8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
1/23
Refining the Notion of Responsibility in Enterprise
Engineering to Support Corporate Governance of IT
Christophe FELTUS
Public Research Centre Henri Tudor, Luxembourg
Michal PETIT
PReCISE Research Center, Faculty of Computer Science, University of Namur, Belgium
Franois VERNADAT
Directorate for Information Technology and Telecommunications, European Court of Auditors, Luxembourg
http://www.emse.fr/fr/transfert/g2i/actualites/incom2006/images/logos/incom09.pnghttp://images.google.lu/imgres?imgurl=http://www.fundp.ac.be/sciences/physique/physique2005/Images/fundp.jpg&imgrefurl=http://www.fundp.ac.be/sciences/physique/physique2005/&usg=__uB93uFFhGagVjWKEATdexVmEOaY=&h=255&w=397&sz=95&hl=fr&start=1&um=1&tbnid=JbJvuwBnowToaM:&tbnh=80&tbnw=124&prev=/images%3Fq%3Dfundp%26um%3D1%26hl%3Dfr%26sa%3DN8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
2/23
Context
Governance of IT is becoming more and morenecessary
Sarbanes-Oxley Act Basel II
ISO/IEC 38500:2008
Need for more responsibility, transparency,
accountability, ethic, commitment Existing frameworks dont address those
requirements systematically
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
3/23
Plan
Presentation of the model of responsibility
CIMOSA and the responsibility model
Analysis
Enhancement
Case study
Conclusions
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
4/23
The responsibility model
Responsibility
Obligation to satisfactorily perform or complete a task
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
5/23
The responsibility model
Responsibility
The state of being answerable about the achievement of a task
AccountabilityAnswerability
Sanction
Soft
Hard
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
6/23
The responsibility model
Responsibility
Describes the quality of having the required qualities orresources to achieve a task
AccountabilityCapability
Access Right
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
7/23
The responsibility model
Responsibility
The engagement of a stakeholder to fulfil a task taking
Capability Accountability Commitment
Affective Continuance
Antecedents Outcomes
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
8/23
The responsibility model
Responsibility
Capability Accountability Commitment
Task Stakeholder
Accountability CommitmentCapability
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
9/23
Advantage of the model
Improve business/IT alignment (principle 1 of ISO38500 : establish clearly understood
responsibilities for IT) Accountability linked to an agent rather than to a
groupmore involvement and concerned
It addresses the commitment and increase ethic
Right capability to the right userminimum ofprivilege
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
10/23
Analyze of CIMOSA
Agent
in the Resource View
Functional entity (I.e. active resource)
Appears when resource are derived from the requirement
definition to the implementation description
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
11/23
Analyze of CIMOSA
Responsibility : implicitly exists
in the Organizational View that is composed of :
Organizational Units : low level decision centers or work
position assigned with responsibility
Organizational Cells : higher level decision centers with a
manager, responsibilities and authorities.
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
12/23
Analyze of CIMOSA
Responsibility : implicitly exists
in the Organizational View
Organizational Cells structure Organizational Units into larger
entities at different responsibility level
Mauchan, 2007 : Organization Unit is responsible for process
(composed of activities) that need capability
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
13/23
Analyze of CIMOSA
Capability in the Resource View
Are necessary for achieving activities
Are provided by the agents
Capability is defined by a set of technical capabilities or aset of competences
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
14/23
Analyze of CIMOSA
CIMOSA does not address the Commitment
Accountability is the obligation to perform an activity
Input : agent (resource) - Output : the result (ctrl, fct,resource)
No link between the agent accountability and the activity
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
15/23
Enhancement of CIMOSA
Responsibility : explicitly introduced in the
Organization view Linked to the activity to be performed and to the agent
responsible for it
Distinguish agent that needs capabilities/competencies and
that will be accountable Manage the delegation
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
16/23
Enhancement of CIMOSA
Capability :
No more linked to activities but to the responsibility
Consequence : agent is responsible if he has thecapabilities
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
17/23
Enhancement of CIMOSA
Commitment is introduced in the Organizationview
Accountability explicitly introduces in theOrganisation view
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
18/23
Enhancement of CIMOSA
The combination of CIMOSA with theresponsibility model is introduced in the
CIMOSA language
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
19/23
CASE STUDY : existing
Access right
Automotive industry
AutomotiveSpice PAM ISO/IEC 15504
Activities
Accountabilities
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
20/23
CASE STUDY : not existing
Implementation sequence
Input Work Product :
Capabilities Agent which achieve task
Base practices in some
operations
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
21/23
CASE STUDY : component
description
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
22/23
CASE STUDY : Enhanced
activity description
8/12/2019 Presentation INCOM 09 - Refining the Notion of Responsibility in Enterprise Engineering to Support Corporate Governance of IT
23/23
Conclusions
Corporate governance requirements
CIMOSA enhancement with responsibility
model components
Better visibility of each agents responsibility
Better security
Better business/IT alignment
Illustration on the supplier Tenderingprocess from automotive industry