Government Capability Model v1.0

Government Capability Model v1.0
Government
Capability Model
Mapped to GEA-NZ v3.1
Beta- Approved on 26 November 2015

Crown copyright ©. This copyright work is licensed under the Creative Commons Attribution 3.0 New Zealand licence. In essence, you are free to copy,
distribute and adapt the work, as long as you attribute the work to the Department of Internal Affairs and abide by the other licence terms. To view a copy of
this licence, visit http://creativecommons.org/licenses/by/3.0/nz/. Please note that neither the Department of Internal Affairs emblem nor the New Zealand
Government logo may be used in any way which infringes any provision of the Flags, Emblems, and Names Protection Act 1981 or would infringe such provision if the relevant use
occurred within New Zealand. Attribution to the Department of Internal Affairs should be in written form and not by reproduction of the Department of Internal Affairs emblem or New
Zealand Government logo.
Published by the Department of Internal Affairs www.ict.govt.nz

Document
Purpose
This document describes an All-of-Government capability-driven model for defining assessing Government the capabilities and
maturity of agencies or government entities and assessing maturity.
The Government Capability Model is a key deliverable of the NZ Government Strategic to develop public sector capabilities. The
model provides a common foundation for identifying capabilities, collaborating, and creating new capabilities. It supports:
 The Government ICT Action Plan refresh 2014
 The Government ICT Strategy refresh 2015
 Better Public Services Result Areas
Author
Regine Deleu – All of Government Enterprise Architect - Service and System Transformation – Department of Internal Affairs
Jim Clendon – Senior Enterprise Architecture Modeller - Service and System Transformation – Department of Internal Affairs
Version Control
Version Date Comment Modified by Next Revision Date
0.2 October 2015 DRAFT Regine Deleu
0.3 November 2015 After a review period (22/10-9/11) SST teams as well as GEAG members have commented on this piece of
work. The changes made after consolidating the comments are:
 Start with the description of ‘Capability’ and add examples to Common and Shared
capabilities.
 Added Change Management Capability at the highest level
 Made the description of Generic Enterprise Capabilities less government focussed.
 Corrected syntax errors.
 Moved the high level “GGC – Legislation and Regulation Enforcement” into “GGC –
Legislation and Policy Development” and moved the sub-capabilities into “Government
Customer-Centric Services”
Regine Deleu
1.0 November 2015 Approved by the Government Enterprise Architect Group - GEAG Regine Deleu March 2016
Acknowledgements
This version of the Government Capability Model was developed by the Government Enterprise Architecture team, part of
Service and System Transformation Team, Department of Internal Affairs, New Zealand. It was peer-reviewed and approved by
Government Enterprise Architecture Group (GEAG) members.
Additionally, feedback received from a number of experts from various agencies was greatly appreciated.

Table of Contents
Document.........................................................................................................................................................3
Purpose............................................................................................................................................................3
Author..............................................................................................................................................................3
Version Control................................................................................................................................................3
Acknowledgements .........................................................................................................................................3
Table of Contents ............................................................................................................................................4
Capability Definition.........................................................................................................................................7
Common Capabilities.......................................................................................................................................7
Shared Capabilities ..........................................................................................................................................7
Government Capabilities..................................................................................................................................8
Capabilities and GEA-NZ v3+ ...........................................................................................................................9
Other Definitions...........................................................................................................................................10
Capability Gap ....................................................................................................................................10
Capability Increment ..........................................................................................................................10
Capability Segment.............................................................................................................................10
Capability Principles ......................................................................................................................................12
Capabilities are “what?” and “why?” not the “how?” .......................................................................12
Capabilities will not be decomposed beyond the level at which they are useful ..............................12
Capabilities at the highest level roll up more detailed views.............................................................12
Capabilities should be categorised using GEA-NZ v3+ reference taxonomies ...................................12
Capabilities should be self-contained ................................................................................................12
Exclude Unique Capabilities ...............................................................................................................12
Generic Enterprise Capabilities....................................................................................................................... 13
GEC01 - Strategy and Planning......................................................................................................................13
Capability Description ........................................................................................................................13
Strategic direction..............................................................................................................................15
Resource requirements......................................................................................................................16
Outcomes...........................................................................................................................................17
GEC02 - Change Management.......................................................................................................................18
Outcomes...........................................................................................................................................21
GEC03 - Financial Management ....................................................................................................................22
Outcomes...........................................................................................................................................26
GEC04 - Enterprise Risk Management (ERM)................................................................................................27
Outcomes...........................................................................................................................................33
GEC05 - Communications..............................................................................................................................34
Outcomes...........................................................................................................................................38
GEC06 - ICT Management..............................................................................................................................39

Outcomes...........................................................................................................................................43
GEC07 - Information and Knowledge Management......................................................................................44
Outcomes...........................................................................................................................................49
GEC08 - Relationship Management...............................................................................................................50
Outcome.............................................................................................................................................54
GEC09 - Procurement....................................................................................................................................55
Outcomes...........................................................................................................................................58
Capability Maturity Model .................................................................................................................58
GEC10 - Human Resource Management .......................................................................................................59
Outcomes...........................................................................................................................................62
Generic Government Capabilities................................................................................................................... 63
GGC01 - Legislation and Policy Development ...............................................................................................63
Outcomes...........................................................................................................................................66
GGC02 - Government Customer-Centric Service...........................................................................................67
Outcomes...........................................................................................................................................71
GGC03 - Government Analytics.....................................................................................................................72
Outcomes...........................................................................................................................................75
Behaviour Capabilities.................................................................................................................................... 76
Customer Centric...........................................................................................................................................76
Outcomes...........................................................................................................................................76
Collaborative .................................................................................................................................................78
Outcomes...........................................................................................................................................79
Decision Making ............................................................................................................................................79
Outcomes...........................................................................................................................................80
Outcome Driven ............................................................................................................................................81
Outcomes...........................................................................................................................................81
Self-Managing................................................................................................................................................81

Outcomes...........................................................................................................................................82
Competency Capabilities ................................................................................................................................ 82
Outcomes...........................................................................................................................................82
Capability Hot Spots ....................................................................................................................................... 84

Capability Definition
The definition of capability we have agreed to use in this document comes from The Open Group Architecture Framework
(TOGAF) and is:
“An ability that an organization, person, or system possesses. Capabilities are typically expressed in general and
high-level terms and typically require a combination of organization, people, processes, and technology to
achieve”
It is very similar to the BusinessDictionary.com definition:
“Measure of the ability of an entity (department, organization, person, system) to achieve its objectives, especially
in relation to its overall mission.”
For use within GEA-NZ v3+ we will look at capability in two ways, Government Common Capabilities, and Government Shared
Capabilities. For simplification from here on we will simply refer to Common Capabilities and Shared Capabilities. These are
defined as follows:
Common Capabilities
Common capabilities is a term that has been used to describe a range of different things such as shared procurement, shared
service offering, shared product offers, sourcing panels, and standard software products such as business applications.
For the purpose of Government Enterprise Architecture we need to restate what we mean “A Common Capability is a
capability that is realised multiple times across New Zealand government entities.” like Identity and Access
management.
So where ever there is a Common Capability there is an opportunity to share, collaborate, and re-use. In general we expect
common capabilities to summarise and effectively “rollup” some of the more detailed areas of the GEA-NZ v3+ reference
models.
Note: The term Common Capabilities are used by CSD for the Common ICT Capabilities which they provide for agencies to use
and share.
Shared Capabilities
A shared capability on the other hand is “A Shared Capability is a capability that is used by multiple New Zealand
government entities.” like MBIE’s procurement capability.

Government Capability Model v1.0 Page 8 of
Government Capabilities

Government Enterprise Architecture team has been tasked with defining a set of government capabilities. The Government
Capability Model includes the capabilities that are realised multiple times across government. It has four business, two people,
and two external capability dimensions. These capabilities all support the business processes of a government entity.
Business Capability dimensions:
- Business Capability is the capacity, materials, and expertise which an organization needs in order to perform core
functions.
- The Business Capability dimensions are:
o Generic Enterprise Capabilities – capabilities which are needed for any organisation whether it is a
corporation, government, non-government, or not-for-profit corporations.
o Generic Government Capabilities - capabilities which are needed for a government entity.
o Sector / Multi-Agency Shared Capabilities - capabilities which shared between agencies within a sector
(Health, Education, etc.) or between multiple agencies, such as grant management.
o Agency Specific Capabilities
People Capability dimensions:
- People Capability clearly defines behavioural and competency expectations that people need to have to represent the
set of attributes that underpin the business.
External Capability dimensions:
- Customer Capability is the capability a customer needs to have to be able to interact with the Government.
- Supplier Capability is the capability a supplier needs to have to be able to interact with the Government.
Each capability will have its:
- Sub-capabilities and descriptions
- Resource requirements mapped to GEA-NZ v3+
- Specific outcomes - An outcome is a specific, vital, positive organizational or environmental change that moves the
organisation forward to its desired future. The outcome must be based on identified issues and they must provide the
basis for developing strategies to achieve the outcome. The outcome indicates the direction of change desired
(increase, decrease, maintain).
For each capability there will be a mapping to the GEA-NZ v3+ Business, Application and ICT Services, and Data and Information
Reference Models.
This will form the basis of future roadmaps of increments to close the gap between the current capabilities and the future
capabilities. The roadmaps will include a range of shared capabilities on a continuum from shared standards and communities
of practice right through to a single instance of a capability that is shared and used across government.
Capabilities and GEA-NZ v3+
Areas where GEA-NZ v3+ improves:
 A clear recognition of different types of capabilities within government
o Business Capabilities
o People Capabilities
o Application and ICT Service Capabilities
o Data and Information Capabilities
o Infrastructure Capabilities
 A clear delineation between government capabilities and subsets of those capabilities which can be shared or common
capabilities as per the common capability continuum, and the roadmap of actions to address gaps.
 Capability is a viewpoint through the dimensions of GEA-NZ and covers all the aspects.

Other Definitions
Capability Gap
A capability gap is the difference between the current capability and what the stakeholders want the capability to be. Once the
gap has been agreed and defined options can be explored to close the capability gap.
For example the Minister of Finance at the 2015 SAS Conference expressed the need for evidence based policy advice and the
importance of advanced analytics. So potentially there is a gap in the current capability to “Provide advice” and this gap could
be made clear by defining a target capability of “Provide advice based on evidence”. In some cases the gap may be so big that
we show that we need a completely new capability in place of a current capability.
Capability Increment
A capability increment is the result of some action taken to improve a capability. There may be a number of capability
increments needed to get from the current capability to the desired capability.
Capability Segment
A capability segment is a high level grouping of capabilities into:
- Strategy,
- Management,
- Development,
- Operations.
Strategy Segment
Each capability needs a strategic segment. The key benefits of a strategy segments are:
- have clarity, focus and direction for the capability,
- gives drive for high performance of the capability,
- gives an understanding of the current state of the capability,
- have an agreement on the longer term future of the capability,
- identifies the key steps needed to achieve the strategic outcomes of the capability.
Management Segment
Each capability is managed it its own way. The management sub-capabilities of the Management segment align the capability
planning, its performance and its resources with that of the organisation’s strategic goals and objectives. The management sub-
capabilities create clearly defined and achievable goals. It also makes sure processes are in place to deal with failure or incidents
and take corrective action against underperformance (governance).
Development Segment
The sub-capabilities of the Development Segment are around designing and building the capability.
Operations Segment
And the sub-capabilities of the Operations Segment are around the operational part of the capability, like operate, promote,
deliver, fix, and charge.

Government Capability Model v1.0 Page 11 of

Capability Principles
Capabilities are “what?” and “why?” not the “how?”
Capabilities are about defining what needs to be delivered and why it needs to be delivered but does not define the how it will
be delivered. Capability is conceptual.
For example as a small business owner with staff I need a “Pay staff accurately on time capability”. The how is not part of the
capability; I could implement it by pulling out my wallet and giving staff money, through to having an accounting and time
keeping software package that direct credits pay into staff accounts.
Capabilities will not be decomposed beyond the level at which they are useful
In general we expect the capabilities to be defined to a level at which it is useful to the stakeholders. Where we want very fine
grained detail we would use the GEA-NZ reference taxonomies – yet this is too detailed for many of the stakeholders. While
comprehensive it presents functions without any weighting of what may be strategically more important and therefore should
be visible.
Capabilities at the highest level roll up more detailed views
Capabilities at the highest level roll up some more detailed capabilities and the related underlying business functions.
Capabilities should be categorised using GEA-NZ v3+ reference taxonomies
Capabilities will be bounded by alignment / categorisation to the relevant GEA-NZ v3+ reference taxonomies. This will allow
gaps and overlaps to be readily identified and any duplication avoided, or explained and justified. The GEA-NZ v3+ Data and
Information taxonomy is used for information discovery which helps define the capability listing the motivators, the entities, and
the activities.
People capabilities are not defined in GEA-NZ v3+.
Capabilities should be self-contained
It is helpful to think about capabilities as self-contained pieces of a business that potentially could be sourced from another
business unit, another agency, or an external provider. Can it be logically separated and shifted? If not we may be getting too
detailed.
Sourcing of capabilities is also something that is worth thinking about – is this something that potentially could be out-sourced
from the agency or is it core to the agency? If something could be outsourced why would you do it? Is it because it is a
commodity function that could be done more effectively by a specialist provider? Is it something you need to be able to do well
but currently don’t have the right skill sets for, so could it be out-sourced for a time before being brought back inside the
agency?
Exclude Unique Capabilities
For GEA-NZ v3+ we are going to limit the capabilities to those which are shared capabilities, and therefore provide opportunities
to explore and develop. The unique capabilities of agencies are best defined and managed by those agencies.

Government Capability Model v1.0 Page 13 of 86
Generic Enterprise Capabilities
GEC01 - Strategy and Planning
GEC01
Strategy and Planning
GEC01.01
Business Strategy
Development
GEC01.02
Strategic Roadmap
Development
GEC01.03
Corporate
Governance
GEC01.05
Business Performance
Management
GEC01.04
Outcome
Management
Capability Description
There are two basic questions to ask of management: are we doing things right, and are we doing the right things? Operational
management focuses on doing things right, and many tools have been developed to improve this (e.g. TQM, Six Sigma, business
process reengineering etc.), including many maturity models. Strategic Portfolio management answers the second question are
we doing the right things. In any organisation, it is the strategy, driven from the vision of the leadership that defines what the
right things are. Process improvements alone cannot guarantee that an organisation will be successful, or that an agency will
achieve its mission. These two aspects of management – strategic and operational – complement each other, so both must be
assessed to determine the organisation's total management capabilities and are bridged with the Programme and Project
Management capability.
An organisation’s strategy should be:
- Valuable: An organisation’s strategy needs to effectively allocate resources to the best investment opportunities, drive
performance and raise expectations internally and externally, improve the organisation’s outcomes and add value.
- Enduring: In developing a strategy, organisations should consider short-term and long-term cycles and macro-trends while
ensuring their plan is resilient and adaptive.
- Forward-looking: A solid strategy appropriately anticipates risk, uncertainty and optionality.
- Actionable: A high performing organisation ensures their strategy is both intuitive and realistic. It should be easy to
communicate the strategy internally and externally and provide an approach that can be acted on by all business units at all
levels

The table below describes the sub-capabilities:
Id Name Description
GEC01.01 Business Strategy
Development
The Business Strategy Development capability focusses on the development of
goals, objectives, strategies and tactics based on factual data. The first step in the
development of any business strategy is the determination of the goals. For
government entities these will be All-of-Government, sector and agency goals. This
will set the stage for developing measures and specific actions that the organisation
will need to take to achieve these goals. For instance, the goal might be to "Be
more customer-centric" and to "Improve customer experience". Once a goal has
been established and the actions needed are clear, information is gathered so that
the decisions are based on solid facts and data. The situation analysis involves a
review of information internal as well as external to the agency. A SWOT analysis
needs to be executed to identify the agency's strengths and weaknesses, which are
internal; and opportunities and threats, which are external. Based on that
information and by prioritising these items, the organisation gets a better sense of
the most important areas to focus on. Objectives are the measurable element of
the strategy. Objectives indicate, specifically, what outcomes are desired. While
goals set a broad direction ("Improve customer experience"), objectives will
provide the detail that ensures the team knows when it achieves success.
Strategies and tactics will indicate how and what the organisation will need to do to
achieve its goals and objectives. Strategies provide general guidance, such as
"engage in social media activities," while tactics outline specific tasks that will be
done, such as "set up a LinkedIn discussion group".
GEC01.02 Strategic Roadmap
Development
Strategic Roadmaps are planning tools that identify strategic goals and pathways
for improving the overall business and to achieve the strategic goals of the agency.
The emphasis of the roadmap development capability is on activities and decisions,
as opposed to business planning.
The outcome of the development process will be roadmaps that will identify:
- Actionable steps necessary to achieve the desired outcomes.
- Interdependencies among steps.
- Alternative routes that will optimise opportunities or minimise risks.
When completed, the roadmaps will be used:
- As a communication tool to inform key stakeholders on the potential for the
agency, sector, and Government and their customers.
- To identify the key issues that currently affects the organisation and its ability to
improve.
- To identify what actionable steps are required to achieve the desired goals and
objectives, and within this, which actions and steps have the highest priority and
which will give the greatest benefit relative to their cost.
- To identify the intermediate steps and interdependencies within the organisation
and their business partners.
GEC01.03 Corporate
Governance
Corporate governance refers to the mechanisms, processes and relations by which
the agency is controlled and directed. Governance structures and principles identify
the distribution of rights and responsibilities among different participants in the
agency (such as the board of directors, managers, shareholders, creditors, auditors,
regulators, and other stakeholders) and include the rules and procedures for
making decisions in corporate affairs. Corporate governance includes the processes
through which the agency's objectives are set and pursued in the context of the
social, regulatory and economic environments. Governance mechanisms include
monitoring the actions, policies, practices, and decisions of the leaders.

GEC01.04 Outcome
Management
Outcome Management is the strategic approach to ensure that initiatives are
designed around departmental and government outcomes and that the intended
outcomes are achieved. Just as project management deals with the processes
necessary to deliver a capability and/or product within a pre-established time
frame and budget, Outcome Management adds value to the organisation increasing
value is achieved through effective benefits realisation.
GEC01.05 Business
Performance
Management
Business Performance Management is a set of management and analytic processes
that enables management of performance to achieve one or more pre-selected
goals. Business Performance Management has three main activities:
- Selection of the goals.
- Consolidation of measurement information relevant to the agency’s progress
against these goals.
- Interventions made by managers in light of this information with a view to
improve future performance against these goals.
Strategic direction
Each agency has its own strategic directions, like:
- DIA - http://www.dia.govt.nz/SOI/2013/strategic-direction.html
- MoH - http://www.health.govt.nz/about-ministry/what-we-do/strategic-direction
- The Treasury - http://www.treasury.govt.nz/abouttreasury/strategicdirection
At All of Government level the ICT Strategy and Action plan 2017 and the Better Public Services Results sets out the strategic
goals and objectives for the New Zealand Government.

Resource requirements
The Strategy and Planning capability has an impact on all the Business Domains, i.e. B1 New Zealand Society, B2 Individuals and Communities, B3 Businesses, B4 Civic Infrastructure, and B5 Government Administration.
The Business functions, Applications and ICT Services and Data and Information which the Strategy and Planning capability Influences (i), produces or affects (p), and/or uses (u)
06 12
01 02 03 04 05 06 01 02 03 04 05 06 07 08 09 10 11 12 13 01 02 03 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 01 02 03 04 05 06 07 08 09 01 02 03 04 05 06 07 01 02 03 04 05 06 07 01 02 03 04 05 06 07 08 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 01 02 03 04 05
Domain
Capability
FinancialTransactionswithGovernment
OpenGovernment
Accommodation
Facilities,FleetandEquipment
InternalHelpDesk
PhysicalProtection
Travel
WorkplacePolicy
BusinessChangeManagement
BusinessPartnershipManagement
BusinessProcessManagement
BusinessRelationshipManagement
BusinessReporting
BusinessRisk,SafetyandAssurance
CapabilityManagement
CustomerPersonaandProfileManagement
ProductandServiceManagement
GovernmentSecurity
GovernmentPrivacy
BusinessRulesApproach
Governance
GovernmentDirectLoans
GovernmentGeneralInsurance
GovernmentLoanGuarantees
AgencyAssetSales
ForeignInvestmentControl
Accounting
AssetandLiabilityManagement
GovernmentAssetSales
CollectionsandReceivables
CostAccounting
FinancialInvestment
FinancialReporting
GovernmentFinancialResource
GovernmentFiscalPolicy
Procurement
ManagementofPublicMonies
RegionalandLocalGovernmentFunding
FinancialRiskManagement
EmployeeBenefitsManagement
EmployeePerformanceManagement
OrganisationandPositionManagement
Recruitment
RemunerationManagement
SeparationManagement
TrainingandCareerDevelopment
WorkplaceRelations
HealthandSafetyManagement
ICTServiceStrategy
ICTServiceOperations
ICTServiceDesign
ICTServiceTransition
ICTAccessManagement
ICTSolutionDelivery
ICTSupplierRelationshipManagement
ContentandRecordsManagement
InformationExchangeStandards
InformationManagementStandards
InformationRightsManagement
InformationSecurityManagement
KnowledgeManagement
LibraryManagement
BudgetManagement
BudgetPlanning
EnterpriseArchitecture
LegalAdvice
OutcomesandOutputs
ProcurementPlanning
StrategicPlanning
GovernmentWorkforcePlanning
CivicEvents
ConstitutionalMatters
ElectoralMatters
GovernmentPolicyMaking
GovernmentPolicyImplementation
HonoursandAwardsPrograms
IntergovernmentalRelations
LegislativeDrafting
OfficialGuidanceDissemination
OfficialVisits
OfficialProtocol
ParliamentaryChamberSupport
ParliamentaryCommitteeandMember
RegulationDevelopment
GovernmentStrategy,Planningand
StructuringGovernment
BrandManagement
CommunicationPlanning
CommunicationDesign
CommunicationDelivery
MonitoringNews
GEC01 Strategy and Planning
GEC01.01 Business Strategy
Development
i i u u u i u u u u u u u u u u u u u p i p p u i
GEC01.02 Strategic Roadmap
Development
i p i i i i i i i i i i i i i i u i i u i u i u
GEC01.03 Corporate Governance i u
p
p p p i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i
GEC01.04 Outcome Management i p u u u u u u u u u u u u u u u u u i i i i i i i i i i i i i i i i i i p i i i i i i i i
GEC01.05 Business Performance
Management
u i i i i u u i u u u u u u i i p i i i i i i i i i u u i i i i i i
B5.03 Government Credit and InsuranceB5.04 Financial Management B5.05 Human Resource ManagementB5.06 ICT Management B5.07 Information and Knowledge ManagementB5.08 Strategy, Planning and BudgetingB5.09 Machinery of Government B5.10 Government Communic
B5 Government Administration
B5.02 Business Management
B1 New Zealand Society
B5.01 Administrative Management

Outcomes
A good Strategy and Planning capability will identify and manage the goals and objectives of the organisation so it can achieve their strategic vision. The outcome will enable the organisation's staff to focus on a set of clearly defined goals, objectives, and outcomes in order to
achieve the desired results. The organisation benefits from having a carefully crafted plan to gain the following benefits:
- New insights from other peoples’ perspectives
- Identification of the challenges as the best thinkers see them
- New ways of thinking about old problems
- Alternatives beyond the resources the organisation has traditionally brought to bear
- Buy-in from others
- A high focus on critical success factors
- Analysis from others’ perspectives on the feasibilities of new goals and objectives
- Identification of challenges and barriers
Strategy and Planning drives everything else within the organisation.
The Strategy and Planning capability for a government entity will have to be aligned with the Government ICT Strategy and Action Plan to 2017 and the Better Public Services. Having a clear four-year plan will help the agency improve their performance and will get support
from ministers.
01 02 03 04 05 08 09 10 11 12 13 14 01 02 03 04 05 06 07 08 01 02 03 04 05 01 02 03 04 05 09 10 01 02 03 04 05 07 01 02 03 04 05 06 01 04 05 07 02 03 04
01 02 03 04 05 06 01 02 03 04 05 06 07 01 02 03 04 01 02 03 04 01 02 06 10 01 02 03 04 05
Capability
EnterpriseResourcePlanning(ERP)
FinancialandAssetManagement
HumanResourceManagement
WorkforceCapabilityManagement
CorporateGovernanceandStrategy
BusinessIntelligenceandAnalytics
BusinessContinuity
UnifiedCommunicationsandCollaboration
EnterpriseContentManagement(ECM)
BusinessProcessManagementSystem
BusinessTransformationandImprovement
StakeholderRelationshipManagement
Marketing
CustomerRelationshipManagement
PartnerRelationshipManagement
CustomerAccounting
CustomerService
EmergencyManagement
GrantsManagement
EndUserConfigurationManagement
EndUserTools
MobileApplications
ProductivitySuite
GraphicsandMultimedia
DataandInformationArchitecture
DataandInformationInteroperability
DataandRecordsGovernance
DataQualityManagement
DataProtection
ContentManagementSystem
WebContentManagement
IdentityGovernanceandAccountability
IdentityAdministrationandOperations
AuthenticationService
AuthorisationandAccessManagement
DirectoryService
IdentityInteroperability
EncryptionServices
NetworkSecurityServices
PublicKeyInfrastructure(PKI)Services
SecurityControls
DigitalForensics
EnterpriseSecurityManagement
BusinessProcessManagementTools
ICTManagementTools
CloudServices
BusinessRulesManagementTools
DataInteroperability
Interface
Gateways
Budget
Strategy
Effort
Measure
Risk
Specification
Operational
Finance
Industry
Technological
Law
Personal
Security
Arrangement
Rights
Obligation
Jurisdiction
Party
Qualification
Role
PartyRelationship
Application&ICTServices
Infrastructure
Regulatory
Artefact
NewZealandSociety
Individuals&Communities
ServicesToBusiness
CivicInfrastructure
GovernmentAdministration
Strategy and Planning
Business Strategy
Development
u u u u u u i p i i p i i u u u u u u u u u
Strategic Roadmap
Development
u u u u u u u u u u p u p i u u u u u u u u u u u p u u u u u
Corporate Governance u u u u u u u u i i i i i i i i i u i u u i i i i i u i i i i i i i i i i i i i u u i u i i i p p p p p p p p p p u p p p p i i p i i i i i
Outcome Management i i i i i i i i i i i i i i i i i u i u u i i i i i i i u u i i i i i i i i i i i i i i i i i i i i i
Business Performance
Management
u i u u u i i i i i i i i i i i u u u i i i i i i i i i i i u
p
i i i i i i u u p i i i i i
A3 End User ComputingA1 Corporate Applications A2 Common Line of Business Applications A4 Data and Information Management ServicesA5 Identity and Access Management ServicesA6 Security Services A7 ICT Components Services and ToolsA8 Interfaces and Integration
D3.03 Services
D2 Entities D3 Activities
D1.01 Plans D1.02 Controls D1.03 ContractsD2.01 Parties D2.03 Items
D1 Motivators

GEC02 - Change Management
GEC02
Change Management
GEC02.01
Transformation
Strategy Design
GEC02.02
Change Sponsorship
GEC02.03
Transformation
Planning
GEC02.04
Transformation
Governance
GEC02.05
Change Resistance
Management
GEC02.06
Benefit Management
GEC02.07
Change Readiness
Assessment
GEC02.08
Programme and Project
Management
GEC02.09
Requirements
Management
GEC02.10
Change
Communication
GEC02.11
Change Coaching and
Training
Change Management affects the activities involved in managing changes to how the government conducts its business in
providing government services to individuals, businesses and other organisations including managing the resulting changes to
business requirements, as well as their impacts on stakeholders of the government business solutions.
Id Name Description
GEC02.01 Transformation
Strategy
Development
Developing a transformation strategy includes a comprehensive assessment of
current and new processes, technologies, people, and resources.
Most transformation strategies are about responding to changes that new
technologies cause in our daily lives, individual businesses and organisations,
industries and various segments of society. These changes are not brought upon us
by the technologies themselves but by people. The ways people use and experience
new technologies can have very unexpected consequences. It is important for the
success of transformation strategy to put people and processes above technology.
GEC02.02 Change
Sponsorship
Change management requires sponsorship by senior leaders in the organisation.
Sponsorship involves active and visible participation by senior business leaders
throughout the change management process. Plans and roadmaps for sponsorship
activities are needed.
Planning
Transformation Planning starts at the top of the organisation with strategic goals,
objectives, and planning. All strategic decisions have an impact on the organisation
and the organisation will have to adapt to achieve those strategic goals and
objectives. Transformation Planning is the capability to plan the different changes
within the organisation and to make sure they are all aligns with each other so the
predicted outcomes are achieved with as less destructive impact to the whole
organisation.
Governance
Transformation Governance is the capability to ensure that the organisational and
transformation principles are well applied to design and implementation of the
transformation. It also ensures that the organisation meet business and technology
objectives and standards. Transformation Governance enables effective alignment
of business and technology, manages risk by reducing probability of failures in
transformation and incorporates elements of cost effectiveness and value.

GEC02.05 Change Resistance
Management
Change Resistance management is the capability to manage employee resistance to
change. A transformation programme needs to identify, understand, and manage
resistance to change.
GEC02.06 Benefit
Management
Benefits management is the capability to increase the successful delivery of
quantifiable and meaningful business benefits to an organisation during change. It
focuses on how business areas will benefit from change and provides a framework
for identifying, planning, measuring and actively managing these benefits.
GEC02.07 Change Readiness
Assessment
Change Readiness assessments cover a wide range of areas across the organisation
from sponsors to organisational culture in order to determine how ready the
organisation is for change, and help identify area and factors that can affect the
success of the change.
GEC02.08 Programme and
Project
Management
Programme management is the capability to manage several related projects and
oversee the implementation of each of those projects into one overall group of
outcomes to achieve the organisation's goals and objectives. Project management
is the capability to manage people and other resources to deliver the project
outcome.
GEC02.09 Requirements
Management
Requirement management is the capability to document, analyse, trace, prioritise,
and agree on requirements for an initiative and communicate with the relevant
stakeholders. Requirement management covers functional and non-function
requirements, high level through to more detailed requirements.
GEC02.10 Change
Communication
Change communication is the capability to build awareness of the need for change
and to create the desire for change. At each step of the change process the right
messages need to be delivered at the right time - this requires careful analysis of
the audience and the messages, and a communication plan.
GEC02.11 Change Coaching
and Training
Change coaching and Training is the capability to gain support from the direct
supervisors and managers of employees and provide training in order for
employees to be able to implement the change.

The Business functions, Applications and ICT Services and Data and Information which the Financial Management capability Influences (i), produces or affects (p), and/or uses (u)
06 12
01 02 03 04 05 06 01 02 03 04 05 06 07 08 09 10 11 12 13 01 02 03 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 01 02 03 04 05 06 07 08 09 01 02 03 04 05 06 07 01 02 03 04 05 06 07 01 02 03 04 05 06 07 08 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 01 02 03 04 05
Domain
Capability
OpenGovernment
Accommodation
InternalHelpDesk
PhysicalProtection
Travel
WorkplacePolicy
BusinessReporting
CustomerPersonaandProfileManagement
GovernmentSecurity
GovernmentPrivacy
Governance
AgencyAssetSales
Accounting
CostAccounting
FinancialInvestment
FinancialReporting
Procurement
Recruitment
WorkplaceRelations
ICTServiceStrategy
ICTServiceDesign
ICTAccessManagement
ICTSolutionDelivery
KnowledgeManagement
LibraryManagement
BudgetManagement
BudgetPlanning
LegalAdvice
OutcomesandOutputs
ProcurementPlanning
StrategicPlanning
CivicEvents
ElectoralMatters
LegislativeDrafting
OfficialVisits
OfficialProtocol
BrandManagement
CommunicationDesign
MonitoringNews
GEC02 Change Management
GEC02.01 Transformation Strategy
Development
p i u u u u u u u u u u u u u i u i i i u i i u u i u u u u i
GEC02.02 Change Sponsorship i u u u u u u u u u u u u i u u u u u
GEC02.03 Transformation Planning u i u u u u u u u u u i u i u i i u i u i i u i i u u
p
GEC02.04 Transformation Governance u u u u u u u u u u u
p
u u i u u i u u u
Management
u u u u u
p
u u u u i u p
GEC02.06 Benefit Management u u u u u u
p
u u u u
GEC02.07 Change Readiness Assessment u u u u u u i u u u
p
u
GEC02.08 Programme and Project
Management
u i u
p
u i i i u u i u u u i u i i i u
p
u u
p
i u u u u
p
GEC02.09 Requirements Management u i u
p
i i i i i i i u u u i u u
p
u
p
u u u u u
GEC02.10 Change Communication u u
p
u u u u u u u u u u u
p
GEC02.11 Change Coaching and Training u u
p
u u p u u u u u u
p
B1 New Zealand SocietyB5 Government Administration
B5.06 ICT Management B5.07 Information and Knowledge ManagementB5.08 Strategy, Planning and BudgetingB5.09 Machinery of Government B5.10 Government CommunicB5.01 Administrative ManagementB5.02 Business Management B5.03 Government Credit and InsuranceB5.04 Financial Management B5.05 Human Resource Management

Outcomes
The outcome of an effective change management is the following:
- Return on investment:
- The approach to change is re-used for each initiative saving the number of days spent defining a unique approach to each change initiative.
- Faster implementation of change as those involved have the confidence to know where to get started, who to involve and can estimate with greater certainty the impact on their workloads and the level of impact in their area.
- Quality of the outcome achieved:
- Increased understanding of the impact of the change which ensures that all processes, systems and people that are impacted are consulted, and their requirements incorporated into the change plan.
- Appropriate levels of involvement with agreed responsibilities for making the change happen reduces the resistance to change and increases the rate of adoption, leading to greater realisation of benefits.
- Efficiency of resources:
- Clarifies the roles and responsibilities of all those involved in the change effort, ensuring that those with the most relevant skills and experience are given appropriate activities to manage.
- Reduction in the number of ‘failed’ change initiatives and the waste of resources involved in making changes that ‘run out of steam’ or get overtaken by other events which had not been assessed when the change was conceived.
- Reduction in the level of activity that is duplication of effort or that is running at cross purposes to other changes being made elsewhere in the organisation.
- Enhanced employee morale and a reduction in recruitment and retention costs.
01 02 03 04 05 06 07 08 09 10 11 12 13 14 01 02 03 04 05 06 07 08 01 02 03 04 05 01 02 03 04 05 06 07 08 09 10 01 02 03 04 05 06 07 08 01 02 03 04 05 06 01 02 03 04 05 06 07 01 02 03 04
01 02 03 04 05 06 01 02 03 04 05 06 07 01 02 03 04 01 02 03 04 01 02 03 04 01 02 03 04 05 06 07 08 09 10 11 12 13 01 02 03 04 05 06 07 01 02 03 04 05 06 07 08 01 02 03 04 05 06
Domain
Capability
CorporateAdministration
Procurement
BusinessContinuity
Marketing
CustomerAccounting
CustomerService
EmergencyManagement
GrantsManagement
EndUserTools
MobileApplications
ProductivitySuite
DataProtection
DatabaseManagement
AdditionalDataandInformationServices
GeospatialInformation
DirectoryService
IdentityFunctionalCoreComponents
OtherIdentityService
EncryptionServices
SecurityControls
DigitalForensics
ICTComponents
ICTDevelopmentEnvironmentandTools
ICTManagementTools
CloudServices
ServerConfigurationTypes
Integration
Interface
Gateways
Budget
Strategy
Effort
Measure
Risk
Specification
Operational
Finance
Industry
Technological
Law
Personal
Security
Arrangement
Rights
Obligation
Jurisdiction
Party
Qualification
Role
PartyRelationship
Address
LocationType
AddressType
PurposeofLocation
Infrastructure
Natural
Financial
Goods
Regulatory
UrbanInfrastructure
Accommodation
DwellingType
Artefact
Waste
ItemUsage
OtherItem
Compliance
Proceeding
Episode
CommissionofInquiry
Claim
Request
Order
Personal
Crisis
Social
Business
Trade
Travel
Uncontrolled
Interaction
NewZealandSociety
ServicesToBusiness
CivicInfrastructure
ServicesFromBusiness
GEC02 Change Management
GEC02.01 Transformation Strategy
Development
u
p
u u u
p
i u i u
p
i u u u i i u u u u u u u u u
p
u u u
p
u
p
GEC02.02 Change Sponsorship u
p
u u u
p
u u u u u u u u u u u u u
p
u u
p
u
p
GEC02.03 Transformation Planning u
p
u u u i u u u i u u
p
u u u i u u u
p
u u
p
u u u
p
u
p
GEC02.04 Transformation Governance u u i u u u i u u u u u u
p
u u u
p
u
p
Management
u u u u
p
u u u u u u i u u u u u
p
u
p
u
p
GEC02.06 Benefit Management u u u u i u u u
p
u u
p
u u
p
u
p
GEC02.07 Change Readiness Assessment u u u u i u u u u u u
p
u u u u u u u
p
u u
p
u
p
GEC02.08 Programme and Project
Management
i u u u u u
p
u u u u i i u u u
p
u
p
u u
p
i i u u u u
p
u u u u u u u u
p
u u
p
u
p
u
p
GEC02.09 Requirements Management u u u u
p
u u u i i i u u u u
p
u u u u u
p
u u
p
u
p
GEC02.10 Change Communication u u
p
u u u u u u u u u u
p
u u
p
u
p
GEC02.11 Change Coaching and Training i u u u
p
u u u u u u u u u
p
u
p
u
p
A6 Security Services A7 ICT Components Services and ToolsA1 Corporate Applications A2 Common Line of Business ApplicationsA3 End User ComputingA4 Data and Information Management ServicesA5 Identity and Access Management Services
D1.02 Controls
A8 Interfaces and IntegrationD1 Motivators D2 Entities D3 Activities
D1.01 Plans D3.03 ServicesD1.03 ContractsD2.01 Parties D2.02 Places D2.03 Items D3.01 Cases D3.02 Events

GEC03 - Financial Management
GEC03
Financial Management
GEC03.01
Financial Strategy
Development
GEC03.02
Financial Forecasting and
Planning
GEC03.03
Financial
Governance
GEC03.04
Financial Control
GEC03.05
Financial Auditing
GEC03.06
Financial Operations
Financial Management means planning, organising, directing and controlling the financial activities such as procurement and
utilisation of funds of the organisation. It means applying general management principles to financial resources.
The scope of Financial Management includes:
- Investment decisions - Includes investment in fixed assets and current assets.
- Financial decisions - Relates to the raising of finance from various resources which will depend upon decision on type of
source, period of financing, cost of financing and the returns.
- Dividend decision - Decision making with regards to the net profit distribution. Net profits are generally divided into two:
dividend for shareholders and retained profits.
The financial management is generally concerned with procurement, allocation and control of financial resources. The
objectives include:
- Ensuring regular and adequate supply of funds.
- Ensuring adequate returns to the shareholders which will depend upon the earning capacity, market price of the share,
expectations of the shareholders.
- Ensuring optimum funds utilisation. Once the funds are procured, they should be utilised in maximum possible way at least
cost.
- Ensuring safety on investment, i.e., funds should be invested in safe ventures so that adequate rate of return can be achieved.
- Planning a capital structure that is a fair composition of the capital so that a balance is maintained between debt and equity
capital.
The functions within Financial Management include:
- Estimating capital requirements: A finance manager has to make estimation with regards to capital requirements of the
company. This will depend upon expected costs, profits, future programmes, and policies estimating in an adequate manner
which increases earning capacity of the enterprise.
- Determination capital composition: Once the estimation has been made, the capital structure has to be decided. This involves
short- term and long- term debt equity analysis. This will depend upon the proportion of equity capital an organisation is
possessing and additional funds which have to be raised from outside parties.
- Choosing sources of funds: For additional funds to be procured, a company has many choices like-Issue of shares and
debentures, loans to be taken from banks and financial institutions.
- Choosing factors that will depend on relative merits and demerits of each source and period of financing.
- Investing funds: The finance manager has to decide to allocate funds into profitable ventures so that there is safety on
investment and regular returns is possible.
- Disposing surplus: The net profits decision have to be made by the finance manager. This can be done in two ways:
- Dividing declaration: It includes identifying the rate of dividends and other benefits like bonus.

- Retaining profits: The volume has to be decided which will depend upon expansion, innovation, and diversification plans of the
organisation.
- Managing cash: Finance manager has to make decisions with regards to cash management. Cash is required for many purposes
like payment of wages and salaries, payment of electricity and water bills, payment to creditors, meeting current liabilities,
maintenance of enough stock, purchase of raw materials, etc.
- Financial controls: The finance manager has not only to plan, procure and utilize the funds but he also has to exercise control
over finances. This can be done through many techniques like ratio analysis, financial forecasting, cost and profit control, etc.
Id Name Description
GEC03.01 Financial Strategy
Development
Developing a financing strategy includes a comprehensive assessment of potential
new financing options from concessional and non-concessional sources, as well as
possible grant inflows, focusing on how to best mobilise the highest quality
financing to support priorities and ensure debt sustainability for the organisation.
The basis of resource need to be concessional, conditional, predictable, flexible,
and focussed on organisational priorities and other policy and procedural criteria.
GEC03.02 Financial
Forecasting and
Planning
Financial Forecasting and Planning starts at the top of the organisation with
strategic planning. Since strategic decisions have financial implications, the
budgeting process is closely linked to the strategic planning process. Financial
Planning is a continuous process of directing and allocating financial resources to
meet strategic goals and objectives in order to add value to the organisation. The
output from financial planning takes the form of budgets. In order to develop
budgets, a forecast needs to be undertaken to see what drives much of the
financial activity.
GEC03.03 Financial
Governance
Financial Governance is the combination of institutions, rules, and norms that
structure governance in these policy areas. Fiscal governance focusses on directing
and approving how budgetary policy is planned, approved, carried out and
monitored, generally involving more than the agency. The core of financial
governance regulations is the requirement that all financial processes are managed
according to a stringent set of rules and regulations, backed by accurate reporting
capabilities. This management and recording of internal controls, to work toward
compliance, can be set down in a concise and controlled manner and can save the
organisation significant time and money.
Financial governance is important for good overall governance because the
consequences of failure can be so devastating for the organisation that no matter
how good the rest of area's governance may be financial failure can bring it
undone.
There are three keys to effective financial governance:
- Creating a policy that guides the CEO in developing the business plan including the
budget or financial plan – this relates primarily to the operating revenue and costs
of the business as well as the cash flow management of the organisation.
- Creating a policy that establishes the basis for the organisation’s wellbeing – this
relates to the management of the assets and liabilities of the business.
- Monitoring processes that provide the organisation with sufficient financial
information to be satisfied that the finances are being appropriately managed
towards the achievement of both the short and long term goals. This includes
establishing key performance indicators and benchmarks for performance
evaluation and a framework that provides the board, management and staff with a
reporting system in an accurate and timely manner.

GEC03.04 Financial Control Financial Control is the capability to track performance and evaluate progress
toward the financial goals of the organisation. Financial controls evaluate how well
the organisation is following the strategic plans and how valid the strategic
decisions were in the first place. Financial controls include tracking progress and
evaluating results. During strategic planning, management defines measurable
objectives for operations. Financial controls report on these objectives and to what
extent they have been met. During the reporting period, managers can impose
corrective action if necessary and at the end of the reporting period, the results
form part of the overall evaluation of the success of the strategic plan.
GEC03.05 Financial Auditing Financial Auditing is the capability to conduct an audit to provide an opinion
whether financial statements are stated in accordance with specified criteria.
Normally, the criteria are international accounting standards, although auditors
may conduct audits of financial statements prepared using the cash basis or some
other basis of accounting appropriate for the organisation. In providing an opinion
whether financial statements are fairly stated in accordance with accounting
standards, the auditor gathers evidence to determine whether the statements
contain material errors or other misstatements. The audit opinion is intended to
provide reasonable assurance that the financial statements are presented fairly, in
all material respects, and/or give a true and fair view in accordance with the
financial reporting framework. The purpose of an audit is to provide an objective
independent examination of the financial statements, which increases the value
and credibility of the financial statements produced by management, thus increase
user confidence in the financial statement, reduce stakeholder risk and
consequently reduce the cost of capital of the preparer of the financial statements.
GEC03.06 Financial
Operations
Financial Operations is the capability of the day-to day operations of accounting
services, financial reporting, payroll, loan collections, taxes, and other financial
services.

The Business functions, Applications and ICT Services and Data and Information which the Financial Management capability Influences (i), produces or affects (p), and/or uses (u)
06 12
01 02 03 04 05 06 01 02 03 04 05 06 07 08 09 10 11 12 13 01 02 03 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 01 02 03 04 05 06 07 08 09 01 02 03 04 05 06 07 01 02 03 04 05 06 07 01 02 03 04 05 06 07 08 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 01 02 03 04 05
Domain
Capability
OpenGovernment
Accommodation
InternalHelpDesk
PhysicalProtection
Travel
WorkplacePolicy
BusinessReporting
CustomerPersonaandProfile
GovernmentSecurity
GovernmentPrivacy
Governance
AgencyAssetSales
Accounting
CostAccounting
FinancialInvestment
FinancialReporting
Procurement
Recruitment
WorkplaceRelations
ICTServiceStrategy
ICTServiceDesign
ICTAccessManagement
ICTSolutionDelivery
KnowledgeManagement
LibraryManagement
BudgetManagement
BudgetPlanning
LegalAdvice
OutcomesandOutputs
ProcurementPlanning
StrategicPlanning
CivicEvents
ElectoralMatters
LegislativeDrafting
OfficialVisits
OfficialProtocol
BrandManagement
CommunicationDesign
MonitoringNews
GEC03 Financial Management
Development
i u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u
GEC03.02 Financial Forecasting and
Planning
u u
p
u i p i i i i i i i i p i i i i i i p i p i i i p p i i p p i i i i i i i i i i i i i
GEC03.03 Financial Governance i i i i i i i i i i u i i i i i i u i i i u i i i i i i i i i i i i i i i
GEC03.04 Financial Control i i i i p i i i i i i i i i i i i u
p
i u i i i u i i i i i i i i i i i i
GEC03.05 Financial Auditing u u p u u u u u u u u u u u u p u u u u u u u u u u u u u u
GEC03.06 Financial Operations p u
p
i i p p p p u p u p p p p u
p
u u p p p u i i i i i i i i
B5.01 Administrative ManagementB5.02 Business Management B5.03 Government Credit and InsuranceB5.04 Financial Management B5.05 Human Resource ManagementB5.06 ICT Management B5.07 Information and Knowledge ManagementB5.08 Strategy, Planning and BudgetingB5.09 Machinery of Government B5.10 Government Communic
01 02 03 04 05 06 07 08 09 10 11 12 13 14 01 02 03 04 05 06 07 08 01 02 03 04 05 01 02 03 04 05 06 07 08 09 10 01 02 03 04 05 06 07 08 01 02 03 04 05 06 01 02 03 04 05 06 07 01 02 03 04
01 02 03 04 05 06 01 02 03 04 05 06 07 01 02 03 04 01 02 03 04 01 02 03 04 01 02 03 04 05 06 07 08 09 10 11 12 13 01 02 03 04 05 06 07 01 02 03 04 05 06 07 08 01 02 03 04 05 06
Domain
Capability
Procurement
BusinessContinuity
UnifiedCommunicationsand
BusinessTransformationand
Marketing
CustomerAccounting
CustomerService
EmergencyManagement
GrantsManagement
EndUserTools
MobileApplications
ProductivitySuite
DataProtection
DatabaseManagement
AdditionalDataandInformation
DirectoryService
EncryptionServices
SecurityControls
DigitalForensics
ICTComponents
ICTManagementTools
CloudServices
Integration
Interface
Gateways
Budget
Strategy
Effort
Measure
Risk
Specification
Operational
Finance
Industry
Technological
Law
Personal
Security
Arrangement
Rights
Obligation
Jurisdiction
Party
Qualification
Role
PartyRelationship
Address
LocationType
AddressType
PurposeofLocation
Infrastructure
Natural
Financial
Goods
Regulatory
UrbanInfrastructure
Accommodation
DwellingType
Artefact
Waste
ItemUsage
OtherItem
Compliance
Proceeding
Episode
CommissionofInquiry
Claim
Request
Order
Personal
Crisis
Social
Business
Trade
Travel
Uncontrolled
Interaction
NewZealandSociety
ServicesToBusiness
CivicInfrastructure
GEC03 Financial Management
Development
u u u u u u u u u u u u u u u u u u u u u p u u u u u
GEC03.02 Financial Forecasting and
Planning
u u u u u u u u u u u u p i i i i p i u p i i i i i
GEC03.03 Financial Governance u u u u u u u u u u u u u i u u u p u u u u u
GEC03.04 Financial Control u u u u u u u u u u u i p i p u u u u u
GEC03.05 Financial Auditing u u u u u u u u u u u u u u u u u u u p u u u u u
GEC03.06 Financial Operations u u u u u u u u u u u u u u i i p p i i i i i
D1.02 Controls
A2 Common Line of Business ApplicationsA3 End User ComputingA4 Data and Information Management ServicesA5 Identity and Access Management ServicesA6 Security Services A7 ICT Components Services and ToolsA1 Corporate Applications

Outcomes
The main outcome of Financial Management within government is to strengthen the linkage between planning, budget, service
delivery and accountability. It involves the allocation of resources to agencies based on the specification of the product and
services that they will deliver, the intended outcomes to be achieved, and the systematic monitoring and reporting of progress
against agreed performance indicators and measures.
Good financial management will help the organisation to:
- Make effective and efficient use of resources.
- Achieve objectives and fulfil commitments to stakeholders.
- Become more accountable to stakeholders.
- Gain the respect and confidence of funding agencies, partners and beneficiaries.
- Prepare for long-term financial sustainability.
There are four components of good financial management:
- A clear finance strategy.
- Securing funding and generating income.
- A robust financial management system.
- A suitable internal environment.

GEC04 - Enterprise Risk Management (ERM)
GEC04
Enterprise Risk
Management
GEC04.01
Strategic Risk
Assessment
GEC04.02
Risk Portfolio
Management
GEC04.04
Risk Improve Effectiveness
Planning
GEC04.05
Risk Mitigation
Planning
GEC04.07
Risk Management
Governance
GEC043.08
Risk Intervention
Monitoring
GEC04.09
Security Control
GEC04.10
Mitigation Improvement
Management
GEC04.11
Risk Mitigation
Development
GEC04.12
Risk Intervention
Development
GEC04.13
Risk Management
Operations
GEC04.06
Business Continuity
Planning
GEC04.03
Business Impact
Analysis
Enterprise Risk Management (ERM) is the capability of agencies to manage their risks through their different business units and
functions that identify and manage particular risks. Each risk function varies in capability and how it coordinates with other risk
functions. A central goal and challenge of ERM is to improve this capability and coordination, while integrating the output to
provide a unified picture of risk for stakeholders and improving the organisation's ability to manage the risks effectively.
The primary risk functions that should participate in an ERM program are:
- Strategic planning - identifies external threats along with strategic initiatives to address them.
- Marketing - understands the customer to ensure product/service alignment with customer requirements.
- Compliance and Ethics - monitors compliance with code of conduct and directs fraud investigations.
- Accounting and Financial compliance - identifies financial reporting risks.
- Policy - manages legislation and analyses emerging legal trends that may impact the agency.
- Insurance - ensures the proper insurance coverage for the organisation.
- Treasury - ensures cash is sufficient to meet business needs, while managing risk related to commodity pricing or foreign
exchange.
- Operational Quality Assurance - verifies operational output is within tolerances.
- Operations management - ensures the business runs day-to-day and that related barriers are surfaced for resolution.
- Customer service - ensures customer complaints are handled promptly and root causes are reported to operations for
resolution.
- Internal audit - evaluates the effectiveness of each of the above risk functions and recommends improvements.
Common challenges in ERM implementation
- Identify executive sponsorship for ERM.
- Establish a common risk language or taxonomy.
- Describe business unit’s risk appetite - risks they are willing to take and risk they are not willing to take.
- Identify and describe the risks in a risk catalogue.
- Implement a methodology to prioritise risks within and across business units and functions.
- Establish a risk steering group to authorise and coordinate activities around risk management.
- Establish ownership for particular risks and responses.
- Demonstrate cost-benefit of the risk management effort.
- Develop an action plan to ensure the risks are appropriately managed.
- Develop consolidated reporting for the various stakeholders.
- Monitor the results of the actions taken to mitigate the risks.

- Ensure efficient risk coverage by internal auditors, consulting teams, and other evaluating entities.
- Ensure a secure working environment for contractors, partners, and remote employees.
Id Name Description
GEC04.01 Strategic Risk
Assessment
Strategic Risk Assessment is the capability to systematically and continually
assessing significant risks facing the organisation. Conducting an initial assessment
is a valuable activity for senior management and the board of directors. Current
thought leadership on corporate governance and board responsibilities is virtually
unanimous that a key board responsibility is to understand the organisation’s
strategies and associated risks and to ensure that management’s risk management
practices are appropriate.
GEC04.02 Risk Portfolio
Management
Risk Portfolio Management is the capability of making decisions about risks,
investments and policy, matching investments to risk objectives, asset allocation for
individuals and institutions, and balancing risk against performance.
Risk Portfolio management is all about strengths, weaknesses, opportunities and
threats for the organisation.
GEC04.03 Business Impact
Analysis
Business Impact Analysis is the capability to determine the relative importance or
criticality of business functions, operations, supplies, systems, relationships etc.
that are required to achieve the organisation's operational objectives. It drives the
priorities, planning, preparations and other business continuity management
activities.
GEC04.04 Risk Improve
Effectiveness
Planning
Risk Improve Effectiveness Planning is the capability of planning a systematic way of
finding how effective an organisation’s current approach to managing risk is. It
considers the intentions of the organisation, how they are expressed and
communicated and also what happens in practice. This leads to a realistic
improvement program plan for the organisation’s risk management framework and
each application of the risk management process. The plan has five major steps:
Prepare, Elicit and verify, analyse gaps and evaluate, gain ownership and plan, and
report to the oversight committee.
GEC04.05 Risk Mitigation
Planning
Risk Mitigation Planning is the process of developing options and actions to
enhance opportunities and reduce threats to the organisation's objectives.
GEC04.06 Business
Continuity
Planning
Business Continuity Planning is the capability that encompasses a loosely defined
set of planning, preparatory and related activities which are intended to ensure
that the organisation’s critical functions will either continue to operate despite
serious incidents or disasters that might otherwise have interrupted them, or will
be recovered to an operational state within a reasonably short period.
Business continuity includes three key elements:
- Resilience: critical business functions and the supporting infrastructure are
designed and engineered in such a way that they are materially unaffected by most
disruptions, for example through the use of redundancy and spare capacity.
- Recovery: arrangements are made to recover or restore critical and less critical
functions that fail for some reason.
- Contingency: the organisation establishes a generalised capability and readiness
to cope effectively with whatever major incidents and disasters occur, including
those that were not, and perhaps could not have been, foreseen. Contingency
preparations constitute a last-resort response if resilience and recovery
arrangements should prove inadequate in practice.
Some examples of risks:
- Single points of failure with the Telco link between NZ and Australia. How will

Treasury maintain balance of payments account if it cannot access the Internet via
this link or a broken down ICT infrastructure as with Christchurch disaster.
- How does petrol and oil get distributed to power the generators if there are poor
or broken roads as a result of earthquakes?
- How do people access the Government resources that are on their websites if
they cannot access it?
GEC04.07 Risk Management
Governance
Risk Management Governance refers to the institutions, rules conventions,
processes and mechanisms by which decisions about risks are taken and
implemented. It can be both normative and positive, because it analyses and
formulates risk management strategies. Risk Management Governance goes
beyond traditional risk analysis to include the involvement and participation of
various stakeholders as well as considerations of the broader legal, political,
economic and social contexts in which a risk is evaluated and managed. The scope
of Risk Management Governance encompasses public health and safety, the
environment, old and new technologies, security, finance, and many others.
GEC04.08 Risk Intervention
Monitoring
Risk Intervention Monitoring is the capability to monitor the process and targeted
intervention to:
- Identify the organisation's risks and develop a risk library.
- Identify and prioritise “risks that matter” to the organisation.
- Develop mitigation plans for ”risks that matter”.
- Develop a risk monitoring process.
GEC04.09 Security Control Security Control is the capability to significantly reduce security vulnerabilities.
Today’s connected environment introduces various ethical, financial and regulatory
pressures to protect the privacy of individuals and the information assets of
organisations from internal and external threats and unauthorised access.
Successful attacks, whether deliberate or inadvertent, are an increasingly more
costly and damaging, both to the organisation and its customers. To meet these
challenges, Security Control is a fundamental strategic driver of the business.
Security Control defines a conceptual, physical and procedural model of best
practices for end-to-end enterprise security. This includes:
- The approach for determining and setting the baseline or threshold of acceptable
risk to the business.
- Standard methods for ascertaining appropriate classification of information
assets.
- A base set of policies, processes, standards, and procedures for achieving and
maintaining an integrated defense of the organisation's information resources and
assets.
- The security functions, roles and responsibilities appropriate for each member of
the organisation.
- The essential skills and knowledge needed to perform information security
effectively.
GEC04.10 Mitigation
Improvement
Management
Mitigation Improvement Management is the capability to continuously improve the
anticipation of risks, threats, and disasters. Developmental considerations play a
key role in contributing to the mitigation and preparation of an organisation to
effectively confront those threats and disasters. As a security breach or disaster
occurs, risk management, become involved in the immediate response and long-
term recovery phases. The four risk management phases illustrated here do not
occur in isolation or in this precise order. The phases overlap and the length of each
phase greatly depends on the severity of the breach or disaster.
- Mitigation - Minimizing the effects of breach or disaster.
- Preparedness - Planning how to respond.
- Response - Efforts to minimise the hazards created by a breach or disaster.
- Recovery - Returning to normal.

GEC04.11 Risk Mitigation
Development
Risk Mitigation Development is the capability to develop the processes of executing
risk mitigation actions. Risk mitigation progress monitoring includes tracking
identified risks, identifying new risks, and evaluating risk process effectiveness
throughout the project.
GEC04.12 Risk Intervention
Development
Risk Intervention Development is the capability to create a strong risk culture based
on the empowerment of the business. It creates a dedicated risk-culture function
within the risk organisation by:
- Creating awareness and a common language and identifying improvement levers
and implement them, for example, by rolling out a semi-annual or quarterly risk-
culture self-assessment.
- Launching a program to assess and transform current risk capabilities with the
support of a dedicated change team.
- Defining specific actions, owners, and milestones, and establishing an ongoing
method of monitoring the risk-culture transformation.
GEC04.13 Risk Management
Operations
Risk Management Operations is the capability of the day-to day operations of risk
management data protection, risk event operations, implement risk
communication channels, etc.

The Business functions, Applications and ICT Services and Data and Information which the Enterprise Risk Management capability Influences (i), produces or affects (p), and/or uses (u)
06 12
01 02 03 04 05 06 01 02 03 04 05 06 07 08 09 10 11 12 13 01 02 03 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 01 02 03 04 05 06 07 08 09 01 02 03 04 05 06 07 01 02 03 04 05 06 07 01 02 03 04 05 06 07 08 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 01 02 03 04 05
Domain
Capability
OpenGovernment
Accommodation
InternalHelpDesk
PhysicalProtection
Travel
WorkplacePolicy
BusinessReporting
CustomerPersonaandProfile
GovernmentSecurity
GovernmentPrivacy
Governance
AgencyAssetSales
Accounting
CostAccounting
FinancialInvestment
FinancialReporting
Procurement
Recruitment
WorkplaceRelations
ICTServiceStrategy
ICTServiceDesign
ICTAccessManagement
ICTSolutionDelivery
KnowledgeManagement
LibraryManagement
BudgetManagement
BudgetPlanning
LegalAdvice
OutcomesandOutputs
ProcurementPlanning
StrategicPlanning
CivicEvents
ElectoralMatters
LegislativeDrafting
OfficialVisits
OfficialProtocol
BrandManagement
CommunicationDesign
MonitoringNews
GEC04 Enterprise Risk Management
GEC04.01 Strategic Risk Assessment i u u u u p u u u u u u u u u u u u u u u u u
GEC04.02 Risk Portfolio Management u
p
u p p i i i i i i u i i i i
GEC04.03 Business Impact Analysis u u u p u u u u u u u u u u u u u u u
GEC04.04 Risk Improve Effectiveness
Planning
u u i p i i i i i i i u i u i i i i
GEC04.05 Risk Mitigation Planning i i i p p p p i i i i i u
p
i i i i i i
GEC04.06 Business Continuity Planning u u u p p u u i i i u
p
i i i
GEC04.07 Risk Management Governance u u u u u u u u u u u u u
GEC04.08 Risk Intervention Monitoring u u u u u u u u u u u u u
GEC04.09 Security Control i p u p p p u u u p p u
p
u u
GEC04.10 Mitigation Improvement
Management
u
p
u
p
u
p
u
p
u
p
u
p
u
p
u
p
u u
p
u
p
u
p
i i i
GEC04.11 Risk Mitigation Development p p p p p p p p u p p u
p
u u u
GEC04.12 Risk Intervention Development p p p p p p p p u p p u
p
u u u
GEC04.13 Risk Management Operations i u
p
u
p
u
p
u
p
u u u u u u
p
u
p
u u u u
B5.01 Administrative ManagementB5.02 Business Management B5.03 Government Credit and InsuranceB5.04 Financial Management B5.05 Human Resource ManagementB5.06 ICT Management B5.07 Information and Knowledge ManagementB5.08 Strategy, Planning and BudgetingB5.09 Machinery of Government B5.10 Government Communic

01 02 03 04 05 06 07 08 09 10 11 12 13 14 01 02 03 04 05 06 07 08 01 02 03 04 05 01 02 03 04 05 06 07 08 09 10 01 02 03 04 05 06 07 08 01 02 03 04 05 06 01 02 03 04 05 06 07 01 02 03 04
01 02 03 04 05 06 01 02 03 04 05 06 07 01 02 03 04 01 02 03 04 01 02 03 04 01 02 03 04 05 06 07 08 09 10 11 12 13 01 02 03 04 05 06 07 01 02 03 04 05 06 07 08 01 02 03 04 05 06
Domain
Capability
Procurement
BusinessContinuity
Marketing
CustomerAccounting
CustomerService
EmergencyManagement
GrantsManagement
EndUserTools
MobileApplications
ProductivitySuite
DataProtection
DatabaseManagement
AdditionalDataandInformationServices
DirectoryService
EncryptionServices
SecurityControls
DigitalForensics
ICTComponents
ICTManagementTools
CloudServices
Integration
Interface
Gateways
Budget
Strategy
Effort
Measure
Risk
Specification
Operational
Finance
Industry
Technological
Law
Personal
Security
Arrangement
Rights
Obligation
Jurisdiction
Party
Qualification
Role
PartyRelationship
Address
LocationType
AddressType
PurposeofLocation
Infrastructure
Natural
Financial
Goods
Regulatory
UrbanInfrastructure
Accommodation
DwellingType
Artefact
Waste
ItemUsage
OtherItem
Compliance
Proceeding
Episode
CommissionofInquiry
Claim
Request
Order
Personal
Crisis
Social
Business
Trade
Travel
Uncontrolled
Interaction
NewZealandSociety
ServicesToBusiness
CivicInfrastructure
GEC04 Enterprise Risk Management
GEC04.01 Strategic Risk Assessment u u u u u u u u u u u u u p u u u u u u u u u u u u p u u u u u u
GEC04.02 Risk Portfolio Management u u u u u u u u i u i i i i u i i i i i u u u p i i i i i
GEC04.03 Business Impact Analysis u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u p u u u u u u
GEC04.04 Risk Improve Effectiveness
Planning
i u i p i u u u i i i i i i i i i p p p i i p i u u u p i i i i i
GEC04.05 Risk Mitigation Planning i u i i i u u u i u p p i p i u u u p i i i i i
GEC04.06 Business Continuity Planning i u p i u u u i i i i i i p i i i p i i i i i
GEC04.07 Risk Management Governance i u u i u i u u i i u u u u p p i i i i i
GEC04.08 Risk Intervention Monitoring u u u u u i u u u u u u u u u u u u u u u
GEC04.09 Security Control u u p u p u u p u u u u u u u u u u
GEC04.10 Mitigation Improvement
Management
i u
p
i u
p
u u u u
p
i u
p
u
p
i i u
p
i u u u p i i i i i
GEC04.11 Risk Mitigation Development u u p u u
p
u i u u u
p
u u u i p u u u u i i i i i
GEC04.12 Risk Intervention Development i u p i p u i u u u
p
u u u u i p u u u u i i i i i
GEC04.13 Risk Management Operations u u u u u u u u u u u u u u u u u
D1.02 Controls
A2 Common Line of Business ApplicationsA3 End User ComputingA4 Data and Information Management ServicesA5 Identity and Access Management ServicesA6 Security Services A7 ICT Components Services and ToolsA1 Corporate Applications

Outcomes
Enterprise Risk Management provides the necessary foundations and organisational arrangements for managing risk across the
organisation. It outlines how an organisation effectively and efficiently manages risks. It strengthens the overall practices,
decision making and resource allocation.
The benefits of ERM are:
- Effective management of adverse events or opportunities that impact on the organisation’s goals and objectives.
- Making informed decisions regarding management of potential negative effects of risk and taking advantage of potential
opportunities.
- Improved planning and performance management processes. This enables the organisation to focus on core business service
delivery and implement business improvements.
- Ability to direct resources to risks of greatest significance or impact.
- Greater organisational efficiencies through avoiding ‘surprises’.
- Creation of a positive culture in which people understand their role in contributing to the achievement of objectives.
A good embedded ERM system aims to:
- Integrate enterprise risk management within the organisation’s performance management cycle.
- Communicate the benefits of risk management.
- Convey the organisation’s policy, approach and attitude to risk management.
- Set the scope and application of risk management within the organisation.
- Establish the roles and responsibilities for managing risk.
- Set out a consistent approach for managing risks, aligned with relevant standards and industry best practice.
- Detail the process for escalating and reporting risks.
- Convey the organisation’s commitment to periodic reviews and verifications of the ERM system and its continual improvement.
- Describe the resources available to assist those with accountability or responsibility for managing risks.
- Ensure the organisation meets its risk reporting obligations.
The ERM principles guide how effectively and efficiently risks are managed:
- Creating and protecting value – ERM contributes to the achievement of objectives and improves performance in areas such as
corporate governance, program and project management, and health and safety of staff.
- An integral part of all organisational processes – ERM is not performed in isolation. Rather, it is an integral part of our
governance and accountability arrangements, performance management, planning and reporting processes.
- Part of decision-making – ERM aids decision-makers to make informed choices, prioritise activities and identify the most
effective and efficient course of action.
- Explicitly addressing uncertainty – ERM identifies the nature of uncertainty and how it can be addressed through a range of
mechanisms, such as sourcing risk assessment information and implementing risk controls.
- Systematic, structured and timely – ERM contributes to efficiency, consistent, comparable and reliable results.
- Based on the best available information – ERM should draw on diverse sources of historical data, expert judgment and
stakeholder feedback to make evidence-based decisions. Decision-makers should be cognisant of the limitations of data,
modelling and divergence among experts.
- Tailored – ERM aligns with the internal and external environment within which the organisation operates, and in the context of
the organisation’s risk profile.
- Human and cultural factors – ERM recognises that the capabilities, perceptions and aims of people (internal and external) can
aid or hinder the achievement of objectives.
- Transparent and inclusive – ERM requires appropriate and timely involvement of stakeholders to ensure that it stays relevant
and up to date. Involving stakeholders in decision making processes enables diverse views to be taken into account when
determining risk criteria.
- Dynamic, iterative and responsive to change – ERM responds swiftly to both internal and external events, changes in the
environmental context and knowledge, results of monitoring and reviewing activities, new risks that emerge and others that
change or disappear.
- Continual improvement of the organisation – ERM facilitates continuous improvement of operations by developing and
implementing strategies to improve risk management maturity.

Government Capability Model v1.0

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie Government Capability Model v1.0

Ähnlich wie Government Capability Model v1.0 (20)

Government Capability Model v1.0