>Information Governance and Enterprise Architecture

>

We all know that information is vital to making sound and timely decisions. How do we govern information (the term information to include data and information) so that it is truly valuable to the organization and not just another case of GIGI (Garbage In, Garbage Out)?

DM Review, May 2008, reports on some research by Accenture that confirms that “high-performing organizations make far better use of information than their peers.”

Information is a strategic enterprise asset. The key to getting better results from information is the effective use of information governance. Information governance includes decision making and management over the full information life cycle, including: information capture, processing, storage, retrieval, and reporting and disposition.

Without information governance, what can happen to corporate information assets and the end users that rely on it?

  1. Information Hoarding (or Silos)—the information exists in the organization, but people hoard it rather than share information. They treat information as power and currency and they do not readily provide information to others in their organization even if it helps the organization they work for.
  2. Information Quality NOT (“multiple versions of the truth”)—information quality will suffer if decisions are not made and enforced to ensure authoritative information sources, quality control processing, and adequate security to protect it.
  3. Information Overload—not managing the way information is rolled up, presented, and reported can result is too much information that cannot be readily processed or understood by those on the receiving end. It’s like the floodgates have been opened or as one of my bosses used to say, “trying to drink from a fire hose.”
  4. Information Gaps—without proper requirements gathering and planning and provision for systems to meet information needs, users may be left holding the bag, and it’s empty; they won’t have the information they need to support their functional processes and day-to-day decision making needs.

Not having effective information governance is costly for the organization. The target enterprise architecture state for information management is to have the right information to the right people at the right time. Anything less will mean sub-optimized processes, excessive management activity, and poor decision making and that will be costly for the organization—lost sales, dissatisfied customers, compliance lapses, safety and legal issues, publicity snafus, and other mistakes that can even put the enterprise out of business!

According to Accenture’s survey of more than 1000 large companies in the U.S. and UK, information is not being governed very well today:

  • “Managers spend more than one quarter of their work week searching for information.
  • More than half of what they obtain is of no value.
  • Managers accidently use the wrong data more than once a week.
  • It is challenging to get different parts of the company to share needed information.”

The good news is that “the majority of CIOs seem ready to act” by employing information governance.

Information, as one of the perspectives of the enterprise architecture, is already governed through the Enterprise Architecture Board (EAB). However, to give more focus to information governance, perhaps we need to establish a separate Information Governance Board (IGB). I see the IGB as a sub-committee of the EAB that provides findings and recommendation to the EAB; the EAB would be the decision authority for governing all the perspectives of the architecture, including: performance, business, information, services, technology, security, and human capital. To better focus and decompose on the various EA perspective areas, perhaps they will all have their own sub-committees (like a Performance Governance Board, Business Governance Board, and so forth) similar to the IGB in the future.

>Optimizing IT and Enterprise Architecture

>

Enterprise Architecture helps to align business strategy and IT implementation. However, one of the big problems for IT these days is that it is viewed as a utility and not as a strategic business partner.

The Wall Street Journal, 10 March 2008, reports that “Too often, there’s a wall between a company’s information technology department and everything else. That wall has to go.”

What’s the problem with how executives view IT?

“Simply put, top executives at most companies fail to recognize the value of IT. It can help a company transform data from its operations, its business partners, and its markets into useful competitive information, It can be the source of profitable innovations in the way a company interacts with its customers and suppliers. But there is still a tendency to think of IT as a basic utility, like plumbing or telephone service.”

IT doesn’t even have a seat at the table!

There is a “metaphysical glass wall that separates the IT group from the rest of the business at most companies. The wall prevents IT from being part of the discussion at the highest levels of company planning, robbing a firm of its full potential.”

Even in the federal government where there is legislation (The Clinger-Cohen Act) to support a CIO reporting directly to the agency head, often the CIO remains buried layers down in the hierarchy.

How can the CIO develop a viable enterprise architecture to support the business with needed technology if IT is viewed as computer geeks and walled off?

IT must become a true partner with the business!

Why is IT walled off and how can this change?

Obstacles:

  • Mind-set—Business is focused on business problems and IT is focused on the technology (instead of focusing on solving the business problems).
  • Language barriers—“much is lost in translation” between IT and business folks.
  • Outsourcing—“IT professionals are almost pitied as dinosaurs whose jobs will soon be sent offshore.”
  • IT governance—isn’t done collaboratively with the business and “the resulting IT failures drive a wedge between senior [business] managers and their IT colleagues.”
  • Rapid pace of technological change—technology “is subject to fads,” which can be confusing in terms of direction, create competitive demands on scarce business resources, and causes IT to lose credibility with each and every subsequent change. Also, IT can be viewed as an endless sinkhole for investment and so the focus becomes not on optimizing value from IT, but rather on containing runaway cost.

Opportunities:

  • Executive commitment—to understand the strategic value of IT and develop effective IT management.
  • Strategic IT leadership—hire an IT leader who understands more than just technology; s/he needs to really understand the business and how IT can enable it.
  • Value IT for its business potential—“managers at all levels across the organization need to be convinced that innovations in IT-related areas such as knowledge management, business intelligence, information security, change management, and process integration are essential to the success of the enterprise.”
  • Translate business to IT and back again—“a company must have people at all levels who can translate IT language for those outside that department and translate the language of management to those in IT.”
  • Sound IT governance—“ensure that every part of the organization that is affected by IT decisions is part of the decision making process…with a full understanding of all their implications.”
  • IT portfolio management—“analyze the costs, benefits and risks of all IT projects to determine how to get the most benefits from the dollars invested in technology.”

Interestingly enough, enterprise architecture plays a key role in almost all the strategies to get IT to become an integral partner with the business:

  • EA helps build executive commitment through effectively communicating the current, target, and transition plan and how it aligns to the business strategy and benefits the mission.
  • The chief enterprise architect is a strategic, big picture, IT leader that focuses on business needs and how IT can solve those with current and emerging technologies as well as process improvement.
  • User-centric EA develops information products for the organization that are useful and usable and support knowledge management, business intelligence, requirements management, change management, and so on.
  • EA synthesizes business and technology information and is a bridge between the two for the organization to understand performance results desired, business processes to produce those, information required by the business processes, and systems and technologies to serve those up.
  • The EA Board supporting the IT Investment Review Board implements sounds IT governance and brings business and technology subject matter experts to the table to vet decisions in the best overall interest of the enterprise.
  • The EA governance process takes into account ROI, risk, strategic alignment, and technical compliance to drive better decision making and sound IT investments for the organization.

EA is central to bringing down the glass wall between business and IT and in bringing the two together to optimize IT solutions for the business needs.

>Leadership, Change, and Enterprise Architecture

>

Enterprise architecture is about planning, managing, and measuring change in an organization. To effect change requires true leadership, and this requires multiple skills.

In the book, The Leadership Triad by Dale Zand, three essential forces of leadership are presented—knowledge, trust, and power. These leadership forces guide constructive organizational change.

“Like three horses pulling a chariot, these forces, if coordinated and working together, provide a swift and exhilarating ride. But if one force is mismanaged or pulls against the others, the ride is bumpy and can end in disaster.”

Effective leaders integrate the three forces of knowledge, trust, and power to drive effective change and maintain efficient operations in their organizations: “They know what should be done, they have the trust of their people, and they use power appropriately:

  1. Knowledge—“leaders know or can find out what should be done…they have vision and they know how to fulfill that vision. They set clear, challenging goals, and they know what needs to be done to reach the goals…they know how to gain access to the knowledge of others, and they know how to work with people to convert that knowledge into action.”
  2. Trust—“people trust effective…leaders, giving them loyalty and commitment… [They] earn trust by disclosing relevant information, sharing influence, and competently using knowledge. They earn trust by fairness in their dealings with others—fulfilling the spirit of their agreements, sharing rewards and hard times and not abusing their power.”
  3. Power—“leaders use their power appropriately. They know how to be directive or to delegate. They know how to review and evaluate constructively. They know how to be consultants, providing guidance rather than issuing commands.”

Why not just lead in a command and control fashion like in the military or law enforcement organization?

“The heroic fantasy of one person at the head of a column and followers shouting ‘charge’ as they mount the battlements is outdated. Instead leaders need to learn to use the sensing, searching, and thinking ability of all people within the organization.”

How are these leadership skills similar to those necessary for implementing enterprise architecture?

Knowledge, trust, and power are the cornerstones of an enterprise architecture program.

1. EA makes information transparent and provides information products to distribute knowledge and enable better decision-making. EA information is critical to decision-making, particularly in terms of ensuring sound IT investment management decisions, IT planning, analysis of problem areas—uncovering gaps, redundancies, inefficiencies, and opportunities–driving business process improvement, reengineering, and the introduction of new technologies to the organization.

“In the twentieth century society crossed…into the information age, marked by the emergence of the knowledge organization.”

“Competitive advantage in the information age is in constant jeopardy—knowledge is fluid, and creative thinkers leapfrog over existing knowledge.”

“Knowledge travels with the speed of thought, but can be blocked by the smallest emotional barrier. It can enlighten the entire organization’s operation, yet it can easily be concealed if people do not want leaders to see it. People throughout organizations continually acquire and create important, critical knowledge about customers, [suppliers], products, technology, costs, and competitors. But that knowledge can remain hidden and inaccessible to leaders. In the new world leaders need to liberate knowledge and creative thinking at all levels and in all corners of the organization. To compete, leaders need to move knowledge from where it is to where it can be used to define and achieve appropriate goals.”

EA helps to synthesize information and liberate knowledge to meet strategic goals.

2. EA is based on the trust of business and technical leaders and staff across the enterprise. EA synthesizes business and technology information. It relies on the trust of divisions, departments, and subject matter experts (SMEs) throughout the organization to share (and not hoard) information and build a results-driven, process-oriented, interoperable, standardized, cost-effective organization, rather than a siloed, ineffective one. In an EA-directed organization, siloed functions and management relinquish their own personal interests and perhaps, selfish motives and instead plan for the good of the overall organization. For example, decisions on IT investments are made based on enterprise priorities and cost-benefit-risk-architecture considerations, rather than who has the money to spend.

“Trust regulates the disclosure of information—how open people are with relevant information…trust regulates mutual influence—how receptive people are to each other’s goals and concerns, and trust regulates control—the intention to fulfill the spirit of a decision and willingness to rely on another person to implement her part of the decision.”

“Mistrust causes people to censor, delay, and distort relevant information. Social uncertainty compounds ambiguity, masks difficulties and deprives leaders of the opportunity to make high-quality decisions

3. The EA Board (chaired by the chief enterprise architect) ensures that proposed new IT projects, products, and standards align to and comply with the enterprise architecture. EA must have the power to mandate and enforce alignment and compliance or else the target architecture and transition plan is just a sham that will not yield enterprise results and achieve stated goals. Additionally, EA must have the ability to require SMEs to contribute regularly to the development, maintenance, and use of the EA. The business and technical SMEs are the owners of the EA content and must be partners with the EA team in ensuring that the architecture is kept current, accurate, and complete.

“Power is the ability to influence others so that they do or do not do something.”

“Leaders have legitimate power to determine the process by which decisions will be made.”

Knowledge, trust, and power are three dimensions of leadership that are the foundation for an effective EA program. EA ensures that the information needs of the organization are met in terms of business and technical baseline and target architectures and transition plans. EA relies on the trust of its organizational partners in the business and technical domains to share information and adhere to architectural decision and standards that are in the best interests of the overall organization, rather than any one individual, group, or function. And finally, EA requires the power to ensure alignment to and compliance with the architecture and the decisions of the architecture board or else EA is just a paper tiger and will fail.

>Adding Value and Enterprise Architecture

>

What is the value-add of enterprise architecture?

In Architecture and Governance Magazine, Volume 4 Issue 1, an article entitled, “Architecture Planning” addresses this issue.

The author proposes that EA must find a balance between the necessity to “build and populate an EA framework with the effort to provide effective project support.”

With the wrong balance of these, the author, states: “you end up with an ivory tower [initiative] that delivers no value, or with a project support service that makes project-level architecture decisions rather than taking into account the enterprise perspective.”

The article sums up: “to reiterate, the architecture plan needs to meet two objectives. One, deliver an EA; two, deliver value to projects.”

From my perspective, the two objectives presented are not accurate. It is not a choice or balance between building EA or adding project value—never! Rather, it is always about adding value.

EA is never done for EA’s sake. That is not an objective.

Everything that EA does is to add value—either by fulfilling insight or oversight needs of the organization.

  1. Insight—EA provides valuable information products to end-users in terms of business and technical information. EA captures, analyzes, catalogues, and provides findings and recommendation, which is used to aid IT planning and governance, and decision-making.
  2. Oversight—EA provides valuable governance services by conducting architectural reviews of IT projects, products, and standards, thereby enabling sound IT investment decisions and more successful project delivery.

The article proposes that the organization should “initiate two streams of work. One identifies the framework within which enterprise-level information will be captured and shared, and the second focuses on identifying the key areas of need for projects…[i.e.] the need to provide real value to projects”

However, I would suggest that the two streams of work are not developing the EA framework and the need to provide “real value” to projects, but rather that the EA program develop both information products and governance services–simultaneously, both of which benefit the end-users and add value to the enterprise.

Further, the information products and governance services are mutually reinforcing. Technical reviews, conducted as part of the governance services, feed valuable information to the EA information products. And information products are used to conduct the architectural reviews by providing the basis for aligning to and complying with the EA baseline, target, and transition plan.

>Boeing and Enterprise Architecture

>

Enterprise Architecture is a combination of developing and using organizational insight and managing sound oversight.

Boeing Company’s recently announced six-month delay of its new 787 Dreamliner jet shows defects in both their EA insight and oversight.

The Wall Street Journal, 7 December 2007 reports that “layers of outsourcing slow 787 production…a look inside the project reveals that the mess stems from one its main selling points to investors—global outsourcing.”

How did global outsourcing reveal the breaks in both effective insight and oversight at Boeing?

  • INSIGHT—EA is the synthesis of business and technology to improve organizational decision-making. EA develops information products, so that the organization has the information it needs to improve mission execution, and so that business is driving technology. In the case of Boeing, they were so focused on getting the technology of the new jet right, that they overlooked the underlying business problems. “It figured the chief risk lay in perfecting a process to build much of the plane from carbon-fiber plastic instead of aluminum. Boeing focused so hard on getting the science right that it didn’t grasp the significance of another big change; the 787 is the first jet in Boeing’s history designed largely by other companies,” and this has been plagued with problems ranging from language barriers to their contractors subcontracting out key tasks, such as engineering. Boeing’s focus on the technology led them to ignore important aspects of the business of designing and producing the new planes. Boeing did not have sufficient insight into the business side (versus the technology) of managing this tremendous endeavor.
  • OVERSIGHT—EA involves IT governance, so that IT investments are made based on sound principles of business alignment, return on investment, risk management, and technical compliance. Generally, the Investment Review Board, the EA Board, and the Program Management Office sees to it that IT projects are reviewed and managed in terms of cost, schedule, and performance parameters. In the case of Boeing, they did not ensure adequate EA oversight for the 787 jet. “Boeing overestimated the ability of suppliers to handle tasks that its own designers and engineers know how to do almost intuitively after decades of building jets. Program managers thought they had adequate oversight of suppliers but learned later that the company was in the dark when it came to many under-the-radar details.” Boeing’s general expertise in project oversight was outsourced along with the engineering and production tasks, and this led to, what an executive of one major supplier has called, chaos.

The Boeing 787 Dreamliner may well end up being a true “dreamy” jet plane, but from a User-centric EA perspective, the 787 has been a real nightmare and a example of ineffective EA insight and oversight!

>Locking Down the Desktop – Enhances Security or Hurts Productivity?

>The Wall Street Journal, 22 October 2007 reports on a debate between the CIO of Highmark Inc. (a business education corporation) and the CIO of Google on whether employees’ use of unauthorized technologies at work compromises security or enhances productivity.

Why does locking down the desktop enhance corporate security?

The essential question is “how much leeway should office workers have to try out new technologies on company computers? For many employers, the answer is clear: none at all. Corporate IT departments already have their hands full with viruses, hackers, spyware, and data breaches, without having to worry about employees making those problems worse by adding unauthorized software or devices. Security experts warn that a company’s insiders are responsible for most security headaches, intentionally or inadvertently.”

  • Tom Tabor, the CIO of Highmark states: “we recognize that employees just want to be productive…while this may be advantageous, it is also a management issue as far as maintainability, support, and potentially cost.”

Why does unlocking the desktop enhance worker productivity?

“Most employees who work regularly with computers can think of dozens of ways that unauthorized technologies makes it easier to do their jobs, whether it’s Web-based email programs, for sending large files or flash memory drives for taking work files home. And it isn’t just individuals; whole departments are turning to online software providers to handle business needs without the approval, or often the knowledge, of the IT department.”

  • Douglas Merrill, the CIO of Google states: “We must give up trying to control everything, and instead focus on the few places that are the most critical.”

How do these CIOs deal with demands for new IT?

  • Tabor: “We have a formalized technology-acquisition process that allows employees to submit technologies for review by the IT organization. Through this process, employees have a say in what technologies are considered.”
  • Merrill: “At Google, most employees who run Windows are set as power users, not administrators. This allows employees to install some things and change some machine settings, but not everything—basically, we try to protect our employees from themselves. [However,] If they want administrator access, they just have to ask for it…”

In user-centric EA, we follow a similar method to Mr. Tabor’s technology-acquisition process by having an Investment Review Board supported by an Enterprise Architecture Board, where business sponsors can submit decision requests for new IT projects, products, or standards and get these evaluated, authorized, prioritized, and funded. The key is to have a structured process that adds value to the IT investment decision-making without stifling innovation and productivity.

As for locking down the desktop, as a user, I can’t say that I love the restrictions, but as an enterprise architect and IT and business professional, I definitely see the security value to the organization, as well as the benefits to standardizing technologies, developing enterprise solutions, and building a maintainable, cost effective infrastructure.

>Circumventing the CIO—What’s the Harm?

>

One of the most difficult challenges we face as enterprise architects is when end-users don’t ask permission, but instead ask forgiveness.

The typical scenario is that a division or unit or group of end-users decides to go out and purchase some new IT widget, gadget, or system without going through the CIO shop. (I know this shouldn’t happen if the CIO controls the IT funding, but even then someone always finds some money squirreled away and decides to use it for something they weren’t supposed to or in some cases even bypasses the money channels altogether, getting a freebie from a eager vendor looking to build or test some new capabilities to sell later to other customers).

Well, where’s the harm?

Oh my G-d, where should I start…

Innovation from the field and operators is great, but bypassing the CIO shop circumvents the structured processes and good governance that is in place to ensure projects succeed. Without these mechanisms, IT project can be at tremendous risk:

  1. Business Case—Without a business case, the justification for the IT project was never made, return on investment not calculated, alternatives not considered, and the best course ahead not properly laid.
  2. Investment Review Board—Without IRB vetting, the senior-level sponsorship has not been solidified, the project has not been authorized, and its priority has not been set with respect to other, maybe more critical, projects that the enterprise needs; further, the project may not have adequate life cycle funding; additionally, the project is likely not being ongoingly monitored and managed by leadership and enterprise subject matter experts for cost, schedule, and performance.
  3. Enterprise Architecture Review—Without an EA technical review, the IT project may align with the target architecture and transition plan, may not be interoperable with other systems, may not meet enterprise technical standards, may overload or be incompatible with existing infrastructure, may be duplicative of other investments, may not be the best or most cost-effective technical solution, may not meet various legal, regulatory, and other compliance requirements.
  4. System Development Life Cycle—Without following a defined, repeatable, and measureable SDLC process, the project risks failure by not having adequate and documented planning and requirements, design, development, testing, implementation, training, operation and maintenance, and disposition.
  5. Project Management Plan—Without a project management plan, projects are at risks for being mismanaged, having cost-overruns, schedule delays, and quality problems.
  6. IT Security Plan—Without an IT security plan, the project is at risk in terms of the confidentiality, integrity, availability, and privacy of the information.

No question, from an end-users perspective, there are quite a few hurdles to go through in implementing a new IT project. An if we’re honest with ourselves, the process can be onerous. Therefore, the CIO and his staff needs to work to streamline the processes, integrate them, provide the users with job aids and excellent customer support. Additionally, there should be a quick pass process for getting those “emergency” (must have now) projects through quickly (although not any less comprehensively).

The key is to balance the needs of the enterprise (ensuring mission execution and sound stewardship of enterprise resources), end-users (supporting innovation and operators ability to do their jobs successfully and safely), and customers or citizens (bringing new products or services to market quickly, reliably, and at high quality levels). To do this we have to balance the necessary processes and governance to ensure IT projects’ success with the imperative to foster innovation and deliver quality and speedily to market.

So as an enterprise architect, what do you do when a end-user asks forgiveness, instead of permission?