Map StructureThe map has a simple structure. Five key business objectives are located at the top. They are Grow Revenues, Manage Risks, Increase Efficiency, Maintain Compliance and Enhance Customer Value. The perspectives of analysis are Governance & Standards, Customer, Vendor, Partner & Community, Business Functions & Interfaces, Internal Stakeholders, and Enabling IT Services. The map is just a single page, so a holistic picture can be presented to the decision makers. Another benefit of the map is that it provides a framework for managing programmes of change across different business departments within the organisation. Selecting an element within a layer will allow you to describe practically any scenario where a change is required.
Strategy map as a Communication Tool
The map can be used as an effective communication tool allowing you to tell a story of the required capabilities, proposed changes, expected benefits and achievement of business objectives. The map uses the language of the executives and it keeps them on a single page illustrating the business objectives and organisational layers simultaneously. The map facilitates understanding of complexity of change and the required effort (money and human resources) to implement the change and helps assess organisational readiness to changes.
Each organisation evolves every day. It is not really visible from one day to the next but it sill takes place. It means that changes made yesterday have impact on today’s state and thus relationships between components of the map evolve too.
The map can be used to see the progress of changes at a high level. It can also be used to understand what new changes may be required to attain the desired objectives under the changing conditions in the organisational environment. The advantage for the executives is that operational details do not take up their attention, and they can focus on what is working, what is not, and why. The map helps identify new dependencies as projects move from stage to stage. My view is that the 5x5 map is a tool for understanding and managing change.
Let’s have a look at how the 5x5 map can be applied to real situations. Let’s take for example the Maintain Compliance objective and the Sarbanes Oxley Act of 2002 (SOX) as an external force driving a change within an organisation. Three sections in the SOX, namely 302, 404 and 409 are of interest.
Section 302 requires CEOs and CFOs of public companies to certify the information in the company’s quarterly and annual reports along with the company’s internal controls.
Section 404 requires a clear responsibility of management for establishing and maintaining an internal control system and procedures for regular financial reporting. The section also requires an assessment of the effectiveness of the established control system and procedures.
Section 409 states that material changes in the financial condition of the organisation must be disclosed to the public.
All these requirements rely on the control systems and processes. Bearing in mind that no organisation can function without an information infrastructure (business applications and telecommunications), the control systems and processes should be interwoven with the information infrastructure. Without these controls in place the organisation won’t be able to track physical operations and reflect them in the financial postings that are a source of financial reporting.
Let’s go through the layers and perspectives to analyse what should be considered within the organisation to satisfy the SOX 302, 404 and 409 requirements.
Governance & Standards
From this perspective, we need to examine policies, procedures, corporate standards determining the responsibilities of management and employees, the limits of delegated authority given to key managers, the ethics controls established to ensure that all actions are taken in favour of the organisation and its environment. These key guiding documents outline the internal control system and describe specific controls, and where they are to be used.
This layer is important as it gives an overview of all business rules applied to business processes and embedded into the enabling IT services.
Customer, Vendor, Partner & Community
The Customer & Community perspectives both refer to the public and shareholders. The organisation deals with them differently depending on elements within the layer. We need to look at the services provided to customers and communications with customers and community to ensure that the organisation uses the information. This excludes potential complaints and claims of misleading which may lead to a breach of compliance. It means that we need to see if the communicated information is obtained from reliable sources of actual transactions, and who has access to the information.
The Vendor & Partner perspectives are used to look at the transparency of relationships between the organisation and its external parties (supply chain), monitoring and reconciliation of all physical and financial transactions and fair provision of goods and services.
Business Functions & Interfaces
The Business Functions perspective enables us to analyse the organisational value chain, as well as how functions are shared across the organisation. It facilitates a better understanding of organisational structure, business processes within each business department and how they complement each other. Using the information obtained from the Governance & Standards perspectives, we can verify the established controls and rules, check their efficiency, reveal potential weaknesses and thus propose the required changes.
The Interfaces perspective comes in handy for analysing departmental boundaries, how the business information is passed on, what transformation of business data takes place within the processes and what IT enabling services are used within the business processes.
As the organisation operates in its environment, this perspective gives us an opportunity to analyse how the organisation cooperates with its environment, what communication channels are and whether they are manual or automated, what rules are applied to the flowing information, etc.
Any policies and rules apply to people within the organisation so this perspective is focused on personnel, designated roles, skills, levels of competency and understanding of requirements imposed by the organisation itself and its external environment. This perspective facilitates an understanding of stakeholders’ perception of organisational culture, as well as how culture facilitates acceptance of internal controls and willingness to enforce them on a daily basis.
The last perspective is useful for the analysis of enabling IT services which include business applications, communication means and IT infrastructure. They can be analysed in terms of:
- criticality to the business
- ability to protect and control access to sensitive information
- levels of compliance with regulatory requirements
- potential impact on financial reporting
- availability and business continuity measures
- disaster recovery measures
- scheduled service resiliency testing
- physical access controls
- audit trails
The 5x5 map describes the drivers of change, the direction of change, what problem/opportunity layers should be considered when a change is to be made in order to achieve a business objective, what the constraints and limitations within each layer are, and what changes will be required to each layer. It is a useful analysis and communication tool for business analysts.
Don't forget to leave your comments below.
Sergey Korban has been in the IT industry for over 25 years and has hands on experience in business analysis, project management and software development management. He is passionate about making businesses more effective. You can find more of his articles on the Aotea Studios blog (http://aoteastudios.com/blog).