General |
1. A formal planning process is used to define the IT strategy. |
4.55 |
4.91 |
5.61 |
2.152 |
|
--- |
2. A formal planning process is used to update the IT strategy. |
4.38 |
4.82 |
5.50 |
2.402* |
|
Gr1-3* |
3. IT budgets are used to control and report on IT activities/investments. |
5.12 |
5.36 |
6.00 |
2.099 |
|
--- |
4. There are IT performance measures (e.g. organization contribution, user orientation, operational excellence or future orientation). |
3.72 |
4.55 |
4.78 |
2.029 |
|
--- |
5. Methodologies are used to charge back IT costs to business units. |
3.23 |
3.36 |
3.83 |
0.344 |
|
--- |
6. There are formal agreements between business and IT departments about IT development projects or IT operations. |
3.72 |
3.91 |
4.72 |
1.201 |
|
--- |
7. An IT governance and control framework (such as CobiT) is used to govern IT. |
3.63 |
3.18 |
4.89 |
2.927* |
|
Gr2-3* |
8. The COSO (Committee of Sponsoring Organizations) or ERM (Enterprise Risk Management) framework for internal control is used to govern IT. |
2.83 |
3.36 |
4.50 |
3.712** |
|
Gr1-3** |
9. There are regular self-assessments or independent assurance activities on IT governance and control. |
3.83 |
4.45 |
5.67 |
|
5.958*** |
Gr1-3*** |
10. The organization regularly engages outside agencies to test its security systems or to conduct security audits. |
4.38 |
5.09 |
6.00 |
|
5.377*** |
Gr1-3*** |
Evaluation, selection and management of IT projects |
|
|
|
|
|
|
11. There is a prioritization process for IT investments and projects in which business and IT are involved (e.g. business cases, return on investment). |
5.18 |
5.55 |
6.17 |
|
3.882** |
Gr1-3** |
12. Explicit criteria are used to help evaluate IT projects. |
4.73 |
4.82 |
5.08 |
|
0.297 |
--- |
13. Both qualitative and quantitative criteria are used to evaluate IT projects. |
5.10 |
5.18 |
5.67 |
0.733 |
|
--- |
14. A cost/benefit analysis is used to evaluate IT projects. |
4.58 |
5.45 |
5.28 |
|
1.748 |
--- |
15. Project cost data are fully identified (direct, indirect, ongoing). |
4.90 |
5.18 |
5.61 |
|
1.153 |
--- |
16. IT investment benefits are identified using quantitative and/or qualitative data that relate directly to business strategies and performance improvement (tracking IT business value). |
4.73 |
4.00 |
4.39 |
|
0.904 |
--- |
17. The expected timeframes for development and implementation are explicitly specified. |
5.21 |
5.64 |
5.72 |
0.812 |
|
--- |
18. All foreseeable risks are identified. |
4.73 |
5.27 |
5.17 |
|
0.904 |
--- |
19. The organizational impacts of IT projects are evaluated. |
4.90 |
5.18 |
5.17 |
|
0.299 |
--- |
20. The availability of personnel resources relative to IT projects is assessed. |
4.93 |
5.00 |
5.44 |
|
1.035 |
--- |
21. Project management methodology is used to manage IT projects. |
5.67 |
5.36 |
6.39 |
1.778 |
|
|
22. Processes are used to monitor the planned business benefits during and after implementation of the IT investments/projects. |
3.70 |
3.82 |
3.72 |
|
0.020 |
--- |
IT strategies and policies: |
|
|
|
|
|
|
23. are clearly written so that employees impacted by IT projects can understand them. |
4.35 |
4.55 |
4.44 |
0.054 |
|
--- |
24. provide these employees with extensive guidance on how to manage IT projects. |
4.04 |
4.45 |
4.94 |
|
2.061 |
--- |
25. define objectives and expectations, such as accountability and responsibility. |
4.07 |
4.45 |
5.11 |
|
3.938** |
Gr1-3** |
26. are communicated to all employees impacted by IT projects (portals or other information services sources). |
4.04 |
4.73 |
4.67 |
1.288 |
|
--- |
27. are accessible to all employees impacted by IT projects. |
4.58 |
4.64 |
4.67 |
0.017 |
|
--- |
28. are updated following feedback from employees. |
4.12 |
3.82 |
4.33 |
0.346 |
|
--- |