ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > SFIA: The Role of Autonomy in Process Adoption

SFIA:  The Role of Autonomy in Process Adoption

| Published: 10/7/2013 7:45 AM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this Post | Comments (0)
Simon RollerSimon Roller, CISA, CISP, DPSM, FBCS CITP
I was recently involved in an organizational skills assessment where we assessed approximately 300 IT staff using the Skills Framework for the Information Age (SFIA). We used SFIA to identify the skills present and the levels of responsibility at which individuals were operating. SFIA uses 7 levels of responsibility, with each level being represented in terms of autonomy, influence, complexity and business skills. We would generally expect each of the 4 components to be at the same level, but what was interesting is that almost 20 percent of the staff had a level of autonomy that was lower than the other 3 components. If individuals were operating at SFIA level 5 for influence, complexity and business skills, their autonomy level was at level 4.

We did some further investigation as to why this was the case and found some interesting findings. In this example, the operating model of the organization lacked the maturity to support autonomy. Let me explain using a well-known management framework, PRINCE2. As you may be aware, PRINCE2 has 7 principles, 7 themes and 7 processes. One of the critical processes in PRINCE2 is managing product delivery, in which the main objective is to manage the link between the project manager and the team manager. The first, and arguably the most important, activity within this process is accepting a work package. It is during this activity that the team manager and project manager negotiate tolerances for risk, quality, cost and time, and the mechanisms that are employed to communicate information. If this process and activity is followed correctly, the team manager has a clear structure for responsibility and autonomy. If things start to go wrong, there is an agreed process to seek guidance and manage risk. If this process is not in place or not adhered to, the project manager ends up micro-managing the team and the team manager loses autonomy. Although the organization in this example was a PRINCE2 shop, this critical process was not embedded correctly and team members lacked the autonomy they needed. The end result was a demotivated team and an overstretched project manager.

Using SFIA to identify flaws in operating models and process adoption is an excellent way to validate that Responsible, Accountable, Consulted and Informed (RACI) charts; authority levels; and delegation techniques have been understood by and embedded in the organization. Without autonomy, there is a real risk that people will become increasingly demotivated and eventually leave.

Read Simon Roller’s recent JournalOnline article:
Embed With SFIA—Secrets From the Missing Framework,” ISACA Journal, volume 5, 2013.


There are no comments yet for this post.