· · · Institutional Repository

Many large organizations encounter great difficulties with the operational implementation of their business strategy. The concept of Enterprise Architecture is a popular means to translate business strategy changes to implications for the operational organization and govern the overall development direction of the organization. Despite the availability of standard Enterprise Architecture methodologies and frameworks, many organizations struggle with the implementation of Enterprise Architecture in their existing organizational processes. The Mail NL business line of TNT Post is faced with the challenge of introducing Enterprise Architecture in its organization. The experiences of TNT Post may be of great value for large and comparable organizations that are also faced with this challenge. This thesis presents the experiences and implementation of the first steps in the introduction of Enterprise Architecture at the Mail NL business line of TNT Post, in order to support the introduction of Enterprise Architecture at other large organizations. This thesis provides (1) an overview of all the organizational characteristics that are at the basis of the Enterprise Architecture function and implementation, (2) an overview of the process in which Enterprise Architecture is introduced in the organization, (3) an extensive description of the process by means of which Enterprise Architecture is developed and applied within the organization and (4) an overview of the lessons that have been learnt from this first step in the introduction of Enterprise Architecture. As such, this thesis provides an interesting overview of a pragmatic implementation of Enterprise Architecture at a large organization.

This thesis project has been carried out within the Data and ICT Service Centre of the Directorate‐General for Public Works and Water Management (Rijkswaterstaat). The project is aimed at exploring how architectures that are based on the DEMO methodology and the ARIS framework can be consistently interconnected in practice. The architectures that were used are the Dienstverleningsmodellen (DVL) and the Uniforme Primaire Processen (UPP) of Rijkswaterstaat, which are based on DEMO and ARIS respectively. The research culminates in the development of a consistent coupling between these two architectures. The project is defined by the following question: “How can DVL and UPP models be coupled to each other in a way that is consistent?” The following results of the project provide an answer to the research question: - A description of the current state of coupling - A description of the consistent state of coupling - A method to achieve the consistent state of coupling - Guidelines to maintain the consistency of the coupling

The Netherlands houses a great variety of subsidy agencies, each very different in their organizational and operational approach to achieve their goal (the distribution of subsidies). These subsidy agencies share the common problem of being unable to adapt their subsidy system quickly due to a high grade of customization in their information systems. Subsidy processes and supporting systems are tightly coupled and a change in one of them leads to a lot of organizational and operational costs and causes delay which is not desirable. A more adaptive subsidy system is needed to reduce organizational and operational costs and to reduce delay when the system needs to be changed. In this thesis, the concept of Enterprise Ontology has been explored by using generic components to design a generic subsidy system, in order to provide a more adaptive subsidy system, which can be fine-tuned to match the requirements of a variety of governmental organizations. To come to this generic subsidy system the clustering of subsidies as used by subsidy agencies has been analyzed first. Next, the administrative descriptions of five subsidy agencies at different governmental levels have been analyzed with respect to their processes and services. The administrative descriptions also provided an understanding of the actors involved in a subsidy system. Using the analysis results, an abstraction has been made by comparing the process and service models of the five performed case studies to yield a generic process and service model, composed of generic components. Next, the design of the generic subsidy system started with defining the initial conditions followed by the composition of a requirements set which contained requirements to be respected during system design. From this set, a subset of feasible requirements has been selected, since the initial set turned out to be far too large to satisfy in this research. Next, the generic subsidy system has been designed by means of an ontological model (fully independent from its implementation) and an implementation model (containing all the details for implementing the generic subsidy system). To evaluate the design of the generic subsidy system, a prototype has been used to conclude whether the generic subsidy system indeed provided a more adaptive system and to find out potential side effects of implementing a specific subsidy system by using the generic subsidy system as its reference. Concluding this thesis, the evaluation of the generic subsidy system illustrated that a more adaptive subsidy system can be realized using generic components, since: · A subsidy system using a centralized orchestrating process and decentralized process components allows the subsidy process and/or its supporting components to be changed without harming each other; · Changing a subsidy process no longer introduces delay in transitioning from the current version to the next version of the process, since the generic subsidy system and orchestration technology allow various versions of a process to coexist. As a side-effect of implementing a specific subsidy system, overhead in a subsidy system can be reduced as well. Taking the generic subsidy system as a baseline for implementing the specific subsidy system, redundant elements can be left out and only the essential elements are implemented in the specific subsidy system. Implementing the generic subsidy system could have negative side effects when adaptivity alone is not enough and is enforced. These negative side effects however, are not researched in this thesis.

Nowadays large organizations are confronted with the increasing complex network of processes, information flows and stakeholders which all should be managed to provide the customer with end products and services. In a utopia, every actor in an organization would be able to have an overview of his area of concern. Management would have a precise high level overview of all the business processes and their interaction with the information they manipulate through applications. They would exactly know which processes and actors are affected by a business decision. The operational employee would exactly know how the decisions he makes influence the organization as a whole. Unfortunately, misalignment is the biggest challenge of current organizations. The Rijkswaterstaat is no exception. To cope with the complexity the Enterprise Architecture and Consultancy (EAC) team of the RWS has adapted the RWS Enterprise Architecture Framework (RWS-EAF) as blueprint to structure the organization. This methodology combines the Integrated Architecture framework (IAF, which is the result of years of practical experience of Capgemini) with the DEMO methodology, a scientifically founded method for modeling the essence of an organization. The RWS-EA framework has already proven its value. During the Application Portfolio Rationalization project, the DEMO based business architecture has been linked to the applications used within the RWS. Still it proves to be a challenge to maintain a synergy within the enterprise architecture framework. As a result, the alignment between the business and the application/IT infrastructure is less than optimal. The thesis’s objective is to improve this connection by elaborating on an essential transitional stage in between; the Information Architecture. The products in the RWS-EA are analyzed by positioning them in a DEMO perspective. An assessment framework created during research is consulted to qualify the current Information Architecture of the RWS. To further synchronize the RWS organization, UPP process models created by Beheersorganisatie Processen en Systemen (BPS) of the RWS are included by using a methodology adopted from previous research. A DEMO based methodology which allows development of products for the Business, Information and Application organization is demonstrated with the use of a case study. The most notable models are the Process Structure Diagrams (PSD) which satisfies the DEMO-3 specification and the Natural BID models which are based upon a proposal of the EAC team. The cross relationship between the products and their place within the RWS-EAF are depicted. The proposed design of the Information Architecture is qualified to the assessment framework. Some final thoughts are given about the methodology as developed, the integration in the architectural tools and the possibilities for further improvement in future iterations.

The lack of methodology has proven to be a weakness in many sourcing initiatives. This research is an attempt to rationalize the decisions decision-makers often intuitively make. The following question is addressed in this research: How can one decide which domains in an enterprise are favorable candidates for sourcing? To this end, the concept of a domain that is useful for sourcing decision-making is introduced, as well as a system to assign a score for favorability for sourcing to a domain. Furthermore, criteria for sourcing are uncovered, and ordered based on their distinguishing power and level of difficulty of checking. On the basis of this ordering, a stepwise decision-making model is introduced, which provides a relatively quick way of determining the favorability of a domain for sourcing.

The administration of users and their related permissions in the IT environment is a complex and expensive task. The growing number and variety of applications, combined with the manual administration of related permissions results in an enormous administrative burden and lack of control. An effect of this situation is the accumulation of permissions by the employees, causing significant security risks. The implementation of Identity and Access Management (IAM) provides a solution for this undesired situation. Heineken Netherlands therefore initiated the IAM-project. Business drives for this IAM-project are; business facilitation, cost containment, operational efficiency, risk management, governance, and regulatory compliance. The identity management part of IAM focuses on the question who the user is, the access management part focuses on what the user is allowed to do. The use of Role Based Access Control (RBAC) for the realization of access management is common practice. Roles in such a role model can be seen as an abstraction of the user-permission relationship. The creation of a role model proved to be the major hurdle for the implementation of RBAC. For this purpose the RBAC-project was initiated at Heineken Netherlands, resulting in this report. The project started with the analysis of existing literature and best practices, resulting in a new RBAC terminology and the selection of four approaches for the design of a role model. Furthermore, the Heineken organization was analyzed, resulting in nine perspectives of which three were selected to form the foundations of the roles. Heineken preferred a hybrid approach for the design of the role model; however, a methodology for a hybrid approach was not yet described in literature before. Therefore a hybrid methodology was designed, containing seven steps to create the role model. As a part of the hybrid methodology, a new optimization algorithm was also introduced. The project continued with the customization of the hybrid methodology by incorporating the selected approaches and perspectives, resulting in the final Heineken Methodology. The validation of the Heineken methodology was done by conducting a pilot project at the Accounts Receivable Department of the Financial Shared Services Center. In conclusion, the RBAC-project provided a well founded, customized, and validated Heineken methodology to design the desired companywide role model. To my knowledge this is the first described study which implements a truly hybrid approach making use of a newly developed terminology and optimization algorithm. The implementation of the Heineken methodology within the pilot area resulted in a role model with 8 roles for 64 employees, reducing the number of assignments by 70%. This low number of roles and assignments enhances the control and maintainability of the role model and access management in general. The role model is now fully implemented as part of the IAM-project of Heineken Netherlands.

SIKS Dissertation series, 2012-50

Often organizations do not exactly know what they desire, when it comes to information systems. Professional companies like ForMetis are needed to give advice and design tailor made information systems for organizations that have the need of it. To do so, one usually uses a software developing methodology. ForMetis has developed such a methodology with their ten year of experience (The ForMetis methodology). The DEMO methodology is a powerful tool that has proven itself successful in the modeling of organizations. DEMO methodology models the essence of an organization and claims to be coherent, consistent, comprehensive and concise. It is a very powerful tool for identifying transaction of an organization and also the communication with the external actors. DEMO can be used as an aid to design information systems and can check the completeness of these systems whether it covers the essential business processes. The ForMetis methodology consists of the following phases: planning, analysis, design, implementation and system. The analysis and design phase are the most important phases. In these phases requirements are retrieved in an informal way and are written on large sheets, which are not reusable. Informal specifications are made and often the implementation is the specification. The new, so called F-DEMO methodology was discussed and a postmortem case (intermediary) was used to illustrate the added value of DEMO. The new methodology is the ForMetis methodology extended with DEMO in the analysis and design phase. In these phases the Construction Model, Proces Model and the State Model are added. These models are a valuable addition to the derivation of requirements and the making of specifications. In order to evaluate the use of F-DEMO a survey was held to check how many of the findings that were raised when producing the information system at the intermediary could be prevented. The findings were categorized in implementation, requirements, usability, misunderstandings, wishes and irrelevant types. From all these findings 33,1 percent could be prevented using the new methodology. The project time is also reduced. Therefore, the recommendation is to start using the F-DEMO methodology in future projects.

Floods are among the most hazardous and destructive natural disasters with the potential to wreak havoc on humans, material assets, cultural wealth and ecological resources. Several countries have used different flood management and control measures both structural (e.g. constructing levees, dams, storm surge barriers) and non structural (e.g. applying spatial measures, developing flood forecasting and early warning systems) to reduce their vulnerability and exposure to floods. These flood management and control measures can be addressed using the safety chain concept. Originally, the safety chain concept consisted of four links: mitigation, preparation, response and recovery. Now, the safety chain concept is well adopted in different countries with slight adjustments. Multiple stakeholders and actors are involved in the various links of the safety chain. In many countries, these actors include the government (e.g. national, provincial and local), emergency services (police, fire brigades, medical aid) and the water authorities. However, many more actors are also involved. Due to the involvement of many actors in different activities, it is difficult to compare the construction and operation of Flood Control Domain in different countries. In line with the above problem, the objective of this thesis project is to develop an enterprise ontology that will show how the Flood Control Domain is constructed and operated by identifying the essential operations performed in the domain, highlighting the interrelationships between these operations and information objects that are relevant for the operations in the domain, and illustrating its use in the Netherlands and the United States. The literature research resulted in a concise overview of ontology and enterprise ontology. There are various definitions of ontology. In this thesis project, the chosen definition of ontology is: a formal, specification of shared conceptualization. The notion of ontology as applied in this document is the notion of system ontology whose main purpose is to understand the essence of construction and operations of complete systems; more specifically of enterprises. Enterprise ontology can be described as a conceptual model of an enterprise that is coherent, comprehensive, consistent and concise, and that only shows the essence of the operation of an enterprise model, independent from implementation and realization. The Design and Engineering Methodology for Organizations (DEMO) methodology was selected to develop the enterprise ontology for the Flood Control Domain. DEMO provides a step-by-step procedure that helps to derive the ontology of an enterprise in a systematic way. Following DEMO methodology, the starting point for developing enterprise ontology is the collection of all available documentation about the enterprise. Therefore, a thorough analysis of the Flood Control Domain was conducted through literature reviews, interviews and a case study. Based on the analysis of the Flood Control Domain, an Explanatory Case describing the domain was provided using the safety chain approach, which is described in five links: the pro-action, prevention, preparation, response and recovery. Based on the Explanatory Case, the Perfoma Analysis was conducted to capture the performa human abilities that concern the essential productions in an organization. On the basis of the Perfoma Analysis, the transactions, which represent the essential operations in the Flood Control Domain, were identified. These transactions and their specifications were presented in a Transaction Result Table (TRT). Next, the Construction Model of the Flood Control Domain was developed. The Construction Model shows the identified transactions, the initiator(s) and an executor for each of the identified transactions as well as the information links between the actor roles and the information banks. In the next step of this research, the interrelationships between the identified essential operations in the Flood Control Domain were shown. Here, the Process Model of the Flood Control Domain was constructed. In the Process Model, the logical sequence of steps for which a transaction is performed is provided; hence, the interrelationship between the transactions. The Process Model also enables every transaction pattern in the Construction Model to be seen, as well as the specific transaction pattern of the transaction type. Then, the information objects necessary for the organizations in the Flood Control Domain were presented using the State Model, which can be used as a data dictionary of an organization showing the object classes, the fact types, the result types and the existential laws. In the next phase of the research, the focus was to show how the developed enterprise ontology is used in the Netherlands and the United States. Here, the concern was to show the organizations in the two countries responsible for performing the identified transaction, also regarded as the essential operations, in the Flood Control Domain. In order to do this, the Construction Model was re-drawn whereby the abstract actor roles were replaced with the existing organizations in the Netherlands and the United States. In the final phase of this research, the thesis results were analyzed. In general, the developed enterprise ontology for the Flood Control Domain seems to be generic since most of the actors who acted as initiators and executor of certain transactions could be mapped to the existing organizations in the Netherlands and the United States. However, some differences were evident in the implementation of flood control operations in the Netherlands and the United States. Such differences could be seen in flood management activities. For instance, while a hierarchical relationship exists between the US Army Corps of Engineers and the local sponsors, such as the levee districts, a horizontal relationship can be seen between Rijkswaterstaat and the water boards in the Netherlands. Moreover, the analysis shows that due to the size of the two countries, the local governments in the United States have more roles and responsibilities as compared to the local governments in the Netherlands. The analysis highlights the differences between the two countries on the use of flood insurance policy. While the flood insurance policy is commonly used and highly emphasized in the United States in order to reduce flood losses, such a policy is not applicable in the Netherlands. The recommendations for future work include a mapping of the identified transactions to the applications or existing information systems both in the Netherlands and the United States, development of a high level Construction Model of the Flood Control Domain and the initiation of an Action Model. The thesis results should be shared with a large group of people and an ideal enterprise ontology should be developed for the Flood Control Domain that different countries can use to compare themselves with one another.

The software development has changed dramatically the last two decades. Software was primarily built in house 30 years ago, aiming to fit the needs of a specific user. During the 80’s the tendency changed with the foundation of software houses that were specializing in the development of “off the self” software, fitting the needs of a wider group of users, thus achieving scale economy, cheaper software with better quality. The last years, the explosion of the internet usage has transferred all applications to the “cloud” exploiting the faster and cheaper than ever hardware and netware. Furthermore, software systems such as Content Management Systems and Enterprise Resource Planning have transformed information system development into a process that connects the right components of functionality together. However, no matter what the advances are, tailored software is still required. Organizations, like businesses and institutions, with a variety in characteristics like delivered services, size, people, business processes and operating rules will always have a need for a customized system that fits their needs. Thus, building software has become more complex not in terms of available technological solutions but in terms of determining user needs. There are still excellent flawless software systems that solve the wrong problem. Therefore, enriching software engineering processes with business modeling techniques has been one way to cope with this problem. One of the most famous software engineering processes is the Rational Unified Process (RUP) which includes its own business modeling technique. In this thesis we try to combine DEMO and RUP in order to exploit the advantages of both methodologies which will ultimately assist practitioners in the development of quality software that solves the right problem. Our effort starts with the identification of a common scientific background, continues with devising a framework of assisting the combination and study of the methodologies. Then, the combined methodology is used in a case study in order to test in practice the new methodology.

Alcatel-Lucent Switzerland (ALU) manages the networks of major telecommunication service providers. The extent of these insourced telecom services is described in a Service Level Agreement. It it essential for ALU to comply with the agreed service level, since violation will result in severe penalties. As of this moment, ALU's service desk monitors the networks for Sunrise, the second largest telecom service provider in Switzerland. Shortly, the network management for Orange, the third largest, will be insourced as well. Industry standards are currently used to identify the relevant processes and underlying ICT functionality that are present in the service desk. However, these industry standards lack a scientific foundation. This thesis evaluates the used industry standards by comparing them with two promising scientific concepts: enterprise ontology and the identification of business components. Enterprise ontology is believed to provide an overview of the organizational activities in such a way that it can be used as a point of departure for devising supporting ICT functionality. The latter is done by using the business component identification method, which uses an optimization algorithm in order to identify an optimal distribution of ICT functionality.

This thesis is aimed at exploring how security aspects within organizations can be addressed at a very high level: an ontological level that encapsulates construction and operation issues of organizations with no reference to implementation concerns. To do this, DEMO (Dynamic Engineering and Modeling for Organizations) has been found as the relevant methodology to use. The thesis has mainly four contributions. (1) First, it identifies the thread that connects DEMO with security. It does that by performing a thorough study of information systems security issues and DEMO. The research brings forward the current state in the information systems security field and concludes by pointing out the connection between DEMO and security - responsibility. (2) Second, based on the results of the previous investigation, it analyses various approaches to model security starting from responsibility with emphasis on their strengths, week points, similarities and differences. (3) Third, it performs a critical analysis of DEMO from a security perspective. The findings are analyzed and discussed and DEMO’s approach to responsibility is compared with the previous analyzed security modeling approaches based on responsibility. The results of this comparison constitute the (4) fourth contribution of the thesis: a starting point for modeling security within DEMO. Two case studies will be used for illustration purposes of the proposed method.

Because many errors still exist in information systems for organizations, professional companies like CEPO are needed for testing information systems on their fit to the organization. To do so, one usually applies a testing framework. The existing (CEPO-way) framework is the result of ten years of experience. The DEMO methodology (Dietz [1]) is a methodology that has proven itself successful in modelling organizations. DEMO is a powerful tool for identifying all important transactions of an organization (as well as communication with external actors). From this point of view, it could be possible to use DEMO as an aid to check the completeness of an information system, i.e. whether it covers the essential business processes. Note that the coverage need not be full; in particular for small and medium-sized enterprises it may be partial. The existing CEPO-way framework is based on the DEMO methodology, but on only one model. In this study two models were added. The new, so-called DEMO-way, framework was discussed and one test case was used to demonstrate the added value. The new framework is supported by a tool that was built by the author, DEMO-way Script Creator (DSC tool). This tool is a valuable addition to the derivation of testing scripts, because the process model as well as the state model can be placed into the scripts with little effort. Several criteria were determined at the start of this study in order to evaluate the use of extra DEMO models in the framework: development time, walkthrough time, understandability, reproduction possibilities and lacking functionality / error detection. Ultimately, the DEMO-way scored better for many of these criteria, especially the detection of lacking functionality / errors in information systems. Although the DEMO testing script encompasses more testing instructions than the CEPO testing script, the testers did not spend more time walking through the scripts, due to more detailed navigation. Therefore, the recommendation is to start using the two extra DEMO models in combination with DSC tool.

High competition and the need to meet market demand are some reasons behind the exploitation of Information and Communication Technology (ICT) to automate activities within an enterprise. The Design and Engineering Methodology for Organizations (DEMO) methodology provides a powerful way of thinking to deal with enterprise complexity. It gives a clear understanding of the business of an enterprise from a social perspective. However, neither the methodology nor its available extensions give tangible and complete explanation for linking the business model to the information system model. Therefore, this thesis’s objective is to contribute in bridging the gap between the business organizational aspect (B-organization) and the supporting information system (I-applications) by extending the DEMO methodology. The DEMO methodology is extended to identify and model intellect organizational aspect (I-organization) of an enterprise to determine a complete set of functional requirements for the I-applications. Literature study and a case study of Mprise B.V. were conducted to achieve the objective. The link between those organizational aspects lies in the Action Model of the B-organization or more precisely on its coordination-specific information. The transaction in the ontological model of the I-organization is defined on the basis of every piece of information needed by the business actor (B-actor). The presence of the I-organization model shows the distribution of the responsibility between the B-actors and the I-actors. The benefits of the extended methodology are shown through the improvement and the application of DEMOUseCase approach to Mprise case study. The extended DEMO methodology is able to produce complete informational/intellectual functional requirements for the I-applications and thus also for the business applications (B-applications) e.g., in providing the basis for modeling of B-applications

Effective communication is required for a successful service execution. It can be achieved when both the service consumer and service provider understand the exchanged data message in the same way. Therefore, the specification of the semantics of data message needs to be explicitly defined in the service specification. Six requirements for specifying the semantics of data message are formulated based on the data modeling approach. DEMO is selected to be the methodology for representing the semantics of data message. Since one of the requirements is not completely fulfilled by DEMO; DEMO is extended by using ORM. Finally, the specification of the semantics of the data message of a case study is implemented by using DEMO. It indicates the DEMO usability for specifying the semantics of data messages.

Because of the changing needs of enterprises, raised by the changing market among other reasons, the needs of its supporting information system(s) will also change. Design and Engineering Methodology for Organizations (DEMO), from Delft University of Technology, has already proven to be an effective tool in designing and realizing agile organizations. The next step is to have these organizations supported by agile Information and Communication Technology (ICT) systems. The Normalized System (NS) approach, from the University of Antwerp, seems to be key for developing agile ICT systems. In this masters thesis, it is found how DEMO and NS could be combined optimally in order to cover the whole development process of agile enterprises, starting from a DEMO model and arriving at an implemented organization, with its supporting ICT systems. To make the project as concrete as possible, Government subsidy schemes from Capgemini is used as a practical case for clarification and demonstration. This thesis has an embargo until December 15, 2012. For more information about the contents of the thesis, you can contact Marien Krouwel (marien.krouwel@capgemini.com) or Martin Op 't Land (martin.optland@capgemini.com), the daily supervisor during the research execution.

Because of the lack of a significant increase of productivity in the last 20 years we are still in a huge need for increasing the return a company derives from its software development effort. Model-Driven Engineering (MDE) aims to raise the level of abstraction in application modeling and increase automation in application development, thereby increasing the productivity in software development. The Model-Driven Architecture tries to define an MDE approach, but is mainly focused on technical variability and lacks formalism. Other approaches, using Domain-Specific Languages, do not define a process or framework at all. Research in this area is focused on language engineering and multi-modeling. Literature on formalizing MDE is focused on defining the concepts and assets needed to construct an MDE framework. We only know one attempt on formulating an end-to-end (from business model to IT implementation) MDE approach, but the resulting framework does not have a theoretical foundation. Concluding we can state that no end-to-end MDE approach exists describing abstraction layers, models, modeling languages, and transformations, based on a formal, theoretical foundation. This thesis presents an MDE approach based on a sound theoretical foundation, providing end-to-end guidance to refine and transform an organization model into an IT system supporting that organization.

The government of Suriname, like any other government of development countries, copes with a number of limitations. Among others, the government lacks of IT policies and IT awareness. The challenge for the Suriname government, and therefore the Ministry of Finance, is to obtain means by which IT policy and IT decisions are steered in a structured way. The main interest should be the acquisition of business and IT integration and the ability to control strategic changes within the organization. The Generic System Development Process (GSDP)s is a relatively new approach on the development of systems. It focuses on business and organizational aspects of an organization as well as on the design and engineering process of developing target systems. In addition, the GSDP provides a sound definition for relevant aspects of the complete development process and an overview of relations between these aspects. The objective of thesis project is to develop a well-founded framework for assessing IT systems by the Suriname Ministry of Finance. The result is an assessment framework based on the Generic System Development Process. The assessment framework consists of an ontological and implementation model of the organization and a functional model of existing IT systems. The Design and Engineering Methodology for Organizations (DEMO) is used for implementing the ontological model. The theoretical foundation of this methodology is used for defining tables for expressing the implementation model of the organization and the functional model of existing IT systems. The functional model consists of consistency tables, which contains integrated information of an organization and the supporting IT system. These tables open discussion and form the base for a proper assessment of existing IT systems.