Search Knowledge

Author: admin

Innovation Management -APO 04 (COBIT 2019)

Parent Framework: COBIT 2019

Domain: Align Plan and Organise

Managed Innovation

Maintain an awareness of ICT and related service trends and monitor emerging technology trends. Proactively identify innovation opportunities and plan how to benefit from innovation in relation to business needs and the defined ICT strategy. Analyze what opportunities for business innovation or improvement can be created by emerging technologies, services or ICT-enabled business innovation; through existing established technologies; and by business and ICT process innovation. Influence strategic planning and enterprise architecture decisions


Achieve competitive advantage, business innovation, improved customer experience, and improved operational effectiveness and efficiency by exploiting I&T developments and emerging technologies


APO04.01 Create an environment conducive to innovation. Create an environment that is conducive to innovation, considering methods such as culture, reward, collaboration, technology forums, and mechanisms to promote and capture employee ideas

APO04.02 Maintain an understanding of the enterprise environment. Work with relevant stakeholders to understand their challenges. Maintain an adequate understanding of enterprise strategy, competitive environment and other constraints, so that opportunities enabled by new technologies can be identified.

APO04.03 Monitor and scan the technology environment. Set up a technology watch process to perform systematic monitoring and scanning of the enterprise’s external environment to identify emerging technologies that have the potential to create value (e.g., by realizing the enterprise strategy, optimizing costs, avoiding obsolescence, and better enabling enterprise and I&T processes). Monitor the marketplace, competitive landscape, industry sectors, and legal and regulatory trends to be able to analyze emerging technologies or innovation ideas in the enterprise context.

APO04.04 Assess the potential of emerging technologies and innovative ideas. Analyze identified emerging technologies and/or other I&T innovative suggestions to understand their business potential. Work with stakeholders to validate assumptions on the potential of new technologies and innovation.

APO04.05 Recommend appropriate further initiatives. Evaluate and monitor the results of proof-of-concept initiatives and, if favorable, generate recommendations for further initiatives. Gain stakeholder support.

APO04.06 Monitor the implementation and use of innovation. Monitor the implementation and use of emerging technologies and innovations during adoption, integration and for the full economic life cycle to ensure that the promised benefits are realized and to identify lessons learned.


The following SFIA skills are relevant to innovation:

EMRG: Emerging technology monitoring

The identification of new and emerging technologies, products, services, methods and techniques. The assessment of their relevance and the potential impacts (both threats and opportunities) upon business enablers, cost, performance or sustainability. The communication of emerging technologies and their impact.

INOV: Innovation

The capability to identify, prioritise, incubate and exploit opportunities provided by information, communication and digital technologies. To develop and implement processes, tools and infrastructures to support innovation. To involve internal and external communities, employees, commercial partners, customers, users and other stakeholders in the innovation process. To provide governance, monitoring to, and reporting on, the innovation process.

RSCH: Research

The systematic creation of new knowledge by data gathering, innovation, experimentation, evaluation and dissemination. The determination of research goals and the method by which the research will be conducted. The active participation in a community of researchers; communicating formally and informally through digital media, conferences, journals, books and seminars.


Tool NameBrightIdea
Value PropositionCollect, share, route, screen, evaluate, experiment, incubate, develop, track, and report on the best ideas your organization has to offer, with the most advanced innovation platform available.

Do you use this tool in organisation?  We want to hear from you!  Please rate how much this tool is leveraged to support the processes in your organisation. You do not need to identify the organisation.  

Please remember. It is not about the “potential capability” of the tool. You have to rate the actual usage within your organisation

Rating Guidelines:

  • 1 or 2: only a subset of processes are supported by the tool
  • 3:  The tool supports our needs. But we start observing some limitations.
  • 4: The tool supports our current and future needs.
  • 5: The tool supports our current and future needs. Integrates well with the eco-systems of other tools.

Service Integration And Management(SIAM)

Service Integration and Management (SIAM) is a management model. It is used by businesses that use multi-sourcing of services from several service providers. 

SIAM provides governance, management, integration, assurance of coordination with an objective to provide maximum value to the business from its service providers. 

Consider SIAM as an organisational function that is accountable for integrating multiple service providers.  The SIAM body of knowledge provides different ways of structuring the integration function that the advantages and limitations of each configuration. 

Context diagram 

SIAM is not a process reference framework like ITIL, COBIT, ISO/IEC 20000. The practices suggested in these reference frameworks can be owned by the customer organisation, service integrator and service provider.

Summary Ratings

Please refer the Rating Criteria.

Longevity 2 out of 5 stars (2 / 5)
Industry Adoption 3 out of 5 stars (3 / 5)
Tool Support 2 out of 5 stars (2 / 5)
Training Support 3 out of 5 stars (3 / 5)
Assessment Support* 0 out of 5 stars (0 / 5)

SIAM is a relatively new management model. Though the concept is not new the formal Body of Knowledge (BOK) was created only in 2016. Typically it is used for large Government sourcing contracts. The integrators rely on the Service Management tools capabilities to perform service integration and reporting.

There is a publicly available Body of Knowledge and an independent training.

SIAM does not have any supporting assessment model.

Example of  SIAM function to ITIL 4 practices 

The consumer organisation can choose to retain any practice areas according to their business needs. The table shows one approach where the consumer organisation chooses to retain or share most of the general management practices of ITIL 4. The service management practices are outsourced to the SIAM provider (could be external or internal). The technical management practices are assumed to be owned by the Service Provider. 

ITIL4 practices Service Consumer (Retained capability) Service Integrator (SIAM) Service Provider 
General Management practices       
Architecture management     
Continual improvement 
Information security management 
Knowledge management 
Measurement and reporting     
Organizational change management     
Portfolio management     
Project management   
Relationship management     
Risk management 
Service financial management   
Strategy management     
Supplier management     
Workforce and talent management     
Service Management Practices       
Availability management     
Business analysis 
Capacity and performance management   
Change control   
Incident management   
IT asset management     
Monitoring and event management     
Problem management     
Release management   
Service catalogue management     
Service configuration management     
Service continuity management     
Service design     
Service desk     
Service level management     
Service request management   
Service validation and testing       
Technical Management Practices       
Deployment management     
Infrastructure and platform management     
Software development and management     

Skills and Training 

There is a significant overlap between the skills covered in ITSM frameworks (ITIL,COBIT)  and  SIAM.  SIAM is also covered by a Body of Knowledge (BOK) and associated Foundation training managed by the certification body APMG International. 

The SIAM certification is currently aligned with ITIL v3 process areas. 

SIAM Certification body: APMG International

SIAM Foundations knowledge


Tool nameSkillstx
Value propositionHR Leaders are increasingly responsible for developing People’s Digital Skills and Capabilities that drive Transformation and Growth.
Managing this requires Skills Data, Tools and Analytics which HRIS/Talent Management Suites typically lack.
SkillsTx enables Personalised Skills Development at Scale to engage and connect your Digital Talent to your objectives.

Do you use this tool in organisation?  We want to hear from you!  Please rate how much this tool is leveraged to support the processes in your organisation. You do not need to identify the organisation.  

Please remember. It is not about the “potential capability” of the tool. You have to rate the actual usage within your organisation

Rating Guidelines:

  • 1 or 2: only a subset of processes are supported by the tool
  • 3:  The tool supports our needs. But we start observing some limitations.
  • 4: The tool supports our current and future needs.
  • 5: The tool supports our current and future needs. Integrates well with the eco-systems of other tools.

Knowledge Management (ITIL 4)

Parent Process Reference Framework: ITIL 4

Service Value Stream Activities

Highly impacted Service Value System(SVS) Activities:

  • Plan
  • Design and Transition
  • Improve 


The purpose of the knowledge management practice is to maintain and improve the effective, efficient, and convenient use of information and knowledge across the organization 

Knowledge is one of the most valuable assets of an organization. The knowledge management practice provides a structured approach to defining, building, re-using, and sharing knowledge (i.e. information, skills, practices, solutions, and problems) in various forms. As methods of capturing and sharing knowledge move more towards digital solutions, the practice of knowledge management becomes even more valuable. 

It is important to understand that ‘knowledge’ is not simply information. Knowledge is the use of information in a particular context. This needs to be understood with both the user of the knowledge and the relevant situation in mind. For example, information presented in the form of a 300-page manual is not useful for a service desk analyst who needs to find a fast solution. A better example of knowledge that is fit for purpose might be a simplified set of instructions or reference points that allow the analyst to find the relevant content quickly. 

Knowledge management aims to ensure that stakeholders get the right information, in the proper format, at the right level, and at the correct time, according to their access level and other relevant policies. This requires a procedure for the acquisition of knowledge, including the development, capturing, and harvesting of unstructured knowledge, whether it is formal and documented or informal and tacit knowledge. 

  • Plan Knowledge management helps the organization to make sound portfolio decisions and to define its strategy and other plans, and supports financial management. 
  • Improve This value chain activity is based on an understanding of the current situation and trends, supported by historical information. Knowledge management provides context for the assessment of achievements and improvement planning. 
  • Engage Relationships at all levels, from strategic to operational, are based on an understanding of the context and history of those relationships. Knowledge management helps to better understand stakeholders. 
  • Design and transition As with the obtain/build value chain activity, knowledge of the solutions and technologies available, and the re-use of information, can make this value chain activity more effective. 
  • Obtain/build The efficiency of this value chain activity can be significantly improved with sufficient knowledge of the solutions and technologies available, and through the re-use of information. 
  • Deliver and support Ongoing value chain activity in this area benefits from knowledge management through re-use of solutions in standard situations and a better understanding of the context of non-standard situations that require analysis. 

Software development and management (ITIL 4)

Parent Process Reference Framework: ITIL 4

Service Value Stream Activities

Highly impacted Service Value System(SVS) Activities:

  • Obtain/build


The purpose of the software development and management practice is to ensure that applications meet internal and external stakeholder needs, in terms of functionality, reliability, maintainability, compliance, and auditability.

The term ‘software’ can be used to describe anything from a single program (or suite of programs) to larger constructs (such as an operating system, an operating environment, or a database) on which various smaller application programs, processes, or workflows can run. Therefore the term includes, but is not limited to, desktop applications, or mobile apps, embedded software (controlling machines and devices), and websites.

Software applications, whether developed in house or by a partner or vendor, are of critical importance in the delivery of customer value in technology-enabled business services. As a result, software development and management is a key practice in every modern IT organization, ensuring that applications are fit for purpose and use.

The software development and management practice encompasses activities such as:

  • solution architecture
  • solution design (user interface, CX, service design, etc.)
  • software development
  • software testing (which can include several components, such as unit testing, integration testing, regression testing, information security testing, and user acceptance testing)
  • management of code repositories or libraries to maintain integrity of artefacts
  • package creation, for the effective and efficient deployment of the application
  • version control, sharing, and ongoing management of smaller blocks of code.

The two generally accepted approaches to software development are referred to as the waterfall and Agile methods

Infrastructure and platform management (ITIL 4)

Parent Process Reference Framework: ITIL 4

Service Value Stream Activities

Highly impacted Service Value System(SVS) Activities:

  • Obtain/build
  • Design and Transition


The purpose of the infrastructure and platform management practice is to oversee the infrastructure and platforms used by an organization. When carried out properly, this practice enables the monitoring of technology solutions available to the organization, including the technology of external service providers.

IT infrastructure is the physical and/or virtual technology resources, such as servers, storage, networks, client hardware, middleware, and operating systems software, that provide the environments needed to deliver IT services. This includes any CI a customer uses to access the service or consume a product. IT infrastructure may be managed by the service provider or by an external supplier as dedicated, shared, or cloud services. Infrastructure and platform management may also include the buildings and facilities an organization uses to run its IT infrastructure.

The infrastructure and platform management practice includes the provision of technology needed to support activities that create value for the organization and its stakeholders. This can include being ready to adopt new technologies such as machine learning, chatbots, artificial intelligence, mobile device management, and enterprise mobility management.

Deployment management (ITIL 4)

Parent Process Reference Framework: ITIL 4

Service Value Stream Activities

Highly impacted Service Value System(SVS) Activities:

  • Obtain/build
  • Design and Transition


The purpose of the deployment management practice is to move new or changed hardware, software, documentation, processes, or any other component to live environments. It may also be involved in deploying components to other environments for testing or staging.

Deployment management works closely with release management and change control, but is a separate practice. In some organizations the term ‘provisioning’ is used to describe the deployment of infrastructure, and deployment is only used to mean software deployment, but in this case the term deployment is used to mean both.

There are a number of distinct approaches that can be used for deployment. Many organizations use a combination of these approaches, depending on their specific services and requirements as well as the release sizes, types, and impact.

  • Phased deployment: The new or changed components are deployed to just part of the production environment at a time, for example to users in one office, or one country. This operation is repeated as many times as needed until the deployment is complete.
  • Continuous delivery: Components are integrated, tested, and deployed when they are needed, providing frequent opportunities for customer feedback loops.
  • Big bang deployment: New or changed components are deployed to all targets at the same time. This approach is sometimes needed when dependencies prevent the simultaneous use of both the old and new components. For example, there could be a database schema change that is not compatible with previous versions of some components.
  • Pull deployment: New or changed software is made available in a controlled repository, and users download the software to client devices when they choose. This allows users to control the timing of updates, and can be integrated with service request management to enable users to request software only when it is needed.

Components that are available for deployment should be maintained in one or more secure locations to ensure that they are not modified before deployment. These locations are collectively referred to as a definitive media library for software and documentation, and a definitive hardware store for hardware components.

Tools that support deployment are many and varied. They are often integrated with configuration management tools, and can provide support for audit and change management. Most organizations have tools for deploying client software, and these may be integrated with a service portal to support a request management practice.

Communication around deployments is part of release management. Individual deployments are not generally of interest to users and customers until they are released.

If infrastructure is provided as a service, then deployment of new or changed servers, storage, or networking is typically managed by the organization, often treating the infrastructure as a code, so that the organization can automate deployment. In these environments it is possible that some deployments may be under the control of the supplier, such as the installation of firmware updates, or if they provide the operating system as well as the infrastructure they may deploy operating system patches. The IT organization must ensure that they know what deployments are planned, and which have happened, to maintain a controlled environment.

If application development is provided as a service, then deployment may be carried out by the external application developer, by the in-house IT department, or by a service integrator. Again, it is essential that the organization is aware of all deployments so that a controlled environment can be maintained.

In an environment with multiple suppliers it is important to understand the scope and boundaries of each organization’s deployment activities, and how these will interact. Most organizations have a process for deployment, and this is often supported with standard tools and detailed procedures to ensure that software is deployed in a consistent way. It is common to have different processes for different environments. For example, there may be one process for the deployment of client application software, and a completely different process for the deployment of server operating system patches.

Service validation and testing (ITIL 4)

Parent Process Reference Framework: ITIL 4

Service Value Stream Activities

Highly impacted Service Value System(SVS) Activities:

  • Obtain/build
  • Design and Transition


The purpose of the service validation and testing practice is to ensure that new or changed products and services meet defined requirements. The definition of service value is based on input from customers, business objectives, and regulatory requirements, and is documented as part of the value chain activity of design and transition. These inputs are used to establish measurable quality and performance indicators that support the definition of assurance criteria and testing requirements.

Service validation

Service validation focuses on establishing deployment and release management acceptance criteria (conditions that must be met for production readiness), which are verified through testing. Acceptance criteria can be either utility- or warranty-focused, and are defined through understanding customer, regulatory, business, risk management, and security requirements.

The service validation activities of this practice establish, verify, and document both utility- and warranty-focused service assurance criteria and form the basis for the scope and focus of testing activities.


A test strategy defines an overall approach to testing. It can apply to an environment, a platform, a set of services, or an individual service. Testing should be carried out equally on both in-house developed systems and externally developed solutions. The test strategy is based on the service acceptance criteria, and should align with the requirements of appropriate stakeholders to ensure testing matches the risk appetite and is fit for purpose.

Typical test types include:

  • Utility/functional tests:
    • Unit test A test of a single system component
    • System test Overall testing of the system, including software and platforms
    • Integration test Testing a group of dependent software modules together
    • Regression test Testing whether previously working functions were impacted.
  • Warranty/non-functional tests:
    • Performance and capacity test Checking speed and capacity under load
    • Security test Testing vulnerability, policycompliance, penetration, and denial of service risk
    • Compliance test Checking that legal and regulatory requirements have been met
    • Operational test Testing for backup, event monitoring, failover, recovery, and reporting
    • Warranty requirements test Checking for verification of necessary documentation, training, support model definition, and knowledge transfer
    • User acceptance test The test performed by users of a new or changed system to approve a release.

Service request management (ITIL 4)

Parent Process Reference Framework: ITIL 4

Service Value Stream Activities

Highly impacted Service Value System(SVS) Activities:

  • Engage
  • Deliver and support


The purpose of the service request management practice is to support the agreed quality of a service by handling all pre-defined, user-initiated service requests in an effective and user-friendly manner.

Service request: A request from a user or a user’s authorized representative that initiates a service action which has been agreed as a normal part of service delivery.

Each service request may include one or more of the following:

  • a request for a service delivery action (for example, providing a report or replacing a toner cartridge)
  • a request for information (for example, how to create a document or what the hours of the office are)
  • a request for provision of a resource or service (for example, providing a phone or laptop to a user, or providing a virtual server for a development team)
  • a request for access to a resource or service (for example, providing access to a file or folder)
  • feedback, compliments, and complaints (for example, complaints about a new interface or compliments to a support team).

Fulfilment of service requests may include changes to services or their components; usually these are standard changes. Service requests are a normal part of service delivery and are not a failure or degradation of service, which are handled as incidents. Since service requests are pre-defined and pre-agreed as a normal part of service delivery, they can usually be formalized, with a clear, standard procedure for initiation, approval, fulfilment, and management. Some service requests have very simple workflows, such as a request for information. Others, such as the setup of a new employee, may be quite complex and require contributions from many teams and systems for fulfilment. Regardless of the complexity, the steps to fulfil the request should be well-known and proven. This allows the service provider to agree times for fulfilment and to provide clear communication of the status of the request to users.

Some service requests require authorization according to financial, information security, or other policies, while others may not need any. To be handled successfully, service request management should follow these guidelines:

  • Service requests and their fulfilment should be standardized and automated to the greatest degree possible.
  • Policies should be established regarding what service requests will be fulfilled with limited or even no additional approvals so that fulfilment can be streamlined.
  • The expectations of users regarding fulfilment times should be clearly set, based on what the organization can realistically deliver.
  • Opportunities for improvement should be identified and implemented to produce faster fulfilment times and take advantage of automation.
  • Policies and workflows should be included for the documenting and redirecting of any requests that are submitted as service requests, but which should actually be managed as incidents or changes.

Some service requests can be completely fulfilled by automation from submission to closure, allowing for a complete self-service experience. Examples include client software installation or provision of virtual servers.

Service request management is dependent upon well-designed processes and procedures, which are operationalized through tracking and automation tools to maximize the efficiency of the practice. Different types of service request will have different fulfilment workflows, but both efficiency and maintainability will be improved if a limited number of workflow models are identified. When new service requests need to be added to the service catalogue, existing workflow models should be leveraged whenever possible.

Next Page »