Balanced Scorecard
Overview
"In 1992, Robert S. Kaplan and David P. Norton began publicizing the Balanced Scorecard through a series of journal articles. In 1996, they published the book The Balanced Scorecard. Since the original concept was introduced, Balanced Scorecards have become a fertile field of theory, research and consulting practice. The Balanced Scorecard has evolved considerably from its roots as a measure selection framework.
The Balanced Scorecard is a performance planning and measurement framework, with similar principles as Management by Objectives, which was publicized by Robert S. Kaplan and David P. Norton in the early 1990s." Wkipedia.
“The Balanced Scorecard is a powerful framework to help organisations rapidly implement strategy by translating the vision and strategy into a set of operational objectives that can drive behaviour, and therefore, performance. Strategy-driven performance measures provide the essential feedback mechanism required to dynamically adjust and refine the organisation's strategy over time. The Balanced Scorecard concept is built upon the premise that what is measured is what motivates organisational stakeholders to act. Ultimately all of the organisation's activities, resources, and initiatives should be aligned to the strategy. The Balanced Scorecard achieves this goal by explicitly defining the cause and effect relationships between objectives, measures, and initiatives across each perspective and down through all levels of the organisation. Developing a Balanced Scorecard is the first step in creating a Strategy-Focused Organisation.” Bscol
Details
The Balanced Scorecard provides an organisational view of an organisation’s overall performance by integrating Financial measures with other key performance indicators around Customer satisfaction, Internal business processes and Organisational growth, learning and innovation.
The BSC translates strategy into action- rapidly, measurably, at all levels of the enterprise by aligning strategy with the four areas (perspectives) in a management framework for managing performance and organisational change. Thousands of organisations worldwide have implemented Balanced Scorecards to boost performance and achieve results.
The BSC is an aid in creating a "balance" among various factors, which share a view of the organisation's strategy for its future development. The BSC links short term operational control to long-term vision & strategy by focusing on a few critical Key Performance Indicators in target areas and forcing to control & monitor day -to-day operations as they affect development tomorrow. For each perspective, we formulate strategic aims, measures, specific goals, and action plans.
Businesses competing in the information age can no longer be measured in the short run by the traditional financial accounting model. This model developed for the industrial age measures events of the past not the investments in the capabilities that provide value for the future.
The Balanced Scorecard is a framework for integrating measures derived from strategy. While retaining financial measures of past performance, the Balanced Scorecard introduces the drivers of future financial performance. The drivers (customer, internal business process, and learning & growth perspectives) are derived from the organisation's strategy translated into objectives and measures.
(Some companies find it more preferable to split the Learning & Growth perspective into 2 perspectives: Human resources and Development)
The Balanced Scorecard is more than a measurement system it can be used as an organising framework for their management processes. The real power of the Balanced Scorecard is when it is transformed from a measurement system to a management system. It fills the void that exists in most management systems - the lack of a systematic process to implement and obtain feedback about strategy.
Measurement Matters: “If you can't measure it, you can't manage it".
If companies are to survive/prosper in the information age they must use measurements and management systems derived from their strategies and capabilities. Unfortunately, many organisations espouse strategies about customer relationships, core competencies, and organisational capabilities while motivating and measuring performance only with financial measures.
Financial Perspective
The BSC retains the financial perspective since financial measures are valuable in summarising the readily measurable economic consequences of actions already taken. They indicate whether a company's strategy, implementation and execution are contributing to the bottom line.
The financial measures tend to be profit related (by operating income), return on capital employed (ROCE or EVA) and Sales growth or generation of cash flow.
Customer Perspective
Identifies the customer and market segment in which the business will compete and measures performance in these targeted segments. The perspective typically includes several core/generic measures like customer satisfaction, customer retention & acquisition and market share. The perspective should also include specific measures of value proposition in the specific market/customer i.e. lead-time, on time delivery if applicable.
Internal Business Process Perspective
The Internal perspective identifies the critical internal processes in which the organisation must excel. These processes enable the business to:
Deliver the value propositions that attract and retain customers
Satisfy shareholder expectations on financial returns
The internal measures focus on the processes that have the greatest impact on customer satisfaction and financial objectives
The inclusion of innovation measures in this perspective also gives the organisation drivers of long-term financial success as well as short-term operational measures.
Learning & Growth Perspective
Learning and Growth perspective identifies the infrastructure that the organisation must build to create long-term growth and improvement. Businesses are unlikely to be able to meet their long-term targets for customers and internal processes using today's technologies and capabilities. Also intense global competition requires companies continually to deliver value to customers and shareholders. Learning and Growth comes from people, systems and organisational procedures.
The financial, customer, and internal perspectives will reveal gaps in the capabilities of people, systems and procedures. To close these gaps businesses will have to invest in re-skilling employees, enhancing IT systems and aligning organisational procedures.
Learning & Growth Measures include employee satisfaction, employee retention, system availability & "front line" customer information, Alignment of employee incentives with overall organisation success factors etc.
The best Balanced Scorecards consist of a series of objectives and measures with linkages incorporating both cause-and-effect relationships and a mixture of outcome measures and performance drivers.
Cause-and-Effect Relationships
A strategy is a set of hypotheses about cause and effect. The chain of cause-and- effect should pervade all four perspectives of the Balanced Scorecard therefore a properly constructed Balanced Scorecard should tell the story of the company's strategy
Performance Drivers
A good Balanced Scorecard should also have a mix of outcome measures (lagging indicators) and performance drivers (leading indicators). Outcome measures without performance drivers do not communicate how the outcomes are to be achieved or give an early indication about whether the strategy is being implemented successfully. Conversely performance drivers without outcome measures (may achieve short term operational improvements) fail to reveal whether operational improvements have translated into expanded business with enhanced financial performance.
Balanced Scorecard Use
The Balanced Scorecard can be used to:
- Clarify and gain consensus about strategy
- Communicate strategy throughout the organisation
- Align departmental and personal goals to the strategy
- Link strategic objectives to long term targets and annual budgets
- Identify and align strategic initiatives
- Perform periodic and systematic strategic reviews
BS25777 - IT Continuity Standard
The British Standards Institution is soon to commence work on BS25777 ICT Continuity, a new British Standard for IT continuity and related areas.
Certain areas specified in Publically Available Specification 77 (PAS 77) will form part of the scope of BS25777 but these will be modified in accordance with the overall vocabulary and plain English approach of BS25999 and with applicability to all sizes of organization. Sections in BS25777 will include: glossary, determining business requirements, risk assessment, determining continuity strategy, implementing continuity solutions, exercising, maintenance and audit. There will also be linkages to culture and BC programme management; links to BCMS; and information on the standard’s relationship to ISO 20000, ISO 27001 and ISOIEC 24762.
BS25999 - Business Continuity Management Standard
BS25999, the world’s first British standard for business continuity management (BCM), has been developed to help you minimize the risk of such disruptions.
By helping to put the fundamentals of a BCM system in place, the standard is designed to keep your business going during the most challenging and unexpected circumstances – protecting your staff, preserving your reputation and providing the ability to continue to operate and trade.
BS25999 has been developed by a broad based group of world class experts representing a cross-section of industry sectors and the government to establish the process, principles and terminology of Business Continuity Management.
It provides a basis for understanding, developing and implementing business continuity within your organization and gives you confidence in business-to-business and business-to customer dealings. It also contains a comprehensive set of requirements based on BCM best practice and covers the whole BCM lifecycle.
Who is it relevant to?
BS25999 is suitable for any organization, large or small, from any sector. It is particularly relevant for organizations which operate in high risk environments such as finance, telecommunications, transport and the public sector, where the ability to continue operating is paramount for the organization itself and its customers and stakeholders.
The standards
BS25999 comprises two parts:
Part 1, the Code of Practice, provides BCM best practice recommendations. Please note that this is a guidance document only.
Part 2, the Specification, provides the requirements for a Business Continuity Management System (BCMS) based on BCM best practice. This is the part of the standard that you can use to demonstrate compliance via an auditing and certification process.
Being independently certified to the BS25999 Part 2 by BSI Management Systems, an independent third-party, will be the ultimate assurance to your stakeholders that you comply with BCM best practice.
COBIT® IT Governance Framework
COBIT® which stands for ‘Control Objectives for Information and related Technology’ has been developed as a generally applicable and acceptable standard for good information technology (IT) control practices that provide a reference framework for management, users, IS audit, control and security practitioners.
COBIT® is internationally accepted as the IT Governance framework that represent the way to implement IT Governance. Its guidance enables an organisation to implement effective governance over IT. It was first published by the Information Systems Audit and Control Foundation in 1996, and is now in its fourth edition.
Structure of the COBIT Framework
COBIT framework comprises of 4 domains, 34 IT processes and 318 detailed control objectives. It addresses control objectives that related to operational and compliance issues.
COBIT defines IT processes across 4 broad domains
- Planning and Organization
- Acquisition and Implementation
- Delivery and Support
- Monitoring
COBIT is closely linked to COSO, the most common control framework to deal with Regulatory requirements. For this reason COBIT is widely accepted as the IT control framework that can be used to meet IT related regulatory compliance requirements such as Sarbanes Oxley, Basel II, King II, etc.
CobiT is a registered trademark of ISACA.
COSO – Internal Control Framework
Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a U.S. private-sector initiative, formed in 1985. Its major objective is to identify the factors that cause fraudulent financial reporting and to make recommendations to reduce its incidence. COSO has established a common definition of internal controls, standards, and criteria against which companies and organizations can assess their control systems.
COSO is sponsored and funded by 5 main professional accounting associations and institutes; American Institute of Certified Public Accountants (AICPA), American Accounting Association (AAA), Financial Executives International (FEI), The Institute of Internal Auditors (IIA) and The Institute of Management Accountants (IMA).
Produced after the release of the Treadway Commission’s recommendations, this document provides principles-based guidance for designing and implementing effective internal controls. COSO developed the framework in response to senior executives’ need for effective ways to better control their enterprises and to help ensure that organizational objectives related to operations, reporting, and compliance are achieved. This framework has become the most widely used internal control framework in the U.S. and has been adapted or adopted by numerous countries and businesses around the world.
COSO Enterprise Risk Management — Integrated Framework
In response to a need for principles-based guidance to help entities design and implement effective enterprise-wide approaches to risk management, COSO issued the Enterprise Risk Management – Integrated Framework in 2004.
The COSO ERM framework defines essential enterprise risk management components, discusses key ERM principles and concepts, suggests a common ERM language, and provides clear direction and guidance for enterprise risk management. The guidance introduces an enterprise-wide approach to risk management as well as concepts such as: risk appetite, risk tolerance, portfolio view. This framework is now being used by organizations around the world to design and implement effective ERM processes.
ISO 20000 – IT Service Management Standard
ISO 20000 is the first worldwide standard specifically aimed at IT Service Management. It describes an integrated set of management processes for the effective delivery of services to the business and its customers. ISO 20000 is aligned with and complementary to the process approach defined within the IT Infrastructure Library (ITIL®) from The Office of Government Commerce (OGC).
ISO/IEC 20000:2005, which is issued in two parts under the general title, Information technology - Service management, will enable service providers to understand how to enhance the quality of service delivered to their customers, both internal and external.
- Part 1: Specification provides requirements for IT service management and is relevant to those responsible for initiating, implementing or maintaining IT service management in their organisation.
- Part 2: Code of practice, represents an industry consensus on guidance to auditors and assistance to service providers planning service improvements or to be audited against ISO/IEC 20000-1:2005
The itSMF ISO 20000 Certification Scheme ISO 20000 is increasingly seen as the quality standard for IT Service Management and many companies are striving to adopt ISO 20000 not only for their own benefit but also to help qualify and choose suppliers and partner organisations. Any organisation is able to claim compliance with an industry standard such as ISO 2000 and may put such claims in their documentation and other collateral. However, it is clearly more valuable for such claims to be independently verified as part of a formal certification scheme. ISO 9000 and BS 7799/ISO 17799 are examples where such certification schemes have already been established. itSMF created and now manages the BS 15000-1:2002 IT Service Management Certification Scheme (the scheme) which provides this independent verification against ISO 20000. Operation of the scheme is closely monitored by itSMF to ensure consistency of implementation.
ISO 27001 - Information Security Standard
ISO 27001 is "a comprehensive set of controls comprising best practices in information security". It is essentially an internationally recognized generic information security standard.
Its predecessor, titled BS 7799, has existed in various forms for a number of years, although the standard only really gained widespread recognition following publication by ISO (the International Standards Organization) in December of 2000. Formal certification and accreditation were also introduced around the same time. ISO 27001 was updated in 2005.
The Contents of the ISO 27001 Standard
The ISO 27001 standard comprises eleven prime sections:
- Security Policy
- Organisation of information security
- Asset Management
- Human Resources security
- Physical and environmental security
- Communications and operations management
- Access Control
- Information systems acquisition, development and maintenance
- Information security incident management
- Business continuity management
- Compliance
Within these sections are the detailed statements and clauses that comprise the standard itself. In addition, the standard includes a Forward (setting the scene), a Scope, and a section defining various terms.
ISO 27001, which is issued in two parts under the general title, Information technology - Security techniques, will enable organisations to define, achieve, maintain and improve Information Security that is essential to maintain competitive edge, cash flow, profitability, legal compliance, and commercial image.
ISO 27001 - A Specification for Information Security Management. The International Standard ISO 27001 (British Standard BS 7799-2:2002, the Part 2 of the ISO 27001 Security Standard), has been prepared for business managers and their staff to provide a model for setting up and managing an effective Information Security Management System (ISMS).
ISO 27002 - Code of practice for Information Security Management. ISO 27001, the International Standard for information security management, which has been newly enhanced and updated in June 2005, provides a framework for businesses to review, and improve, the overall effectiveness of their information security.
Certification and Compliance
The first step towards ISO 27001 certification is of course to comply with the standard itself. This is good security practice in its own right, but it is also the longer term status adopted by a number of organisations, who require the assurance of an external measure, yet do not wish to proceed with an external or formal process immediately.
In either case, the method and rigor enforced by the standard can be put to good use in terms of better management of risk. It is also being used in some sectors as a market differentiator, as organisations begin to quote their ISO 27001 status within their individual markets and to potential customers... which is another factor to ensure much wider uptake of the standard.
ISO 9000 – Quality Management Standard
ISO 9000 is a family of standards for quality management systems. ISO 9000 is maintained by ISO, the International Organization for Standardization and is administered by accreditation and certification bodies. Some of the requirements in ISO 9001 (which is one of the standards in the ISO 9000 family) include
- A set of procedures that cover all key processes in the business;
- Monitoring processes to ensure they are effective;
- Keeping adequate records;
- Checking output for defects, with appropriate and corrective action where necessary;
- Regularly reviewing individual processes and the quality system itself for effectiveness; and
- Facilitating continual improvement
A company or organization that has been independently audited and certified to be in conformance with ISO 9001 may publicly state that it is "ISO 9001 certified" or "ISO 9001 registered". Certification to an ISO 9000 standard does not guarantee any quality of end products and services; rather, it certifies that formalized business processes are being applied. Indeed, some companies enter the ISO 9001 certification as a marketing tool.
ISO 14000 – Environmental Management Standard
The ISO 14000 environmental management standards exist to help organizations minimize how their operations negatively affect the environment (cause adverse changes to air, water, or land) and comply with applicable laws and regulations.
ISO 14001 is the international specification for an environmental management system (EMS). It specifies requirements for establishing an environmental policy, determining environmental aspects and impacts of products/activities/services, planning environmental objectives and measurable targets, implementation and operation of programs to meet objectives and targets, checking and corrective action, and management review. ISO 14000 is similar to ISO 9000 quality management in that both pertain to the process (the comprehensive outcome of how a product is produced) rather than to the product itself. The overall idea is to establish an organized approach to systematically reduce the impact of the environmental aspects which an organization can control. Effective tools for the analysis of environmental aspects of an organization and for the generation of options for improvement are provided by the concept of Cleaner Production.
As with ISO 9000, certification is performed by third-party organizations rather than being awarded by ISO directly. The ISO 19011 audit standard applies when auditing for both 9000 and 14000 compliance at once.
OHSAS 18000 - Occupational Health and Safety System
The Occupational Health and Safety System (OHSAS) gives the requirements for an Occupational Health and Safety Management System, to enable organizations to identify and control its health and safety risks, and improve its Health and Safety performance.
The OHSAS 18001 system can be applied to any type of business, organization or industry that wishes to manage its health and safety risks in the workplace.
ITIL - Information Technology Infrastructure Library
What is ITIL?
The Information Technology Infrastructure Library ITIL® is the only consistent and comprehensive documentation of best practice for IT Service Management. Used by many hundreds of organisations around the world, a whole ITIL philosophy has grown up around the guidance contained within the ITIL books and the supporting professional qualification scheme.
ITIL consists of a series of books giving guidance on the provision of quality IT services, and on the accommodation and environmental facilities needed to support IT. ITIL has been developed in recognition of organisations' growing dependency on IT and embodies best practices for IT Service Management.
The ethos behind the development of ITIL is the recognition that organisations are becoming increasingly dependent on IT in order to satisfy their corporate aims and meet their business needs. This leads to an increased requirement for high quality IT services.
ITIL Refresh
ITIL Version 2 (V2) has undergone a major refresh which is Version 3 (V3). Version 3 represents an important evolutionary step in its life. The refresh has transformed the guidance from providing a great service to being the most innovative and best in class. At the same time, the interface between old and new approaches is seamless so that users do not have to reinvent the wheel when adopting it. V3 allows users to build on the successes of V2 but take IT service management even further.
Certification
An ITIL Foundation certificate pin.ITIL Certifications lead to the credential of ITIL Foundation Associate, ITIL Practitioner, and ITIL Service Manager.
ITIL Certifications are managed by the ICMB (ITIL Certification Management Board) which is comprised of the OGC, IT Service Management Forum (itSMF) International and two examinations institutes: EXIN (based in the Netherlands) and ISEB (based in the UK).
The EXIN and ISEB proctor the exams and award qualifications at Foundation, Practitioner and Manager/Masters level currently in 'ITIL Service Management', 'ITIL Application Management' and 'ICT Infrastructure Management' respectively.
ITIL: Overview and Benefits
ITIL provides a systematic and professional approach to the management of IT service provision. Adopting its guidance offers users a huge range of benefits that include:
- Reduced costs
- Improved IT services through the use of proven best practice processes
- Improved customer satisfaction through a more professional approach to service delivery
- Standards and guidance
- Improved productivity
- Improved use of skills and experience
- Improved delivery of third party services through the specification of ITIL or ISO 20000 as the standard for service delivery in services procurements.
PAS 55 - Infrastructure Asset Management Standard.
PAS 55 provides a code of practice and specification for the optimised management of physical infrastructure assets. Significant amounts of money and time are spent managing business critical assets each year. Yet to date there has been confusion over terminology and a variety of approaches have been employed. In many cases these approaches served well, but equally many of us will be aware of high profile failures that hit the headlines. Of course, it is likely that lesser known issues exist as well. Sub-optimal asset management arrangements reduce performance, increase costs and fail the customer.
It was clear to the Institute of Asset Management that there was a crucial need to provide a consistent framework for Asset Management systems. PAS 55: Asset Management meets this need. It is applicable to any organisation that depends upon its physical assets for the performance and continuance of its business operations.
Part 1 contains the requirements. These form the basis for any assessment of conformance (internal or external) and subsequent certification.
Contents
Acknowledgement
Foreword
Introduction
Clause 1 Scope
Clause 2 Normative references
Clause 3 Terms and definitions
Clause 4 Asset management system elements
Clause 4.1 General requirements
Clause 4.2 Asset management policy and strategy
Clause 4.3 Asset management information, risk assessment and planning
Clause 4.4 Implementation and operation
Clause 4.5 Checking and corrective action
Clause 4.6 Management review and continual improvement
Bibliography
TOGAF - The Open Group Architecture Framework
TOGAF, The Open Group Architecture Framework, is an industry standard architecture framework that may be used freely by any organization wishing to develop an information systems architecture for use within that organization.
TOGAF has been developed and continuously evolved since the mid-90’s by representatives of some of the world’s leading IT customer and vendor organizations, working in The Open Group's Architecture Forum. Details of the Forum, and its plans for evolving TOGAF in the current year, are given on the Architecture Forum web site.
About TOGAF Version 8 Enterprise Edition
TOGAF Version 8 Enterprise Edition ("TOGAF 8" for short) is a detailed method and set of supporting resources for developing an Enterprise Architecture. Developed and endorsed by the membership of The Open Group's Architecture Forum, TOGAF 8 represents an industry consensus framework and method for Enterprise Architecture that is available for use internally by any organization around the world - members and non-members of The Open Group alike - subject to license conditions - see Downloading TOGAF 8.1
As a comprehensive, open method for Enterprise Architecture, TOGAF 8 complements, and can be used in conjunction with, other frameworks that are more focused on specific aspects of architecture or for vertical sectors such as Government, Defence, and Finance.
The latest version of TOGAF 8 is Version 8.1.1.
Certification from The Open Group
Certification from The Open Group provides customers with assurance that products and services conform to open standards. This assurance enables market growth, and benefits both customers and vendors alike.
In the Architecture field, The Open Group has introduced a TOGAF 8 certification program, in order to ensure the consistent application and usage of TOGAF 8 throughout the industry, and so protect the value of TOGAF 8 to its users.
A comprehensive introduction to the TOGAF 8 certification program is available on the TOGAF certification web site.
Why is TOGAF 8 Certification Important?
IT customer organizations who wish to base their enterprise architecture work on the open, industry standard of TOGAF 8 "Enterprise Edition", can now procure tools, training, and professional services on the basis of certified conformance with the TOGAF 8 standards.
The existence of a certification program for TOGAF 8 provides an even stronger incentive for organizations (both private and public sector) to standardize on this open method for Enterprise Architecture, and so avoid lock-in to proprietary methods.
It is an important step in making Enterprise Architecture a well-recognized discipline, and in introducing rigor into the procurement of tools and services for Enterprise Architecture.
Why Become Certified?
For architecture service providers and tools vendors, the new certification program provides a way to demonstrate clearly how their services and products support the Enterprise Architect using TOGAF 8.
For individual Enterprise Architects, TOGAF 8 certification demonstrates clearly to employers and peers their commitment to their profession as a discipline. In particular, it demonstrates that they possess a body of core knowledge about TOGAF 8 as an open, industry standard framework and method for Enterprise Architecture.
The Open Group publishes the definitive register of TOGAF 8 certified individuals, and certified service and product offerings, and issues certificates that can be used by vendors in promotion.