JOnline: Embed With SFIA—Secrets From the Missing Framework 

Download Article

Why is value so hard to sustain? What is the secret to making best practices stick? How does an organisation make process improvement and good governance last when the consultants leave?

Most process consultants speak frequently about adopt and adapt—the importance of adopting best practice frameworks and then adapting them to suit the business and organisation. The problem is that when most consultants leave the building, the value leaves with them. To preserve the value in best practices, best practices need to be embedded into the organisation.

The Skills Framework for the Information Age (SFIA)1 is a people framework. It focuses on the skills and the capabilities required in supporting good governance, and it is the missing link in governance adoption.

Setting the Scene—the Role of SFIA

It is well known in the process-consulting world that the best way to implement a process framework is to adopt the framework and then adapt it to the organisation’s needs. It is widely understood that not all processes are always required for an organisation and different organisations require different levels of maturity. This applies to all the major process frameworks, including ITIL, PRINCE2 and COBIT. The same can be said for the adoption of the various standards used in IT, e.g., ISO/IEC 27002, ISO/IEC 31000, ISO/IEC 9001.

Defining a set of processes and creating a bunch of artefacts aligned to the needs of the organisation are only parts of the picture. While acknowledging the importance of management of organisational change (MOC) to help people transition to a new world or paradigm, once the MOC programme has been rolled out, the copies of Who Moved My Cheese?2 begin to gather dust on the shelf and the organisation is faced with that scary reality of business-as-usual and quickly falls back into bad habits and old ways.

SFIA helps to address this issue in a number of ways, some of which have hidden but substantial benefits. It is important to understand the benefits a skills framework can provide.

One way to start is to take a closer look at the role of SFIA in the adoption of IT governance and how implementing SFIA can change the way IT is managed in the future.

The History of SFIA

SFIA is a model for describing and managing competencies for information and communications technology (ICT) professionals, and it is intended to help match the skills of the workforce to the needs of the business. Mapping the range of skills as a two-dimensional table, it tags each skill with a category and responsibility level.

The SFIA Foundation developed the open framework in 2003, and it underwent an update to version 5 in late 2011.

The SFIA is used in the public and private sector. In Australia, for example, the Australian Federal Government’s Whole-of-Government ICT Strategic Workforce Plan 2010-2013 is underpinned by SFIA, and the framework is an essential component for the Australian Public Service (APS) career structure. It is used for people-oriented processes and ICT career development. The Australian State Government of Queensland has made excellent progress in integrating SFIA into the workplace.3

The Value of SFIA

Figure 1 shows how SFIA can be used in all aspects of workforce management, such as in the supply chain environment.

Figure 1

SFIA can be used to build standard role descriptions and organisational design to align with best practice. Having standard role descriptions assists in removing the ambiguity of people’s roles, defining the skills and qualifications required to perform those roles, and helping IT define the level of skills required for each role.

Many enterprises have little to no idea of the skills of individuals within the organisation, especially when it comes to IT. Each IT role has, on average, four to six skills required to perform it. Likewise, on average, an individual has between four to 10 skills at various levels.4 Individuals can be seen leaving an organisation one day, only to re-join the same organisation the following day performing a different role using different skills. If an organisation has an inventory of skills present in its staff, it will reduce the amount of employee turnover in the organisation.

If individuals understand their skills and have an understanding of the skills required by the organisation or the market, they can grow and develop their skills to align to the roles that the organisation or the market values. For example, individuals may reach the maximum potential earning capacities for their given roles, but if they develop or acquire new skills, they may be able to perform a more valuable role. This will also aid in the return on investment (ROI) for training and development, creating the link between the cost of skills acquisition and the value the skill provides.

Last, by linking remuneration and reward to the skills that are valued by the organisation, there is a transparent and accountable link between salaries and roles. If individuals wish to increase their salary, they simply need to acquire additional skills that are valued by the organisation.

An SFIA Case Study

In a recent engagement, Adaps, one of the oldest IT recruiters in Australia, was asked to perform analysis against a set of roles within a large organisation. Adaps used SFIA to analyse the roles required by the organisation and to rate the individuals currently performing those roles. The organisation wanted to explore the hidden value of SFIA in tangible terms.

Three types of roles that were common within the organisation were selected: analyst programmer, business analyst and project manager. In total, the organisation assessed 23 individuals who were employed in those roles, and the assessment was conducted by two independent, accredited SFIA consultants who reviewed the employees’ résumés. When the assessments were complete, the SFIA alignment between the individuals and the roles, as well as the financial impact on any misalignment, was analysed.

Step 1: Role/Position Definition
For each of the roles, an SFIA-aligned role description was built (see figure 2). The role descriptions were based on the organisation’s existing roles used for candidate selection to ensure an understanding of the skills the organisation valued. each role definition was divided into four parts.

Figure 2

Part 1 detailed the levels of responsibility and included the SFIA description around autonomy, influence, complexity and business skills. There is a different description for each of the four attributes at each of the seven SFIA levels, and this gives a good indication as to the overall responsibility of the role.

Part 2 of the role description focused on the SFIA skill codes required for the role. In general, each role required four to eight skills at varying levels. The skill levels (again, one to seven) would cluster at the similar level, and could easily be grouped into foundation (one to three), practitioner (four and five) and expert (six and seven).

Part 3 of the role definition detailed some of the behaviour, or soft skills, required by the role. This part of the role definition is usually supplied by human resources and is often termed a capability leadership framework.

Part 4 included the qualifications and certification used to support the skills in part 2. A simple calculation was used to create a concept of skill points for each role, with a skill point being attributed to the incremental level of each skill within the role. Therefore, the skill points for a business analyst would be as follows:

BA Skill Points = BRPR (5) + BUAN (5) + RLMT (5) + DTAN (4) = 19

Skill points for a role are derived from the number of skills required to perform the role and the level of each skill. An organisation could attribute a higher skill value for different skills or skill families. The study also found that senior roles were made up of similar skills to their basic counterparts, but at higher levels, and, in some cases, additional skills (e.g., senior business analyst).

The allocation of skills to roles would obviously be unique to different organisations, but would generally be aligned in a similar way.

Figure 3 details the SFIA skill codes for each role and the associated skill points.

Figure 3

There could be sections in the position/role description for reporting lines and key performance indicators, for example, but those were superfluous to the organisation’s requirements.

Step 2: Skills Assessment
Once the organisation had a good understanding of the roles and skills required, each résumé was assessed for indications of these skills, checking for relevant experience, qualifications, use of tools and methods, and length of engagements and levels of responsibility.

Figures 4 and 5 illustrate a subset of the roles assessed and the skills identified. Green indicates where the individual has a skill present at the required level. Tan or purple indicates where the skill was present at a lower or higher level, respectively. red indicates where the skill was not present at all. It is often the case that an individual has additional skills to those required to perform a role. Whether there is a value attributed to these non-core skills is up to the organisation. While it is valuable to know that these skills exist, and at what levels, it is doubtful that the role will value these skills from a financial perspective. It can also be said that knowing these skills exist may add a level of differentiation to the selection of a candidate if two or more candidates are suitable for a role and have similar core skill profiles.

Figure 4

Figure 5 illustrates the concept of skill profiles in more detail.

Figure 5

Step 3: Value Definition
In the next stage, a value was attributed to each role and the associated skill with that role. The average value of the role was divided by the associated skill points for that role to get an average value for each skill point. This approach was applied to all roles and a table of role values was created. The financial value for each skill point was AUS $4,100, and figure 6 shows the relative value of each role.

Figure 6

A sensitivity test was performed on the skill value amount, but this had a minimal effect on the overall findings. These salaries were also tested with the hiring managers within the organisation and the recruitment department within Adaps; for this particular organisation, the values were in line with current expectations.

All salaries used were for full-time employees (FTEs) and included employer pension contributions.

Step 4: Value Alignment
Finally, the value of the role, the skills within each role and the skills of each individual were aligned, and discrepancies were checked. Figure 7 shows the results.

Figure 7

The definitions of each column are as follows:

  • Skill points: The number of skill points required by the role or attributed to the individual, relevant to that role
  • % Fit: The percent of skill points that the individual possesses for that role
  • Direct cost: The permanent FTE salary for that individual at time of placement in that role
  • Value: The value the individual contributes to the role (Skill Points x AUS $4,100), or role value at 100
  • Cost gap: The difference between the direct cost and the value of the role (Direct Cost – Value)
  • Skill gap: The difference in skill points between the role and the individual
  • Value gap: The cost of the missing value required for the role (Skill Gap x AUS $4,100)
  • Total cost: The total cost of the role by that individual (Direct Cost + Value Gap)
  • Total saving: The potential saving if the total cost were to align with the role value (Total Cost – Role Value)
  • Alignment: The percent alignment of the role, calculated against the savings and the role value. In figure 7, Green indicates greater than 80 percent, yellow indicates between 50 percent and 79 percent, and red indicates less than 50 percent.

As shown in figure 8, there is better alignment within the analyst programmer roles, both basic and senior, but poor alignment between business analysts and project managers.

Figure 8

It is worth noting that the skill validation did not include a formal interview with the individuals focusing on these skills.

Case Study Analysis

When looking at the correlation between skills and salaries of the individuals, the alignment is poor.

There are many possible reasons for this poor alignment. One may be that the individual is a good negotiator and was able to talk his/her way into the role. Another could be that the skills in the initial role description were not well identified or understood and, therefore, a poor value analysis was performed. A common reason is supply and demand. If there is a limited pool of resources within the market, this can create a misalignment in value. All these possibilities can be mitigated with good positioning, planning and processes.

Figure 9As shown in figure 9, there is, on average, AUS $28,000 worth of skills missing in each role and AUS $73,300 worth of value provided. The average salary for each role should be AUS $101,300, but the actual average remuneration is AUS $118,400—a difference of AUS $17,100. Therefore, the combined saving if a person was aligned to each role would be AUS $45,100. With an organisation of 1,600 IT staff, for example, the saving would be AUS $72 million per year, or approximately 31 percent.

The easiest area for savings would be the AUS $17,100 attributed to salary variations by role. The other area for savings is the cost associated with the skills that are not present—i.e., activities not being performed. There are a number of scenarios that link to this cost:

  1. Work being performed by another individual. In this case, the skills required to perform the work are present in another individual who performs the activities associated with the role. In this case, there is a hidden cost that has been transferred to another person.
  2. The activities associated with the skill are not being performed adequately. This is most often the case, and in the case of the project managers in the case study, this would result in poor risk management with regard to the project, a lack of skill with benefits management and business case management, and poor change planning. This also becomes a risk issue, and there are a number of audit findings that could be applied. COBIT 5 APO05 (Manage benefits achievement), APO07 (Manage contract staff) and EDM04 (Ensure resource optimisation) relate to skills and capabilities. APO05 and APO07 reference SFIA directly as related guidance.
  3. Skills were not really required in the first place. This is the most unlikely outcome, as it is unlikely that an organisation would include a requirement for a skill that was not really needed. However, if this is the case, the role should be re-scoped and the skill removed.


There is great value in adopting frameworks like ITIL, PRINCE2 and COBIT to standardise processes and implement good governance. However, unless the roles that support these frameworks are defined effectively, people will be challenged in performing the associated tasks and being effective in their roles. By implementing a skills framework such as SFIA, an organisation can better align the skills required for the roles built and justify the cost of skills development and career progression. If an organisation understands the value of a skill or set of skills, it can choose whether to build the capability internally or outsource it. The organisation can track where its human assets are and calculate the return on human capital.

Finally, by aligning the roles people have to the skills they require, the organisation is much more likely to get them to adhere to the processes they need to follow. SFIA is a critical component to both embedding and delivering IT governance.


1 SFIA Foundation,
2 Johnston, Spencer; Who Moved My Cheese?, Simon & Schuster, 1998
3 Queensland Government chief Information Office,
4 Based on the author’s years of experience in IT recruitment

Simon Roller, CISA, CGEIT, CISSP, DPSM, FBCS, DPSM, FBCS CITP, is the managing director of Adaps Consulting. Roller’s career started in the UK, where he worked in IT operations and data centre management for Fortune 100 companies, focusing on the financial services industry and asset management in particular. After moving to Australia, Roller joined Hewlett Packard and continued to provide consulting services in IT best practice and data centre automation. Roller held a variety of country, regional and global roles during his time at Hewlett Packard, ranging from business management to marketing and strategy.

Enjoying this article? To read the most current ISACA Journal articles, become a member or subscribe to the Journal.

The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.

© 2013 ISACA. All rights reserved.

Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.