7 years, 2 months ago

5 Capability Model – Governance by Design

5 Capability Model

  • Introduction to corporate governance and IT governance using a 5 capability model.
    • Management capabilities
      • Party management capabilities
      • Offer management capabilities
      • Financial management capabilities
    • Transactional capabilities
      • Expense transaction capabilities
        • MIKE2.0 Investment & Planning September 2013 content award and inclusion under Creative Commons copyright
      • Revenue transaction capabilities

The five capability model provides the zero data loss scope for any organization or agency, the recovery time objectives for zero downtime and zero data loss.  The same five capabilities allows the financial scope in service management for full regression and Sarbanes Oxley.  Nearly all of the activities are universal across industries and geographies.


Who cares about this issue?

The external stakeholders who are alert and using the audit reports and risk register as key indicators of the organizations operating practices.   There are some technical leaders who are happy to build a healthy risk register as it justifies the need for their teams.

The executives and management would ideally want to have the rule without unnecessary risk,  if they are aware that basic business management systems were abandoned with the collaborative leadership models.

Question for an executive sponsor

  1. You are an employer who must supply tools to allow the employees to perform the task they were hired to perform.

“If the tools fail, is the employee at fault or the employer who supplied faulty tools?”

Question for an employee

  1. If I am hired to perform a task and the tools are allowing me to break policies or avoid procedures.

 ”Am I expected to know how and when policies apply to me and my role if the applications were changed from doing this for me?”

Yes, is there any reasonable expectation of success?  No, neither an employer nor an employee are setup for success.

  • How do I address such a disconnect?
    • Enable the rule
    • Allow a certain degree of variance
    • Expect an exception path

Many of us are immediately sent a mental message that the term “governance by design” either hurts and constrains our stakeholders or it prevents innovation.

  • Key driver in this approach is to enable the possibility.
    • What if the possibility enables innovation by design?
    • What if you also gain a way to change without slowing down your core business?
    • What if you reduce complexity and increase agility and speed?

Imagine if we got out of the weeds when we govern the enterprise?

  • It’s about carving out the minimum viable systems and measuring at the leverage points.


Tomorrow, we will have policy based access and far fewer chances to introduce risk.

  • Three operating models aligned to the customer market behaviors.
    • Run your business
    • Change your business
    • Innovate to grow your business

Ideally, using the same leverage points for a number of audit key controls or a way to monitor the organization for prevent and detect rather than respond and re-act.

  • Governance by design implies system theory, using generic points with low disruption.

An adverse impact and common behavior we see when looking through an bean counter view or in many cases the way IT stakeholders are able to report the issues.

  • Many issues are actually a problem going undetected and making the organization less effective.

Effort and Return

High Effort?/Low Return?

Do nothing

Low Effort?/High Return?

Each person changes at their own pace, people who are given the right answer first are far less likely to change the answer unless justified.

Without the basics, without the logic designed into your 3rd party ERP system, you are operating without the guides or policy enabled as the rule.   You are basically driving blind and are unlikely to know the situation exist.

  • A five capability model enables governance by design.


Design with quality in mind.  I recently read a thesis by a student attending MIT, his thesis was on the subject of defects in manufacturing processing.  The conclusions he came to was unlike most people would be drawn to.   The author noted many parts rather than the whole were being counted as defects in isolation or with low risk associated in the register.   Rather than understanding the many defects in the single process, the approach was to break down a whole into many parts when looking at the defects.