• Percent of IT-enabled investments where benefit realisation is monitored through the full economic
life cycle
• Percent of IT services where expected benefits are realised
• Percent of IT-enabled investments where claimed benefits are met or exceeded

• Percent of critical business processes, IT services and IT-enabled business programmes covered by
risk assessment
• Number of significant IT-related incidents that were not identified in risk assessment
• Percent of enterprise risk assessments including IT-related risk
• Frequency of update of risk profile

• Number of business disruptions due to IT service incidents
• Percent of business stakeholders satisfied that IT service delivery meets agreed-on service levels
• Percent of users satisfied with the quality of IT service delivery

• Number of incidents related to non-compliance to policy
• Percent of stakeholders who understand policies
• Percent of policies supported by effective standards and working practices
• Frequency of policies review and update

• Percent of enterprise strategic goals and requirements supported by IT strategic goals
• Level of stakeholder satisfaction with scope of the planned portfolio of programmes and services
• Percent of IT value drivers mapped to business value drivers

• Number of security incidents causing financial loss, business disruption or public embarrassment
• Number of IT services with outstanding security requirements
• Time to grant, change and remove access privileges, compared to agreed-on service levels
• Frequency of security assessment against latest standards and guidelines

• Cost of IT non-compliance, including settlements and fines, and the impact of reputational loss
• Number of IT-related non-compliance issues reported to the board or causing public comment
or embarrassment
• Number of non-compliance issues relating to contractual agreements with IT service providers
• Coverage of compliance assessments

• Frequency of capability maturity and cost optimisation assessments
• Trend of assessment results
• Satisfaction levels of business and IT executives with IT-related costs and capabilities

• Number of customer service interruptions causing significant incidents
• Business cost of incidents
• Number of business processing hours lost due to unplanned service interruptions
• Percent of complaints as a function of committed service availability targets

• Frequency of business process capability maturity assessments
• Trend of assessment results
• Satisfaction levels of board and executives with business process capabilities

• Frequency of service delivery cost optimisation assessments
• Trend of cost assessment vs. service level results
• Satisfaction levels of board and executive management with service delivery costs

• Cost of regulatory non-compliance, including settlements and fines
• Number of regulatory non-compliance issues causing public comment or negative publicity
• Number of regulatory non-compliance issues relating to contractual agreements with
business partners

• Frequency of business process cost optimisation assessments
• Trend of cost assessment vs. service level results
• Satisfaction levels of board and executive management with business processing costs

• Percent of products and services that meet or exceed targets in revenues and/or market share
• Ratio of products and services per life cycle phase
• Percent of products and services that meet or exceed customer satisfaction targets
• Percent of products and services that provide competitive advantage

• Percent of investment business cases with clearly defined and approved expected costs
and benefits
• Percent of products and services with defined and approved operational costs and expected benefits
• Satisfaction survey of key stakeholders regarding the transparency, understanding and accuracy of
enterprise financial information
• Percent of service cost that can be allocated to users

• Percent of investments where value delivered meets stakeholder expectations
• Percent of products and services where expected benefits are realised
• Percent of investments where claimed benefits are met or exceeded

• Number of business processing incidents caused by technology integration errors
• Number of business process changes that need to be delayed or reworked because of technology
integration issues
• Number of IT-enabled business programmes delayed or incurring additional cost due to technology
integration issues
• Number of applications or critical infrastructures operating in silos and not integrated

• Level of board satisfaction with enterprise responsiveness to new requirements
• Number of critical products and services supported by up-to-date business processes
• Average time to turn strategic enterprise objectives into an agreed-on and approved initiative

• Percent of critical business objectives and services covered by risk assessment
• Ratio of significant incidents that were not identified in risk assessments vs. total incidents
• Frequency of update of risk profile