamics and enhance productivity. Learn more on our blog!
This document discusses the art of delegation. It defines delegation as assigning responsibility for tasks to other people. Delegation has benefits like increased efficiency, productivity, employee development and improved trust. However, people often do not delegate due to ego, lack of time, or concerns about accountability. Effective delegation requires clearly defining goals, responsibilities, authority, and accountability. It also requires motivating, training, and holding employees accountable for their work. The document outlines a seven-step process for delegation, including determining goals, defining roles, providing authority and motivation, and establishing accountability and control. It concludes by discussing five degrees of delegation based on levels of approval and oversight required.
Building a responsibility model using modal logicchristophefeltus
This document discusses building a responsibility model using modal logic concepts of accountability, capability, and commitment. It begins with a literature review of existing policy and access control models. The review finds that while concepts like rights, roles, and obligations are addressed, existing models do not fully cover all three responsibility concepts. The document then proposes a preliminary responsibility model and definitions for its components. It suggests a formalization of key concepts using deontic logic adapted from alethic logic. The goal is to provide a framework to define concepts, verify organizational structures, and detect policy issues.
This document discusses building a responsibility model using modal logic. It begins with a literature review of existing policy models and engineering methods related to concepts of accountability, capability and commitment. It identifies that while some concepts like rights and roles are commonly addressed, models do not fully cover all responsibility components. The document then proposes a preliminary responsibility model and defines the main concepts of capability, accountability and commitment. It suggests a formalization of these concepts using deontic logic to help analyze organizational structures and policies for consistency and problems.
This document provides an overview of leadership and supervisory concepts related to establishing authority in an employment relationship. It discusses:
- The origins of duties and responsibilities in employment stemming from agency law principles from the 18th century onward. Agents owe principals duties of loyalty and care.
- How authority, responsibility, and accountability are interrelated but distinct - authority provides power, responsibility indicates obligation, and accountability is answerability.
- Factors like government rules, corporate policies, job descriptions, and budgets help determine the limits of a supervisor's authority.
- Disciplinary action aims to correct behavior, prevent negative impacts, and should follow attempts at coaching and training when standards are not met or duties are not
Responsibility charting (RACI) is a technique used to clarify roles and responsibilities for activities and decisions within a process. It involves identifying the key activities and decisions, and then defining the participation of roles as either Responsible, Accountable, Consulted, or Informed. This provides clarity around individual responsibilities and accountability, reduces duplication of work, and improves communication and teamwork. The RACI process involves developing responsibility charts through workshops, documenting and communicating the charts, and follow up to ensure the defined roles are being followed. Benefits include increased productivity, reduced errors, streamlined structures, and better planning and training.
The document discusses management functions and the POSDCORB model. It defines POSDCORB as an acronym created by Luther Gulick comprising the main functions of management: Planning, Organizing, Staffing, Directing, Coordinating, Reporting, and Budgeting. It then explains each function in the POSDCORB model and the different levels of management, including their typical responsibilities.
This document provides an overview of role and responsibility charting (RACI). It defines RACI as a technique for identifying process ambiguities and clarifying roles and responsibilities. The document outlines the basic assumptions around roles as conception, expectation, and behavior. It also describes the RACI process as a 5-step approach to systematically map out decisions, activities, roles and clarify responsibilities using the RACI codes of Responsible, Accountable, Consulted, and Informed. The goal is to ensure roles and expectations are clearly defined and aligned to improve process performance and accountability.
The document discusses empowerment, accountability, and responsiveness in occupational safety and health (OSH). It defines empowerment as giving employees freedom and authority, accountability as being responsible and answerable, and responsiveness as reacting quickly. It emphasizes clear lines of accountability in safety management and evaluating OSH committee effectiveness. An accountable safety system requires authorized behaviors, objective evaluation, and appropriate consequences.
This document outlines an agenda for a leadership bootcamp covering authority, duties, and disciplinary action. It defines key employment law concepts like agency relationships, actual and apparent authority, and duties of loyalty and care that agents owe their principals. The document explains that authority and responsibility arise from assigned duties, and accountability comes from accepting work. It stresses that disciplinary action should follow documented coaching attempts, and is intended to correct behavior rather than punish. The company disciplinary policy emphasizes using discipline as an opportunity for employees to learn.
This document provides an overview and agenda for a leadership bootcamp covering principles of authority, duties, and disciplinary action in the workplace. It discusses how authority is granted from a principal to an agent in an employment relationship, and the duties and responsibilities that agents take on. Reasons for disciplinary action include not meeting performance standards or policies. Disciplinary action should occur when coaching and training have been unsuccessful, resources are not being utilized, or corrective action is needed to prevent negative impacts on the organization. The intent, effect, and perception of policies help define when and how they should be applied and disciplinary actions carried out.
This document provides an overview of an employee leadership bootcamp that covers authority, duties, and disciplinary action. It discusses the concepts of agency relationships, principal and agent roles, and how duties create authority and responsibilities for employees. The document also examines when disciplinary action should occur, outlining that it is appropriate when job standards are not met despite coaching and training opportunities. Finally, it stresses the importance of documenting employee performance issues and training to justify any disciplinary measures.
I just want to share my report in EDM 211 Theories and Principle of Educational Management. Unfortunately, I wasn't able to cite my references for this slide.
I hope this will help with your report. Thank you!
UCISA Toolkit - Effective Benefits Management for Business Change and IT Proj...Mark Ritchie
This toolkit provides an overview of the principles behind benefits realisation and some basic tools for use in projects. The toolkit also provide signposts to more sophisticated techniques that are available should a project require them.
Benefits management aims to ensure that benefits that have been identified at the start of a project are realised and that any benefits that emerge as the project progresses are properly exploited. As many project benefits are not realised until after the project is closed it is important that appropriate structures are put in place to monitor benefits realisation post project.
This toolkit was developed based on best practice at the University of Sheffield. The toolkit was published by the UCISA Project and Change Management Group in September 2016.
Accountability Focused Management Part 1Brice Alvord
The document discusses accountability focused management and improving the effectiveness of objectives. It introduces key concepts like responsibility, accountability, and paradigms. It then outlines a process for building a shared vision, developing individual charters, identifying continuing vital activities, deriving objectives, and gauging impact. The process aims to shift from a responsibility paradigm to an accountability paradigm in management.
Multi-Agent System (MAS) monitoring solutions are designed for a plethora of usage topics. Existing approach mostly used cloned back-end architectures while front-end monitoring interface tends to constitute the real specificity of the solution. These interfaces are recurrently structured around three dimensions: access to informed knowledge, agent’s behavioural rules, and restitution of real-time states of specific system sector. In this paper, we propose prototyping a sector-agnostic MAS platform (Smart-X) which gathers in an integrated and independent platform all the functionalities required to monitor and to govern a wide range of sector specific environments. For illustration and validation purposes, the use of Smart-X is introduced and explained with a smart-mobility case study.
Aligning the business operations with the appropriate IT infrastructure is a challenging and critical activity. Without efficient business/IT alignment, the companies face the risk not to be able to deliver their business services satisfactorily and that their image is seriously altered and jeopardized. Among the many challenges of business/IT alignment is the access rights management which should be conducted considering the rising governance needs, such as taking into account the business actors' responsibility. Unfortunately, in this domain, we have observed that no solution, model and method, fully considers and integrates the new needs yet. Therefore, the paper proposes firstly to define an expressive Responsibility metamodel, named ReMMo, which allows representing the existing responsibilities at the business layer and, thereby, allows engineering the access rights required to perform these responsibilities, at the application layer. Secondly, the Responsibility metamodel has been integrated with ArchiMate® to enhance its usability and benefits from the enterprise architecture formalism. Finally, a method has been proposed to define the access rights more accurately, considering the alignment of ReMMo and RBAC. The research was realized following a design science and action design based research method and the results have been evaluated through an extended case study at the Hospital Center in Luxembourg.
More Related Content
Similar to Strengthening Employee’s Responsibility to Enhance Governance of IT – COBIT RACI Chart Case Study
This document provides an agenda and overview for a joint workshop on security modeling hosted by the ArchiMate Forum and Security Forum. The workshop aims to identify opportunities to improve the conceptual and visual modeling of enterprise information security using TOGAF and ArchiMate. The agenda includes introductions, a research spotlight on strengthening role-based access control with responsibility modeling, an open discussion on complementing TOGAF and ArchiMate with enhanced security modeling, and identifying next steps. The workshop purpose is to enable better security architecture decisions and drive usage of TOGAF and ArchiMate for security architecture.
Accountability vs Responsibility At Work.pdfStaff Connect
Understand the key distinctions between accountability vs responsibility at work. Gain insights into how these concepts shape workplace dynamics and enhance productivity. Learn more on our blog!
This document discusses the art of delegation. It defines delegation as assigning responsibility for tasks to other people. Delegation has benefits like increased efficiency, productivity, employee development and improved trust. However, people often do not delegate due to ego, lack of time, or concerns about accountability. Effective delegation requires clearly defining goals, responsibilities, authority, and accountability. It also requires motivating, training, and holding employees accountable for their work. The document outlines a seven-step process for delegation, including determining goals, defining roles, providing authority and motivation, and establishing accountability and control. It concludes by discussing five degrees of delegation based on levels of approval and oversight required.
Building a responsibility model using modal logicchristophefeltus
This document discusses building a responsibility model using modal logic concepts of accountability, capability, and commitment. It begins with a literature review of existing policy and access control models. The review finds that while concepts like rights, roles, and obligations are addressed, existing models do not fully cover all three responsibility concepts. The document then proposes a preliminary responsibility model and definitions for its components. It suggests a formalization of key concepts using deontic logic adapted from alethic logic. The goal is to provide a framework to define concepts, verify organizational structures, and detect policy issues.
This document discusses building a responsibility model using modal logic. It begins with a literature review of existing policy models and engineering methods related to concepts of accountability, capability and commitment. It identifies that while some concepts like rights and roles are commonly addressed, models do not fully cover all responsibility components. The document then proposes a preliminary responsibility model and defines the main concepts of capability, accountability and commitment. It suggests a formalization of these concepts using deontic logic to help analyze organizational structures and policies for consistency and problems.
This document provides an overview of leadership and supervisory concepts related to establishing authority in an employment relationship. It discusses:
- The origins of duties and responsibilities in employment stemming from agency law principles from the 18th century onward. Agents owe principals duties of loyalty and care.
- How authority, responsibility, and accountability are interrelated but distinct - authority provides power, responsibility indicates obligation, and accountability is answerability.
- Factors like government rules, corporate policies, job descriptions, and budgets help determine the limits of a supervisor's authority.
- Disciplinary action aims to correct behavior, prevent negative impacts, and should follow attempts at coaching and training when standards are not met or duties are not
Responsibility charting (RACI) is a technique used to clarify roles and responsibilities for activities and decisions within a process. It involves identifying the key activities and decisions, and then defining the participation of roles as either Responsible, Accountable, Consulted, or Informed. This provides clarity around individual responsibilities and accountability, reduces duplication of work, and improves communication and teamwork. The RACI process involves developing responsibility charts through workshops, documenting and communicating the charts, and follow up to ensure the defined roles are being followed. Benefits include increased productivity, reduced errors, streamlined structures, and better planning and training.
The document discusses management functions and the POSDCORB model. It defines POSDCORB as an acronym created by Luther Gulick comprising the main functions of management: Planning, Organizing, Staffing, Directing, Coordinating, Reporting, and Budgeting. It then explains each function in the POSDCORB model and the different levels of management, including their typical responsibilities.
This document provides an overview of role and responsibility charting (RACI). It defines RACI as a technique for identifying process ambiguities and clarifying roles and responsibilities. The document outlines the basic assumptions around roles as conception, expectation, and behavior. It also describes the RACI process as a 5-step approach to systematically map out decisions, activities, roles and clarify responsibilities using the RACI codes of Responsible, Accountable, Consulted, and Informed. The goal is to ensure roles and expectations are clearly defined and aligned to improve process performance and accountability.
The document discusses empowerment, accountability, and responsiveness in occupational safety and health (OSH). It defines empowerment as giving employees freedom and authority, accountability as being responsible and answerable, and responsiveness as reacting quickly. It emphasizes clear lines of accountability in safety management and evaluating OSH committee effectiveness. An accountable safety system requires authorized behaviors, objective evaluation, and appropriate consequences.
This document outlines an agenda for a leadership bootcamp covering authority, duties, and disciplinary action. It defines key employment law concepts like agency relationships, actual and apparent authority, and duties of loyalty and care that agents owe their principals. The document explains that authority and responsibility arise from assigned duties, and accountability comes from accepting work. It stresses that disciplinary action should follow documented coaching attempts, and is intended to correct behavior rather than punish. The company disciplinary policy emphasizes using discipline as an opportunity for employees to learn.
This document provides an overview and agenda for a leadership bootcamp covering principles of authority, duties, and disciplinary action in the workplace. It discusses how authority is granted from a principal to an agent in an employment relationship, and the duties and responsibilities that agents take on. Reasons for disciplinary action include not meeting performance standards or policies. Disciplinary action should occur when coaching and training have been unsuccessful, resources are not being utilized, or corrective action is needed to prevent negative impacts on the organization. The intent, effect, and perception of policies help define when and how they should be applied and disciplinary actions carried out.
This document provides an overview of an employee leadership bootcamp that covers authority, duties, and disciplinary action. It discusses the concepts of agency relationships, principal and agent roles, and how duties create authority and responsibilities for employees. The document also examines when disciplinary action should occur, outlining that it is appropriate when job standards are not met despite coaching and training opportunities. Finally, it stresses the importance of documenting employee performance issues and training to justify any disciplinary measures.
I just want to share my report in EDM 211 Theories and Principle of Educational Management. Unfortunately, I wasn't able to cite my references for this slide.
I hope this will help with your report. Thank you!
UCISA Toolkit - Effective Benefits Management for Business Change and IT Proj...Mark Ritchie
This toolkit provides an overview of the principles behind benefits realisation and some basic tools for use in projects. The toolkit also provide signposts to more sophisticated techniques that are available should a project require them.
Benefits management aims to ensure that benefits that have been identified at the start of a project are realised and that any benefits that emerge as the project progresses are properly exploited. As many project benefits are not realised until after the project is closed it is important that appropriate structures are put in place to monitor benefits realisation post project.
This toolkit was developed based on best practice at the University of Sheffield. The toolkit was published by the UCISA Project and Change Management Group in September 2016.
Accountability Focused Management Part 1Brice Alvord
The document discusses accountability focused management and improving the effectiveness of objectives. It introduces key concepts like responsibility, accountability, and paradigms. It then outlines a process for building a shared vision, developing individual charters, identifying continuing vital activities, deriving objectives, and gauging impact. The process aims to shift from a responsibility paradigm to an accountability paradigm in management.
Similar to Strengthening Employee’s Responsibility to Enhance Governance of IT – COBIT RACI Chart Case Study (20)
Multi-Agent System (MAS) monitoring solutions are designed for a plethora of usage topics. Existing approach mostly used cloned back-end architectures while front-end monitoring interface tends to constitute the real specificity of the solution. These interfaces are recurrently structured around three dimensions: access to informed knowledge, agent’s behavioural rules, and restitution of real-time states of specific system sector. In this paper, we propose prototyping a sector-agnostic MAS platform (Smart-X) which gathers in an integrated and independent platform all the functionalities required to monitor and to govern a wide range of sector specific environments. For illustration and validation purposes, the use of Smart-X is introduced and explained with a smart-mobility case study.
Aligning the business operations with the appropriate IT infrastructure is a challenging and critical activity. Without efficient business/IT alignment, the companies face the risk not to be able to deliver their business services satisfactorily and that their image is seriously altered and jeopardized. Among the many challenges of business/IT alignment is the access rights management which should be conducted considering the rising governance needs, such as taking into account the business actors' responsibility. Unfortunately, in this domain, we have observed that no solution, model and method, fully considers and integrates the new needs yet. Therefore, the paper proposes firstly to define an expressive Responsibility metamodel, named ReMMo, which allows representing the existing responsibilities at the business layer and, thereby, allows engineering the access rights required to perform these responsibilities, at the application layer. Secondly, the Responsibility metamodel has been integrated with ArchiMate® to enhance its usability and benefits from the enterprise architecture formalism. Finally, a method has been proposed to define the access rights more accurately, considering the alignment of ReMMo and RBAC. The research was realized following a design science and action design based research method and the results have been evaluated through an extended case study at the Hospital Center in Luxembourg.
This document proposes an innovative systemic approach to risk management across interconnected sectors. It suggests using enterprise architecture models to manage cross-sector risks in Luxembourg's complex ICT ecosystem. The approach would provide regulators an overview of all players and systems, as well as models of different sectors to analyze collected data and risks at a national level, fostering accurate and reactive risk mitigation across economic domains.
This document proposes extending the HL7 standard with a responsibility perspective to better manage access rights to patient health records. It presents the ReMMo responsibility metamodel, which defines actors' responsibilities and associated access rights. The paper aims to align ReMMo with the HL7-based eSanté healthcare platform model in Luxembourg to semantically enhance access controls based on users' real responsibilities rather than just roles. It will first map concepts between the two models, then evaluate the alignment through a prototype applying inference rules.
This document proposes an innovative approach called SIM (Secure Identity Management) that aims to make access management policies closer aligned with business objectives. It does this in two ways:
1) By focusing the policy engineering process on business goals and responsibilities defined in processes, using concepts from the ISO/IEC 15504 standard. This links capabilities and accountabilities to process outcomes and work products.
2) By defining a multi-agent system architecture to automate the deployment of policies across heterogeneous IT components and devices. The agents provide autonomy and ability to adapt rapidly according to context.
The approach was prototyped using open source components and aims to improve how access rights are defined according to business needs and deployed across an organization
This document proposes a methodological approach for specifying services and analyzing service compliance considering the responsibility dimension of stakeholders. The approach includes a product model and process model. The product model has three layers: an informational layer describing service context and concepts, an organizational layer describing business rules and roles, and a responsibility dimension layer linking the two. The process model outlines steps for service architects to identify context, define concepts and rules, specify services, and analyze compliance. The approach is illustrated with an example of managing access rights for sensitive healthcare data exchange between organizations.
This document discusses integrating responsibility aspects into service engineering for e-government. It proposes a multi-layered approach including an ontological layer defining legal concepts, an organizational layer describing roles and stakeholders, an informational layer representing data structures and integrity constraints, and a technical layer representing IT components. A responsibility meta-model is also introduced to align responsibilities across these layers and facilitate interoperability between services that share data. The approach aims to ensure service compliance and manage risks associated with e-government services.
1) The document proposes a dynamic approach for assigning functions and responsibilities to agents in a multi-agent system for critical infrastructure management.
2) The approach uses an agent's reputation, which is based on past performance, to determine which agents receive which responsibilities as crisis situations change over time.
3) Assigning responsibilities dynamically based on reputation allows the system to continue operating effectively if an agent becomes isolated or has reduced capabilities during a crisis.
This document proposes a responsibility modeling language (ReMoLa) to align access rights with business process requirements. ReMoLa is a responsibility-centered meta-model that integrates concepts from the business and technical layers, with the concept of employee responsibility bridging the two. It incorporates four types of obligations from the COBIT framework to refine employee responsibilities and better assign access rights. ReMoLa maps responsibilities to roles in the RBAC model to leverage its advantages for access right management while ensuring responsibilities align with business tasks and employee commitment.
The document describes the NOEMI assessment methodology, which was developed as part of a research project to help very small enterprises (VSEs) improve their IT practices. The methodology aims to assess VSEs' IT capabilities in order to facilitate collaborative IT management across organizations. It was designed to be aligned with common IT standards like ISO/IEC 15504 and ITIL, but adapted specifically for VSEs. The methodology has been tested through several case studies with VSEs in Luxembourg, with promising results.
This document provides a preliminary literature review of policy engineering methods related to the concept of responsibility. It summarizes key access control models and discusses how they address concepts like capability, accountability, and commitment. The document also reviews engineering methods and how they incorporate responsibility considerations. The overall goal is to orient further research towards a new policy model and engineering method that more fully addresses stakeholder responsibility.
This document proposes an extension of the ArchiMate enterprise architecture framework to model multi-agent systems for critical infrastructure governance. The authors develop a responsibility-driven policy concept and metamodel layers to represent agent behavior and organizational policies across technical, application, and organizational layers. The approach is illustrated through a case study of a financial transaction processing system.
This document summarizes an experimental prototype of the OpenSST protocol for secured electronic transactions. OpenSST was developed to achieve high security, simplicity in software engineering, and compatibility with existing standards. The prototype uses OpenSST for the authorization portion of electronic payments in an e-business clearing solution. It describes the OpenSST message format and types, and discusses how OpenSST is implemented in the prototype's three-element architecture of an OpenSST proxy, reverse proxy, and server.
This document proposes an automatic reaction strategy for critical infrastructure SCADA systems. It defines a three-layer metamodel for modeling SCADA components and two types of policies (cognitive and permissive) that govern component behavior. It then presents a two-phase method for identifying these policies from the SCADA architecture and formalizing them to support an automatic reaction strategy. This strategy is modeled as an integral part of the SCADA architecture using the defined metamodel and policy identification method. It includes organizational and application layers with main actors, strategies, and components that realize the reaction policies based on expected automation levels.
This document discusses the NOEMI model, a collaborative management model for ICT processes in SMEs. The model was developed by the Centre Henri Tudor and tested with a cluster of 8 partner SMEs. Key aspects of the model include defining ICT activities across 5 domains, assessing each SME's capabilities, and having an operational team manage activities for the cluster under a coordination committee. The experiment showed improved cost control, management, and partner satisfaction compared to alternatives like outsourcing or hiring individual IT staff. The research is now ready for market transfer as the successful model is adopted long-term by participating SMEs.
The document proposes an agent-based architecture for multi-level security incident reaction in distributed telecommunication networks. The architecture has three levels: a low level interface with the infrastructure, an intermediate level using multi-agent systems to correlate alerts and deploy reactions across domains, and a high level for global supervision and policy management. The architecture was designed based on requirements like scalability, availability, autonomy, and robust reaction and alert management across distributed systems. It was successfully tested for implementing data access control policies.
This document proposes a multi-agent architecture for incident reaction in information system security. The architecture has three layers - low level interacts directly with the infrastructure, intermediate level correlates alerts and deploys reaction actions using multi-agent systems, and high level provides supervision and manages business policies. The architecture was tested for data access control and aims to quickly and efficiently react to attacks while ensuring policy compliance. The document discusses requirements like scalability, autonomy, and global supervision. It also describes the key components of alert management, reaction decision making, and policy definition/deployment to implement the architecture using a multi-agent approach.
More from Luxembourg Institute of Science and Technology (20)
A comprehensive-study-of-biparjoy-cyclone-disaster-management-in-gujarat-a-ca...Samirsinh Parmar
Disaster management;
Cyclone Disaster Management;;
Biparjoy Cyclone Case Study;
Meteorological Observations;
Best practices in Disaster Management;
Synchronization of Agencies;
GSDMA in Cyclone disaster Management;
History of Cyclone in Arabian ocean;
Intensity of Cyclone in Gujarat;
Cyclone preparedness;
Miscellaneous observations - Biparjoy cyclone;
Role of social Media in Disaster Management;
Unique features of Biparjoy cyclone;
Role of IMD in Biparjoy Prediction;
Lessons Learned; Disaster Preparedness; published paper;
Case study; for disaster management agencies; for guideline to manage cyclone disaster; cyclone management; cyclone risks; rescue and rehabilitation for cyclone; timely evacuation during cyclone; port closure; tourism closure etc.
From Concept to reality : Implementing Lean Managements DMAIC Methodology for...Rokibul Hasan
The Ready-Made Garments (RMG) industry in Bangladesh is a cornerstone of the economy, but increasing costs and stagnant productivity pose significant challenges to profitability. This study explores the implementation of Lean Management in the Sampling Section of RMG factories to enhance productivity. Drawing from a comprehensive literature review, theoretical framework, and action research methodology, the study identifies key areas for improvement and proposes solutions.
Through the DMAIC approach (Define, Measure, Analyze, Improve, Control), the research identifies low productivity as the primary problem in the Sampling Section, with a PPH (Productivity per head) of only 4.0. Using Lean Management techniques such as 5S, Standardized work, PDCA/Kaizen, KANBAN, and Quick Changeover, the study addresses issues such as pre and post Quick Changeover (QCO) time, improper line balancing, and sudden plan changes.
The research employs regression analysis to test hypotheses, revealing a significant correlation between reducing QCO time and increasing productivity. With a regression equation of Y = -0.000501X + 6.72 and an R-squared value of 0.98, the study demonstrates a strong relationship between the independent variables (QCO downtime and improper line balancing downtime) and the dependent variable (productivity per head).
The findings suggest that by implementing Lean Management practices and addressing key productivity inhibitors, RMG factories can achieve substantial improvements in efficiency and profitability. The study provides valuable insights for practitioners, policymakers, and researchers seeking to enhance productivity in the RMG industry and similar manufacturing sectors.
Project Management Infographics . Power point projetSAMIBENREJEB1
Project Management Infographics ces modèle power Point peut vous aider a traiter votre projet initiative pour le gestion de projet. Essayer dès maintenant savoir plus c'est quoi le diagramme gant et perte, la durée de vie d'un projet , ainsi que les intervenants d'un projet et le cycle de projet . Alors la question c'est comment gérer son projet efficacement ? Le meilleur planning et l'intelligence sont les fondamentaux de projet
Colby Hobson: Residential Construction Leader Building a Solid Reputation Thr...dsnow9802
Colby Hobson stands out as a dynamic leader in the residential construction industry. With a solid reputation built on his exceptional communication and presentation skills, Colby has proven himself to be an excellent team player, fostering a collaborative and efficient work environment.
Designing and Sustaining Large-Scale Value-Centered Agile Ecosystems (powered...Alexey Krivitsky
Is Agile dead? It depends on what you mean by 'Agile'. If you mean that the organizations are not getting the promised benefits because they were focusing too much on the team-level agile "ways of working" instead of systemic global improvements -- then we are in agreement. It is a misunderstanding of Agility that led us down a dead-end. At Org Topologies, we see bright sparks -- the signs of the 'second wave of Agile' as we call it. The emphasis is shifting towards both in-team and inter-team collaboration. Away from false dichotomies. Both: team autonomy and shared broad product ownership are required to sustain true result-oriented organizational agility. Org Topologies is a package offering a visual language plus thinking tools required to communicate org development direction and can be used to help design and then sustain org change aiming at higher organizational archetypes.
Impact of Effective Performance Appraisal Systems on Employee Motivation and ...Dr. Nazrul Islam
Healthy economic development requires properly managing the banking industry of any
country. Along with state-owned banks, private banks play a critical role in the country's economy.
Managers in all types of banks now confront the same challenge: how to get the utmost output from
their employees. Therefore, Performance appraisal appears to be inevitable since it set the
standard for comparing actual performance to established objectives and recommending practical
solutions that help the organization achieve sustainable growth. Therefore, the purpose of this
research is to determine the effect of performance appraisal on employee motivation and retention.
Originally presented at XP2024 Bolzano
While agile has entered the post-mainstream age, possibly losing its mojo along the way, the rise of remote working is dealing a more severe blow than its industrialization.
In this talk we'll have a look to the cumulative effect of the constraints of a remote working environment and of the common countermeasures.
Small Business Management An Entrepreneur’s Guidebook 8th edition by Byrd tes...ssuserf63bd7
Small Business Management An Entrepreneur’s Guidebook 8th edition by Byrd test bank.docx
https://qidiantiku.com/test-bank-for-small-business-management-an-entrepreneurs-guidebook-8th-edition-by-mary-jane-byrd.shtml
Strengthening Employee’s Responsibility to Enhance Governance of IT – COBIT RACI Chart Case Study
1. The 1st ACM Workshop on
Information Security Governance
November 13, 2009
Chicago, USA
Strengthening Employee’s Responsibility to Enhance Governance of IT – COBIT RACI
Chart Case Study
Christophe Feltus, Michaël Petit, Eric Dubois
Public Research Center Henri Tudor, Luxembourg-Kirchberg, Luxembourg
PReCISE Research Centre, Faculty of Computer Science, University of Namur, Belgium
The research was funded by the National Research Fund of Luxemburg
2. Introduction :
• Governance of IT is becoming more and more
necessary
Sarbanes-Oxley Act
▫ Transparency regarding account
Basel II
▫ Management of operational risk and people affectation for that task
ISO/IEC 38500:2008
▫ Provide 6 principles for corporate governance of IT
▫ One principle dedicated to responsibility
• Need for more responsibility, transparency,
accountability, ethic, commitment
3. Introduction :
• Companies are used to work with well-known
management framework like :
ITIL (IT Information Library)
▫ a public library that focuses on IT services management for high-quality
service provision
CIMOSA
▫ an enterprise architecture model to define industrial computer system
architecture
ISO/IEC 15504 [7]
▫ a framework for the assessment of software processes
CobiT
• As much responsibility models as frameworks
4. Introduction :
• Many responsibility models means :
▫ No consensus between frameworks / no unique one
▫ No interoperability
▫ Many interpretations of the concepts
• Objective of the research :
▫ Defining a common responsibility model
• Research methodology :
▫ Analyse of the literature
▫ Elaboration of a responsibility model
▫ Successive refinement by comparing it with
professional framework
5. Responsibility
Responsibility: Foreword
• Responsibility : abstract or concret concept ?
• Many definitions in the literature
• L. Cholvy proposes 3 of them :
• Something bad happened and you caused it or could have prevented it
• Obligation or moral duty to report or explain you actions or someone
else’s action to a given authority (answerability)
• Position, which enables you to make decisions in a given organization
but implies that you must be prepared to justify your actions
(accountablity)
• ∆ def 1 def 2 = blame
• ∆ def 2 def 3 = answerability ≠ accountability = position (rules)
6. Responsibility
Responsibility: Foreword
• D'Arcy McCallum :
▫ Responsibility is not something that you can actually assign to someone
▫ Responsibility, in fact, has to come from within
▫ A person is responsible: we mean that he holds a personal commitment
to doing something to some standard of quality
▫ And while you cannot assign responsibility, you can and do assign
accountability...with the expectation that a person will execute the
activity assigned to them to a standard of quality
• Commonly accepted responsibility definitions
encompass the idea of “having the obligation to ensure
that something happens”.
7. Accountability
Sanction Answerability
ComposeCompose
1
11
0..1
1
Compose
1..*
Accountability :
o Obligation or moral duty to report or explain the action or someone else’s action to a given
authority [Cholvy et al.]
o Obligation(s) to report the achievement, maintenance or avoidance of some given state
[Sommerville et al.]
o Accountability is composed of one answerability and zero or one sanction [Fox]
Accountability
Responsibility
8. Functional vs. Managerial Obligation
Obligation : most frequent concept
Functional vs. Structural Obligation [Dobson] :
o functional obligation : what a employee must do with respect to a state of affairs (e.g.
execute an activity)
o structural (managerial) obligation : what a employee must do in order to fulfill a
responsibility such as directing, supervising and monitoring
Concern11
Obligation
Functional
Obligation
Managerial
Obligation
Type of Type of
Concern
1..* 0..*
Accountability
Sanction Answerability
ComposeCompose
1
11
0..1
1
Compose
1..*
Responsibility
9. Soft Accountability
Hard Accountability
Type of
Type of
Positive SanctionNegative Sanction
Type of Type of
OpaqueClear
Type of Type of
Transparency
Generate
1
Compose
1..*
Responsibility
o Sanction is positive or negative also : compensation or a remediation [Fox]
o Transparency is clear : information access policies & reliable information
o Transparency is opaque : information reveled nominally and ponctually
Accountability
Sanction Answerability
Compose
1
11
0..1
1
Compose
1..*
Responsibility
Compose
Accountability, Answerability, Transparency
10. Rights
o Common but not systematically embedded concept
o Capability : describes the possession of requisite qualities , skills or resourcs to performan action
[Vernadat,F.B.][Yu et. Al][Qingfeng et al.]
o Authority : the power to command and control others employees (CIMOSA)
o Delegation right : right to transfer some part of the responsibility to another employee
Access Right
Type of
Authority
Type
of
Needed
for
Right
Capability
Type of
Require
1 0..*
Delegation
Possibility
Type
of
Accountability
Sanction Answerability
Compose
1
11
0..1
1
Compose
1..*
Responsibility
Compose
Concern11
Obligation
Functional
Obligation
Managerial
Obligation
Type of Type of
Concern
1..* 0..*
11. 1
Delegation
Employee
Delegation vs. affectation :
o Affectation or Assignment is the action of linking an employee to a responsibility
o Delegation is the transfer of an employee’s responsibility assignment to another employee
Right to further delegate the same obligation or not [Sommerville]
Delefation of accountability or not [Norman]
Employee
1 0..*
Commitment
Antecedents
Commitment
Activate
Type of1..* 1
Pledge
Delegation
Require
1
1..*0..*
1..*
Is delegated
Delegate
Concernes
Concern11
Obligation
Functional
Obligation
Managerial
Obligation
Type of Type of
Concern
1..* 0..*
Accountability
Sanction Answerability
Compose
1
11
0..1
Compose
1..*
Responsibility
Compose
Right
Capability
Type of
Require
1 0..*
Delegation
Possibility
Type
of
12. Commitment
Antecedents
Commitment
Commitment
o Moral engagement to fulfill the action difficult to integrate in a formalized framework
o The psychological attachment felt by the person for the organization; it will reflect the degree to which the
individual internalizes or adopts characteristics or perspetives of the organization [O’Reilly and Chapman]
o The relative strength of an individual’s identification with and involvement in a particular organization
[Mowday]
o A structural phenomenon which occurs as a result of individual-organizational transactions and alterations
in side-bets or investment over time [Hrebiniak and Alutto]
Right
Capability
Require
1 0..*
Employee
1 0..*
Activate
Type of1..* 1
Pledge
Delegation
Possibility
Delegation
Require
1
1..*0..*
1..*
Is delegated
Delegate
Concernes
Type
of
Concern11
Obligation
Functional
Obligation
Managerial
Obligation
Type of Type of
Concern
1..* 0..*
Accountability
Sanction Answerability
Compose
1
11
0..1
Compose
1..*
Responsibility
Compose
Type of
1
13. Continuance
Type of
AffectiveNormative
Type of Type of
Commitment
Outcomes
Citizen
Behavior
Type of
Provide
1 0..*
Employee
Retention
Type of
Employee
Performance
Type of
Willingness to
Exert Efforts
Type of
Activate
1..*
1
Side-bets Desire Maintain
Membership Belief in Goals
And Values
Contribute to
Contribute to
Contribute to
Feeling of Obligation
Contribute to
Type of Type of
Type of
Type of
Commitment
Antecedents
Commitment
Commitment
14. Complete responsibility model
Commitment
Antecedents
Commitment
1
Employee
1 0..*
Activate
1..* 1
Pledge
Delegation
0..*
1..*
Is delegated
Delegate
Concernes
Concern11
Obligation
Functional
Obligation
Managerial
Obligation
Type of Type of
Concern
1..* 0..*
Accountability
Sanction Answerability
Compose
1
11
0..1
Compose
1..*
Responsibility
Compose
Right
Require
1 0..*
15. The COBIT responsibility model
Control
Action
11..*
Employee
Role
0..*
0..*
Is hold
o COBIT’s control are composed of actions to perform (obligation)
o Employees hold roles like CEO, CFO, CIO, PMO, Head Operation, Business Executive,…
o COBIT responsibility model is formalized through a RACI chart matrix attached to all 34
COBIT processes.
o RACI stands for Responsible, Accountable, Consulted and Informed
o Role may be Responsible, Accountable, Consulted and Informed depending on the control
and the task to perform.
RACI Chart
Responsible
Accountable
Consulted
Informed
16. Control
The COBIT responsibility model
Employee
Role
Action
1
0..*
0..*
1..*
Is hold
RACI Chart
o Responsibility and Accountability at the same conceptual level part of the RACI chart
o Accountability : the employee who provides direction and authorizes an action
o Responsibility : the employee who gets the action done
o “An individual assumes his/her responsibility and is usually held accountable”
It is possible or not to be responsible and accountable at the same time
o “IT management has the resources and accountability needed to meet service level targets”
Accountability is possessed and as consequence, may be seen as rather a capability (or a right) than an
accountability (or an obligation).
Responsible
Accountable
Consulted
Informed
Affected to
0..*
0..*
0..*
0..*
0..*
0..*
1..*
1..*
Affected
to
Analyzed
by
Viewable by
0..*
0..*
0..*
0..*
1..*
1..*
1..*
1..*
Affected to
Affected to
Affected to
Affected to
17. Responsible
Control Affected to
0..*
The COBIT responsibility model
Accountable
Consulted
Informed
Employee
Role
Action
RACI Chart
1
0..*
0..*
0..*
0..*
0..*
0..*
0..*
0..*
0..*
0..*
0..*
0..*
Capability
Needs
0..*
0..*
1..*
1..*
1..*
1..*
1..*
1..*
1..*
Affected
to
Analyzed
by
Viewable by
Affected to
Affected to
Affected to
Affected to
Is hold
o Capability doen’s exist systematically in COBIT. It is necessary for an employee to
perform an action
o Authorithy : ”person or group who has the authority to approve or accept the
execution of an action”
A type of right to approved or accept an action. Authority is something provided to the person
responsible. I.e. the action ”Assigning sufficient authority to the problem manager”
18. Capability
Needs
0..*Responsible
Control Affected to
0..*
The COBIT responsibility model
Accountable
Consulted
Informed
Employee
Role
Action
RACI Chart
1
0..*
0..*
0..*
0..*
0..*
0..*
0..*
0..*
0..*
0..*
0..*
0..*
0..*
1..*
1..*
1..*
1..*
1..*
1..*
1..*
Affected
to
Analyzed
by
Viewable by
Affected to
Affected to
Affected to
Affected to
Is hold
Commitment Pledge
0..*
1
0..*
0..*
1
1
o Assignement/delegation appears sporadically in COBIT and concerns mainly the
capability or even the responsibility.
o Commitment (appears in many controls but not explicitely defined)
[…] employees are mindful of their compliance obligation (commitment antecedent)
“A positive, proactive information control environment, including a commitment to quality and IT
security awareness, is established”
“Obtain commitment and participation from the affected employees in the definition and execution
of the project […]”
19. 1
Accountability Obligation
Sanction Answerability
Managerial
Obligation
Functional
Obligation
Type of Type of
ComposeCompose
Compose
Compose
Compose
1..*11
1
11
1..*
0..1
0..*
Right
Capability
Type of
Require
1 0..*
ResponsibilityEmployee
Affectation
/Delegation
1 0..*
Commitment
Antecedents
Commitment
Activate
Type of1..* 1
Pledge
o Obligation, Right, Capability and Commitment are systematically integrated
o Accountability no more perceived as an attribute that links an employee to an action and that
is on the same level as the responsibility but as a component that composes this responsibility.
o Informed no more perceived as a type of allocation/assignment of “role – action” but as a type
of right for responsibility.
o Consulted is no more seen as a type of allocation/delegation of “role – action” but as a type of
responsibility.
Proposed integration in COBIT
ConsultedType of
Informed
Type of
Responsibility
Accountability
20. Cobit RACI Chart Case Study
• Action : Identify system owner’s
• From : PO4 Define the IT Processes, Organisation and relationship
• RACI :
Activity
Function
CFO
Business
Executive
CIO
Business
Process
Owner
Head
Operation
Chief
Architect
Head
Development
Head IT
Administration
PMO
Compliance,
Audit, Risk
and Security
Identify
System
Owners
C C A C R I I I I I
21. Enhancement 1
• HO is responsible, he gets the activity done but is not accountable
for it. What happen if he doesn’t do it ?
• CIO is accountable. He is answerable and sanctionable.
HO is responsible and accountable for the task
CIO is responsible and accountable for the managerial obligation
regarding the task.
Activity
Function
CFO
Business
Executive
CIO
Business
Process
Owner
Head
Operation
Chief
Architect
Head
Development
Head IT
Administration
PMO
Compliance,
Audit, Risk
and Security
Identify
System
Owners
C C A C R I I I I I
22. Enhancement 2
• CFO, BE and BPO are consulted. Does it imply something for them ?
Consulted is not only a function. It is a responsibility.
This means that responibility components needs to be clarify i.e. :
the obligation, the accountability, or the right.
Activity
Function
CFO
Business
Executive
CIO
Business
Process
Owner
Head
Operation
Chief
Architect
Head
Development
Head IT
Administration
PMO
Compliance,
Audit, Risk
and Security
Identify
System
Owners
C C A C R I I I I I
23. Enhancement 3
• CA, HD, HITA, PMO, CARS are informed. Is the information for
everyone absolutly necessary ?
Informed is more a right than a function. Consequently, it should
be attached to another task and a link should be created between the
information and its use for another task.
Activity
Function
CFO
Business
Executive
CIO
Business
Process
Owner
Head
Operation
Chief
Architect
Head
Development
Head IT
Administration
PMO
Compliance,
Audit, Risk
and Security
Identify
System
Owners
C C A C R I I I I I
24. Conclusion
• Willingness to improve the governance of IT advocates
for the definition of an innovative responsibility model,
including meaningful responsibility concept.
• Afterward, we have compare the responsibility model
with the COBIT RACI chart and we have detected
possible improvements.
• Identify system owners action has been depicted to
illustrate the added value of the model.
26. References
• Christophe Feltus, Preliminary Literature Review of Policy Engineering Methods - Toward
Responsibility Concept, International Conference on Information & Communication
Technologies: from Theory to Applications (IEEE ICTTA2008), May 2008, Damascus, Syria.
• Christophe Feltus, Michaël Petit, Building a Responsibility Model Including Accountability,
Capability and Commitment, Fourth International Conference on Availability, Reliability and
Security (“ARES 2009 – The International Dependability Conference”), IEEE, March 2009,
Fukuoka, Japan.
• Christophe Feltus, Michaël Petit, Building a Responsibility Model using Modal Logic - Towards
Accountability, Capability and Commitment Concepts, The seventh ACS/IEEE International
Conference on Computer Systems and Applications (AICCSA-09) IEEE, May 2009, Rabat,
Morocco.
• Christophe Feltus, Michaël Petit, François Vernadat, Enhancement of CIMOSA with
Responsibility Concept to Conform to Principles of Corporate Governance of IT, 13th IFAC
Symposium on Information Control Problems in Manufacturing, June 2009, Moscow, Russia.