Establish a relevant and efficient roadmap thanks to the maturity approach and risk analysis

Aligning IT services with business demands is a daily challenge.

Between project delivery, outsourced service management and maintenance in operational conditions, IT departments are working to ensure quality service in the face of ever more demanding business needs. The arrival in recent years of methods that facilitate this alignment, such as Agile, Lean, and DevOps, has transformed the way commitments are managed, challenging the traditional determinism of IT management.

In this context, it is vital to be able to establish, communicate and share a vision to guarantee the coherence of actions and, ultimately, to offer the business the quality of service they need.

To do this, the maturity approach derived from CObIT and CMMI has long been favoured. However, the rigidity of the requirements of these standards is difficult to reconcile with new practices: establishing a roadmap now requires flexibility, continuity and more modern methods.

Our approach is as follows:


  1. Define the scope of the analysis: the IT department's strategy must be reflected in the scope. Firstly, the requirements are defined by combining the baseline requirements and the recommendations made during the IT strategy analysis. These requirements may relate to a specific aspect of the IT department (e.g. the landing of projects in production) or may be transverse to the overall department. The level of evidence to be collected must be aligned with the desired goal: to establish a 2-year roadmap, it is not relevant to look for material evidence of the effectiveness of a specific practice in the tools. Finally, the areas of analysis to be prioritised should be aligned with the current level of maturity: it is not relevant to look for the continuous improvement methods in place for a process that is not yet documented.
  2. Identify the resource persons, the tools to be evaluated, the practices to be verified: in addition to the scope, this activity enables a schedule or backlog to be established, depending on the delivery method chosen (traditional or agile).
  3. Formulate the observations in the form of a risk analysis: during the feedback, it is fundamental to provide the tools for decision-making. We therefore recommend that observations are always formulated in terms of weighted risks. Of course, this weighting must be carried out according to the practices in force in the audited ISD. This allows the most relevant observations to be inserted directly into the risk management plans already being piloted.
  4. Align the recommendations with the identified risks: the recommendations are the key to the roadmap. It is essential to clearly indicate which risks are addressed by each recommendation and how they are mitigated.

Examples of charts related to this approach:


Probability and impact

Tableau établirv2


A maturity assessment drawn up in this way enables:



  • to identify in a factual manner the strengths and challenges within a scope adapted to the strategy of the IT Services Director and the company,

  • highlight to employees the need to evolve the project, service or contract governance mode,

  • complete the portfolio of internal projects in a relevant and targeted manner in order to align IT services with the company's strategy.



d2X has implemented this method for many clients in the three business areas that characterise us. Our consultants can rely on a proven methodology, which guarantees the quality of the result.