ISACA Journal
Volume 2, 2,016 


Essential Frameworks and Methodologies to Maximize the Value of IT 

Laurent Renard, CISA, CISM, CGEIT, CRISC, COBIT Foundation, DevOps, GRCP, ITIL Expert, Lean Six Sigma BB, MoP, MSP, P3O, PMIACP, PMI-PBA, PMP, PRINCE2, Resilia, Scrum PSM-PSPO, TOGAF 

IT helps organizations achieve their goals and optimize their profitability by balancing risk at an acceptable level. Information systems professionals, including IT governance, security and audit professionals, wish to help organizations do so. For that, organizations need practical guidance, benchmarks and tools to select, deploy, and effectively and efficiently operate pertinent frameworks and methodologies.

This article presents the most essential frameworks and methodologies aimed at maximizing the value of IT, starting with IT governance (figure 1). IT governance leads to the design of IT architecture, which then enables portfolio management, which breaks down into program management and then into project management, and includes business analysis to provide the best products or services to operations. This article concludes with process optimization to continuously improve performance.

IT Governance

IT governance is a subset discipline of corporate governance, defined as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals through maintaining risk at a level coherent with the risk appetite of the stakeholders.


Just as corporate governance provides value to shareholders by optimizing a balance between financial return and risk, COBIT provides a set of recommended best practices for governance and control processes of information systems and technology with the goal of aligning IT with business.1 Because COBIT is business-oriented, using it to deliver value and govern and manage IT-related business risk is straightforward.

COBIT is positioned at a high level and has been aligned and harmonized with other, more detailed IT standards and good practices such as the Information Technology Infrastructure Library (ITIL); the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) standard ISO/IEC 27000; Capability Maturity Model Integration (CMMI); The Open Group Architecture Framework (TOGAF); Projects in Controlled Environment, version 2 (PRINCE2) and Project Management Professional (PMP). COBIT acts as an integrator of these different guidance materials, summarizing key objectives under one umbrella framework that links the good practice models with governance and business requirements (figure 2).

IT/Business Architecture

IT architecture is the process of development of methodical IT specifications, models and guidelines using a variety of IT notations within a coherent IT architecture framework and following formal and informal IT solution, enterprise and infrastructure architecture processes.

The Open Group Architecture Framework
TOGAF is a framework for enterprise architecture that provides an approach for designing, planning, implementing and governing enterprise IT architecture. TOGAF is a high-level approach to design and is modeled at four levels: business, application, data and technology. TOGAF delivers value through the insurance of coherence and efficient evolution of all different architecture components.

Portfolio Management

Portfolio management is the centralized management of the processes, methods and technologies to analyze and manage current or proposed programs or projects based on different key characteristics. The objectives of portfolio managers are to determine the optimal resource mix for delivery and to schedule activities to best achieve an organization’s operational and financial goals, while honoring constraints imposed by customers; strategic objectives; or external, real-world factors. Portfolio management of projects can be seen as portfolio management of shares, which can be composed of different stocks that can possibly be competitors and/or have different life cycles, in order to balance performance.

Portfolio Management Professional Certification
A Portfolio Management Professional (PfMP) bridges the gap between strategy and implementation; maps the links among projects, programs, organizational project management and strategy; and describes the portfolio management processes along with the necessary communication, performance, risk and change management subsidiary plans. For fully integrated management of portfolios, programs and projects, it is recommended to use PfMP, Program Management Professional (PgMP) and PMP collaboratively because of the total compatibility of these three methodologies, all of which have been written by the Project Management Institute (PMI), the world’s largest not-for-profit membership association for the project management profession.

Management of Portfolios
Management of Portfolios (MoP) approaches the management of change projects and programs from a strategic viewpoint. It provides an overview of all change activities, including what is in the portfolio, what it costs, what risk is present, what progress is being made, and what impact there is on business as usual and the organization’s strategic objectives. For integrated management of portfolios, programs and projects, people using the PRINCE2 methodology will find benefit in using MoP and Managing Successful Programs (MSP), which are produced by the same global accreditation body, Axelos.

Program Management

Program management is the process of managing a group of related projects in a coordinated manner to obtain benefits and control not available from managing them individually. Program management also emphasizes coordinating and prioritizing resources across projects, managing links between the projects, and the overall costs and risk of the program. A program can be differentiated from a project through the example of the iPhone program, which is composed of the iPhone (hardware) project, the iOS project, the iTunes Portal project and the different iApps projects.

Program Management Professional Certification
The Program Management Professional (PgMP) certification focuses on the strategic objectives, benefits and outcomes of projects and provides an integrated approach to resolve inconsistencies or disconnects across projects and organizational silos that cannot be necessarily resolved at the project level. A PgMP provides a holistic perspective to address the entire value creation life cycle, from the conception to the realization of benefits, and makes the connection between line managers who own the business and project managers who create the changes.

Managing Successful Programs
Managing Successful Programs (MSP) is based on three core concepts:2

  • Transformational flow, which provides a route through the life cycle of a program from its conception to the delivery of the new capability, outcomes and benefits
  • Governance, which allows an organization to put in place the right leadership, delivery team, organizational structures and controls, giving the best chance for success
  • Principles, which are derived from positive and negative lessons learned from program experiences and are the common factors that underpin the success of any transformational change

Project Management

Project management is the discipline of carefully planning, organizing, motivating and controlling resources to achieve specific goals and meet specific success criteria. A project is a temporary endeavor with a defined beginning and end, designed to produce a unique product, service or result to bring about beneficial change or added value. A project’s main success criteria are scope, time and cost. Its primary constraints are quality, risk and resources. From the point of view of the sponsor, a project is defined by its profitability (Profitability P = Benefit/Cost with P>1, Cost of Capital (CC) and CC being composed of stockholders’ Dividend Interest (DI) and bankers’ Long-Term Debt Interest (LTDI), combined in the following formula: CC = xDI + yLTDI with x and y representing the respective share of long-term resources of the company).

There are three main typologies of projects: predictive, iterative and adaptive, each with a different methodology: PMP, PRINCE2 and Scrum, respectively.

Predictive Type: Project Management Professional
PMP is a project management certification based on the content of the A Guide to the Project Management Body of Knowledge (PMBOK Guide), which provides a foundation in a strong classical project management methodology and provides guidelines for managing individual projects; defines project management-related concepts; and describes the project management life cycle and its related processes, as well as the project life cycle. The PMP version 5 recognizes 47 processes that fall into five basic process groups and 10 knowledge areas that are typical of most projects. A project is called classical when the scope can be defined precisely upfront and most or all of the value is delivered at the end of the project (classical project example: a bridge). PMP is suited to all kinds of predictive projects, including IT projects.

Iterative Type: Projects in Controlled Environments, Version 2
PRINCE2 is an iterative, process-based method for effective project management based on seven principles, seven themes and seven processes.3 The key features of PRINCE2 are focus on business justification, defined organization structure for the project management team, a product-based planning approach, emphasis on dividing the project into manageable and controllable stages, and flexibility that can be applied at a level appropriate to the project. A project is called iterative when the scope can be defined upfront, but could be refined before each sequence, and some value can be created after each sequence (iterative project example: a new customer relationship management [CRM] module). PRINCE2 is suited mainly to IT iterative projects.

Adaptive Type: Scrum
Scrum4 is an adaptive and incremental Agile software development framework that uses a flexible, holistic product development strategy in which a development team works as a unit to reach a common goal and enables teams to self-organize by encouraging physical colocation of all team members, as well as daily face-to-face communication among all team members and disciplines in the project.5

A key principle of Scrum is its recognition that during the production processes, customers can change their minds about what they want and need, mainly due to changing conditions in the environment.6 As such, Scrum adopts an empirical approach, accepting that the problem cannot be fully understood or defined, focusing instead on maximizing the team’s ability to deliver quickly and respond to emerging requirements (figure 3).

A project is called adaptive when the total scope cannot be precisely defined upfront and must be refined and updated before each sprint, and significant value can be created after each sprint (adaptive project example: Uber). Scrum is suited to adaptive projects, mainly web-innovative business projects that have a time-to-market effect (the first to launch an innovation makes sales that others will not make) and also, eventually, a first-takes-all effect (the first to launch an innovation can become the standard and then create a monopoly on the market).

Business Analysis

Business analysis is the discipline of identifying business needs and determining solutions to business problems. As the project manager focuses on the project scope, the business analyst focuses on the product scope—requirements analysis—and ensures that changes made to an organization are aligned to its strategic goals. These changes can include changes to strategies, structures, policies, business rules, processes and information systems. People being certified in project management (more so if applying for a PMP) or working in organizations having established project management practices will benefit from using the PMI-Professional Business Analysis (PBA) methodology, while business analysts working in pure business analysis organizations could, having fewer integration needs, opt for the Certified Business Analysis Professional (CBAP) certification, which is based on the Business Analysis Body of Knowledge (BABOK) guide.

Project Management Institute-Professional Business Analysis
PMI-PBA holders are experts in working with stakeholders to define an organization’s requirements to shape the output of projects and ensure that they deliver the expected business benefit. PMI-PBA is oriented toward business analysts with, or wishing to get, project or program management experience, especially if they are working for a company that uses project management methodology based on the PMBOK (the reference model of the PMP certification).

Certified Business Analysis Professional
Certified Business Analysis Professionals (CBAP) master7 the practice of enabling change in an organizational context by defining needs and recommending solutions that deliver value to stakeholders. CBAP is oriented toward business analysts planning to stay on the same path in their profession.

IT Life Cycle Model

The IT life cycle model is a term used in systems engineering, information systems and software engineering to describe a set of processes for planning, creating, testing, deploying, operating and continuously improving an information system. The IT life cycle is about mastering the different phases, from requirements gathering of the customer through effective delivery of the expected value and its continuous optimization to stay competitive.

Information Technology Infrastructure Library
ITIL is a set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. ITIL describes IT processes, procedures and tasks that are not organization specific, but can be applied by an organization for establishing integration with the organization’s strategy, delivering value and maintaining a minimum level of competency). ITIL is specifically suited for classical or iterative project management methodologies such as PMP or PRINCE2.

Development and Operations
Development and Operations (DevOps) is a set of practices for ITSM, more specifically Agile-oriented, that focuses on aligning IT services with the needs of business and emphasizes communication,8 integration, automation and measurement of cooperation among software developers, quality assurance (QA) and IT operations. It aims to help an organization rapidly produce software products and services and improve operations performance.9 The DevOps approach spans the entire delivery pipeline and includes improved deployment frequency, which can lead to faster time to market and lower failure rates of new releases. DevOps is specifically suited for adaptive project management frameworks such as Agile and, especially, Scrum.

Process Optimization

Process optimization is the discipline of adjusting a process so as to optimize some specified set of parameters without violating some constraint. The most common goals are minimizing cost and maximizing throughput and/or efficiency. This is one of the major quantitative tools in industrial decision making.

Lean Six Sigma
Lean Six Sigma is a methodology for process optimization that relies on a collaborative team effort to improve performance by systematically removing eight kinds of waste: defects, overproduction, waiting, nonutilized talent, transportation, inventory, motion and extra processing. Combining Lean manufacturing/Lean enterprise and Six Sigma, Lean Six Sigma is uniquely driven by a close understanding of customer needs; disciplined use of facts, data and statistical analysis; and diligent attention to managing, improving and reinventing business processes. Lean Six Sigma optimizes the global value delivered though all kinds of processes.

Select and Master the Right Tools and Leverage Synergies

When looking at a nail and a screw, one has to know the existence of the hammer and the screwdriver to choose the right tool. But in order to bring the best value, depending on the situation, one has to master both tools. If one has only a hammer, everything looks like a nail, which is a reductive vision of the world. The more one masters the right tools, the bigger and the richer the world becomes.

Author’s Note

The author wishes to thank the Open Group, the Project Management Institute, Axelos, the Accrediting Professional Managers Globally, the Office of Government Commerce, Scrum (Ken Schwaber and Jeff Sutherland), the International Institute of Business Analysis, the DevOps Institute, Lean Six Sigma and Nathalie Massari.


1 ISACA, COBIT 5, USA, 2012,
2 AMPG International, MSP Certification—Managing Successful Programmes,
3 Projects in Controlled Environments, “What Is PRINCE2?,”,
4 Kumari, A.; “Scrum Adaptation in Clinical Data Management Practice,” Scrum Alliance, 13 November 2014,
5, More About Scrum,
6 Project Management Institute, General Information About Business Analysis, PMI Professional in Business Analysis (PMI-PBA) FAQs, 2015
7 International Institute of Business Analysis, “What Is Business Analysis?,”
8 Orlando, T.; “DevOps: Is There One Definition?,” 3Pillar Global,
9 Jasper Solutions, DevOps,

Laurent Renard, CISA, CISM, CGEIT, CRISC, COBIT Foundation, DevOps, GRCP, ITIL Expert, Lean Six Sigma BB, MoP, MSP, P3O, PMI-ACP, PMI-PBA, PMP, PRINCE2, Resilia, Scrum PSM-PSPO, TOGAF, is a consultant and trainer at Global Knowledge who has previously held management responsibilities in numerous high-tech companies (Vivendi, Ascom and Digitas). In 2007, he published The Guide to Clubs, Circles and Networks of Influence and Internet Strategy: MAO® and (r) Evolution in 2008. He has taught marketing and strategy at EDHEC Business School (Lille, France) and currently teaches the Cloud Computing Executive Certificate at Ecole Centrale de Paris (France).


Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.