>To Invest or Not to Invest, That is the Question

>There are scarce dollars for investment purposes and many competing alternatives to invest in. Therefore, organizations must make wise investment decisions.

Common sense dictates that we invest in those technologies that will bring us the greatest return on investment. However, investing in IT is not only about seeking to maximize profitability or superior mission execution, but also about mitigating risk.

MIT Sloan Management Review, Spring 2009, discusses the need to balance between two types of investment risks.

The first, and obvious one is financial risk—“the failure to achieve satisfactory returns from an investment;” those organizations that load up on too much financial risk, can actually put themselves in danger of not being able to stay financially solvent i.e. too many poor investments and the company can be sunk!

The second risk is competitive risk—“the failure to retain a satisfactory competitive position for lack of investment.” Organizations that are too conservative and don’t invest in the future put themselves at risk of falling behind the competition, and may be even out of the race altogether.

So how do we balance these two risks?

On one hand, we need to make critical new IT investments to stay competitive and become more effective and efficient over time, but on the other hand, we need to manage our money prudently to stay on solid financial footing.

Managing financial risk is a short-term view—similar to looking at the daily stock market prices or quarterly financial returns; if we can’t meet our financial obligations today or tomorrow, game over. While managing competitive risk is a long term perspective on investing—we need to remain agile amidst our marketplace competitors and outmaneuver them over time picking up additional customers and market share and building brand and satisfaction.

In information technology management, we must manage both the short-term financial risk and the long-term competitive risks.

What tools are in the CIO’s arsenal to manage these risks effectively?

Enterprise architecture planning is a strategic function that takes a primarily top-down view and assesses organizational requirements (including competitive needs) and drives IT investments plans to meet those needs. In this way, EA manages competitive risk.

IT governance or capital planning and investment control is a bottom-up view that helps us manage shorter-term financial risks by providing a structure and process for vetting IT investments and prioritizing those. Sound IT governance helps us limit financial risk.

So we attack the risks from both ends—from the top and from the bottom.

While we cannot entirely eliminate the risks of failed IT investments or of missing opportunities to knock the competition off its feet, we can manage these by architecting our enterprise for long-term success and by appropriately scrutinizing the selection, control and evaluation of our investments so that we safeguard our financial resources.

So the CIO can err by going too far in either direction:

So a balance needs to be maintained.

“More specifically, a balance should be maintained between errors of omission and commission.” Fail to invest and modernize the organization’s technology and you commit the error of omission. Invest overly aggressively and you commit the error of commission. “A balance must be struck between the error of pursuing too many unprofitable investment opportunities as opposed to the error of passing up too many potentially profitable ones.”

>Lessons from Space for CIOs

>
There are no CIOs in space. At least not yet. Someday, as we colonize space, there will be. And information technology will be more important then ever as communications, information sharing, collaboration, and new ways of doing things enable people to live and work in distances that are now just the realm of science fiction.


As I read about space tourism in MIT Technology Review, January/February 2009, I realized there are already lessons for CIOs from space travel even in its nascent stages.

  • Modernize, as needed—as technologists, some erroneously think that everything has to be swapped out and modernized every few years (for example, many organizations are on na 3 year refresh cycle—whether they need it or not!), but the Russian space program teaches us differently. They modernize, not on a fixed time, but rather as needed. They work by the principle “if it’s not broken don’t fix it.” Here’s an excerpt: “You can look at the original Soyuz, and the same physical design—same molds, even—appear to have been used throughout its history…But anything that has ever gone wrong or failed, they fix. Or if there is some new technology that comes along that would be of significant benefit, they change it also. Isn’t this a novel principle that we can adapt for sound IT investment management?
  • Functional minimalism–for many organizations and individuals, there is a great desire to have the latest and greatest technology gadgets and tools. Some call these folks technology enthusiasts or cutting-edge. And while, IT is incredibly exciting and some missions really need to be cutting-edge to safeguard lives for example. Many others don’t need to have a closet with one of every software package, hardware gadget, or new tool out there. I’ve seen mid-size organizations that literally have thousands of software products—almost as many as people in the entire company! However, on the Russian Soyuz space vehicle, we see a different way. One space tourist noted: “It’s sort of a functional minimalism.” You don’t need tons of gadgets, just what is operationally necessary. CIO’s, as IT strategists and gatekeepers for sound IT investing, should keep this principle in mind and spend corporate investment dollars wisely, strategically, and with careful selection criteria. We don’t need one of everything, especially when half of the investments are sitting in a closet somewhere collecting organizational dust!
  • Technology is 3-D—Our IT environment is still mostly stuck in a two-dimensional paradigm. Our user-interfaces, controls, and displays are still primarily flat. Of course, many have conceived of IT in a more real three-dimensional portrayal for example using 3-D graphics, modeling and simulation, holograms, virtual controls, and even virtual world’s in gaming and online. As CIO’s, we need to encourage the IT industry to continue rapid transformation from a 2-D to 3-D technology paradigm. As a corollary, in space where there is little to no gravity such as on the International Space Station, “It is cluttered, but then after a while you realize, well that’s true if you’re thinking in 2-D, but once your brain shift to 3-D, you realize that it isn’t.”
  • Think strategic and global—The CIO and his/her staff gets lot of calls everyday based on operational issues. From simple password resets to the dreaded “the network is down.” When firefighting, it is easy to fall into a purely operational way of thinking. How am I going to get this or that user back up. But getting all consumed by operational issues is counterproductive to long-term planning, strategy, and monumental shifts and leaps in technology and productivity. One space tourist looking out the window in space summed it up nicely for CIOs (and others) to get perspective: “You’re out there in space looking back at Earth, and in a way, you’re also looking back at your life, yourself, your accomplishments. Thinking about everything you own, love, or care for, and everything else that happens in the world. Thinking bigger picture. Thinking in a more global fashion.” Maybe every CIO need a picture window view from the Internation Space Station to keep perspective?

>Andy Blumenthal Presents How Enterprise Architecture Shapes IT Governance

>Check out this SlideShare Presentation:

>Good to Great and Enterprise Architecture

>

What makes a good organization become great in terms of technology?

In the book, Good to Great by Jim Collins, the author describes a five year study conducted in organizational greatness and what makes a good enterprise become great. Here are some finding in terms of achieving technology success:
  • Align technology with your mission—the key question that drives the enterprise’s technology is whether it fits directly with “what you are deeply passionate about…what you can be the best in the world at…[and] what drives your economic engine.”Through the User-centric EA target architecture, transition plan, and IT governance, EA moderates new investments in IT so they align with mission requirements and priorities.
  • Technology enables mission execution—“Good-to-great companies used technology as an accelerator of momentum, not a creator of it…a company can’t remain a laggard and hope to be great, but technology by itself is never a primary cause of either of greatness or decline.” User-centric EA synthesizes business and technology information to enhance decision-making. EA ensures that the organization’s technology direction and investments enable mission.
  • Culture of discipline—Good-to-great companies have disciplined thought and action. They “respond with thoughtfulness and creativity, driven by a compulsion to turn unrealized potential into results; mediocre companies react and lurch, motivated by fear of being left behind.” User-centric EA is a structured approach to managing and integrating business and technology. EA ensures that the organization follows an adaptable plan and does not get lurched around by the changing market, competition, or technology tides.
  • Change incrementally—“‘crawl, walk, run’ can be a very effective approach, even during times of rapid and radical technological change.” User-centric EA develops the target and transition plan for the organization, which ensures an approach of incremental change. New IT investments and business process improvements are done in a phased approach, rather than trying to “eat the elephant in one bite.”

In short, User-centric EA is a perfect fit with the conclusions of Jim Collins research into good-to-great companies.

ITIL and Enterprise Architecture

>

Both EA and ITIL are emerging disciplines that are growing in importance and impact.

Here are their basic definitions:

EA synthesizes business and technical information and develops information products and governance services to enable better decision making.

ITIL (Information Technology Infrastructure Library) “provides a comprehensive, consistent set of best practices focused on the management of IT services processes. It promotes a quality approach to achieving business effectiveness and efficiency in the use of information systems. ITIL is focused on IT Service Management, which is “concerned with delivering and supporting IT services that are appropriate to the business requirements of the organization.” (ITIL IT Service Management Essentials, Pink Elephant)

To me, EA and ITIL are mutually supportive. Here’s how:

  • EA is a decision framework that provides for planning and governance. EA answers the question, what IT investment will we make?
  • ITIL is a service framework that provides for execution of IT services. IT answers the question, how will we support and deliver on the IT investments?

In short, EA is the discipline that handles the decision processes up to the IT Investment and ITIL handles the service management once the decision to invest in IT is made.

What are the considerations for EA and ITIL:

  • EA considers such things as return on investment, risk mitigation, business alignment, and technical compliance. EA focuses on business process improvement and new introduction of new technologies.
  • ITIL practices areas include such services as incident management, problem resolution, change management, release management, configuration management, capacity, availability, service continuity, service level management and more.

How are EA and ITIL similar in terms of requirements management and their goals?

Each seeks to understand the business requirements and satisfy their customers: EA for the requirements for proposed new IT investments and ITIL for the service required to support those.

Both disciplines are goal-oriented in terms of wanting to improve effectiveness and efficiency:

  • EA prescribes in planning, what are the right things we should we be doing (effectiveness) and in governance, how should we be doing them (efficiency) relative to IT investments.
  • ITIL prescribes in service delivery, what are the right service deliverables (effectiveness) and in service support, how we should be providing service support (efficiency).

While EA and ITIL are complementary, ITIL picks up where EA leaves off—after the IT investment decision, but before the service execution.

>Why IT Governance and Enterprise Architecture

>

I came across an excellent white paper by the National Association of the State CIOs (NASCIO) on IT governance that goes through the fundamentals.

What is IT governance?

IT governance is “specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT.”

Sound IT governance helps to ensure effective use of IT resources, “avoid unnecessary or redundant investments,” more successfully deliver IT solutions, and “enhance appropriate cross-boundary interoperability.”

Why is IT governance ever more important?

According to Gartner, the net average ROI for IT projects is only 1% and as of 2002, “20% of all expenditures on IT were wasted.”

“Information management approaches used during previous eras are no longer sufficient.”

“Information technology is no longer restricted to simply automating procedures, or even managing information, rather, information technology now enables and even outstrips an enterprise organizational capabilities for transformation.”

We “continue to depend more and more on information technology to achieve efficiencies, collaborative information sharing, business intelligence, and information socialization.”

Who should be involved in IT governance?

“Proper IT governance requires a highly participative collaboration between…CIOs and executive leadership on the business side.”

“Pure technology decisions will be primarily made by leadership with information technology with consulting input from the business. Pure business decision making will be primarily made by business leadership with consulting input from the…CIO. However, in most cases, determination of where and when to employ technology will be a shared responsibility.”

This is the piece that I liked the best—the convergence of the necessity for sound IT governance with robust enterprise architecture is what it takes to truly yield results. As the paper states: “In fact, information technology properly managed and deployed within the umbrella of enterprise architecture will provide the path to transformation.”

>IT Portfolio Management and Enterprise Architecture

>

IT portfolio management (ITPfM) is the application of systematic management to large classes of items managed by enterprise Information Technology (IT) capabilities. Examples of IT portfolios would be planned initiatives, projects, and ongoing IT services (such as application support). The promise of IT portfolio management is the quantification of previously mysterious IT efforts, enabling measurement and objective evaluation of investment scenarios.

Debates exist on the best way to measure value of IT investment. As pointed out by Jeffery and Leliveld (2004), companies have spent billions of dollars into IT investment and yet the headlines of misspent money are not uncommon…IT portfolio management started with a project-centric bias, but is evolving to include steady-state portfolio entries such as application maintenance and support, which consume the bulk of IT spending. (Wikipedia)

  • ITPfM is related to the federal requirement for capital planning and investment control (CPIC), especially the select phase in which investments are authorized and funded.

The IT Management Reform Act of 1996 (Clinger-Cohen Act) specifies that executive agencies “establish effective and efficient capital planning processes for selecting, managing [controlling], and evaluating the results of all its major investments in information systems.

The Architecture Alignment and Assessment Guide by the Federal CIO Council, November 2000 defines capital planning and investment control (CPIC) as—“a management process for ongoing identification, selection, control, and evaluation of investments in information resources.”

  • CPIC/ITPfM and EA are closely linked processes. Enterprise architecture conducts technical reviews of proposed new IT projects, products, and standards and provides findings and recommendations to the IT Investment Review Board for decision-making on authorizing, prioritizing, and funding IT.

The Architecture and Assessment Guide states that “CPIC and enterprise architecture functions are closely linked…both have a common focus: the effective and efficient management of IT investments.

Further, the Office of Management and Budget (OMB) Circular A-130 requires that agencies establish and maintain a CPIC process and that they “must build from the agency’s current enterprise architecture.”

According to the Architecture Alignment and Assessment Guide, the three phases of CPIC align to EA as follows: CPIC’s select, control, and evaluate align to EA business alignment, technical alignment, and architecture assessment.

The Journal of Enterprise Architecture, February 2008, has an article by George Makiya that discusses “Integrating EA and IT Portfolio Management Processes”.

Makiya states “at the strategic level, the EA has to agree with the business side, what objectives the IT portfolio will be designed to achieve. It is imperative that the EA negotiate with the business side what constitutes value-add. The EA must then use ITPfM to engage the business to document or articulate its strategy and business objectives.”

Further, “at the operational level, the EA using ITPfM employs prioritization and selection processes to ensure that IT investment reflects the objectives and priorities of the business…through proactive management EAs can help the CIO align the IT budget with the demands of the portfolio.”

According to the Federal Enterprise Architecture Practice Guidance, November 2007, the performance improvement lifecycle starts with the agency’s strategy, and then has the three phases of architect (“develop and maintain EA”), invest (select investments and “define the implementation and funding strategy”, and implement (“execute projects”), which in turn yields strategic results.

  • Generally speaking, ITPfM decisions are made on the basis of return on investment, risk mitigation, strategic alignment, and technical alignment to the EA.

There are many touch points and linkages between EA and CPIC.

  • EA’s target architecture and transition plans drives the investments and portfolio make-up in the CPIC process.
  • CPIC investments are used to provide updates on systems, technologies, and standards to the EA.

EA and CPIC/ITPfM are truly mutually dependent and create synergy and value for the organization through enhanced decision making and IT resource control.

>IT Governance –Value Creation and Accountability

>

IT governance is something people tend to have a love/hate relationship with. They love it because they know they need it and will benefit from it; but they hate it because they don’t want to do it and be bound by it.

It sort of reminds me of the old TV show, The Little Rascals, when the mother “makes” her kid take the spoonful of awful tasting castor oil because it was good for him. And what a face the kid would make as that spoon glided into his mouth, and then a big smile would emerge.

DM Review, 8 February 2008, reports that enterprises are “Getting Serious about IT Governance.”

Here’s why IT governance is growing in importance:

  1. Growing IT expenditures—“Worldwide IT spending has grown 5 percent to 8 percent in recent years and will approach $3 trillion for 2007”
  2. IT project troubles—“IT project failures, security breaches, and compliance snafus are still abundant. Gartner estimated that more than $600 billion has been squandered on ill-conceived or poorly executed projects. And according to Standish Group, only 30 percent of projects are considered successful.”
  3. Money won’t solve the problem—“Simply pouring more money into IT won’t necessarily fix a company’s problems or mitigate its risks.”

IT governance is a two-fold endeavor:

  1. Value creation—“IT governance is about balancing the interests of investors and stakeholders by focusing resources on the creation of value…if the mission of IT is to provide systems the business wants, it is equally important to provide systems the business actually needs.”
  2. Accountability—“IT governance is the system by which IT is directed and controlled. It should address the roles and responsibilities of groups and individuals…articulate the rules and procedures for making IT decisions, and provide a structure through which IT objectives are set, attained, and monitored.”

In the Federal IT Investment Management (ITIM) process for Capital Planning and Investment Control, value creation and accountability align well with the phases of Select-Control-Evaluate for IT investments.

  • The Select phase supports value creation. It involves the selection of projects based on a combination of the following factors: alignment with mission/business strategy, highest return on investment, lowest risk, and alignment to and compliance with the enterprise architecture.
  • The Control phase supports accountability. It involves monitoring and managing IT projects for cost, schedule, and performance parameters. Projects that deviate from their targets risk being reorganized, downsized, or entirely phased out.
  • The Evaluate phase supports both value creation and accountability. It is the evaluation of whether IT projects meet their intended performance goals. This provides lessons learned for future IT project selections and for controlling their steady progress, as well as holding accountable the project sponsor and team for their IT project.

>Portfolio Management and Enterprise Architecture

>

Enterprise architecture and portfolio management are closely linked activities. EA drives IT investment management (including the IT portfolio select, control, and evaluate phases) by conducting technical reviews of proposed new IT projects, products, and standards, and IT investment management provides important information updates to the EA (baseline, target, and transition plan).

In Architecture and Governance Magazine, Issue 3 Volume 2, Nuttall and Houghton provide an overall framework that goes “Beyond Portfolio Management to Comprehensive Application Governance.”

The framework includes three main areas and one supporting process area, as follows:

  1. Application and License Management (tactical)—“It manages the demand side and user requests, the contract and compliance aspects of determining the number of licenses that are contractually allowed, along with the projects that bring new products into the portfolio while retiring older products that have been removed. In many ITIL organizations, a help desk/service desk would handle the demand for applications, while the license management aspects are often assigned to the procurement and/or configuration management functions.”
  2. Application Portfolio Management (strategic)—“determines the appropriate mix of applications in the portfolio. It s highly dependent on the strategic business drivers for the corporation and includes: portfolio strategy development, optimization, and planning.” Portfolio strategy development determines the drivers and priority of those. Portfolio optimization determines the right mix of applications to support those goals. And portfolio planning determines the risks and constraints in implementing the portfolio, such as architecture, infrastructure, and resource constraints.
  3. Financial Management—“budget and forecasting, account management, and allocations management;” these enable the planning of what money is available for the portfolio and what money is spent for applications.
  4. Supporting Processes—other process areas that impact portfolio management include: “knowledge management, communications management, management reporting, architecture strategy, risk management, operational delivery, and support management.”

“One thing is certain, though, as technology continues to drive productivity, comprehension of application governance will become an even more essential step for companies wishing to manage their risks and costs while continuing to gain strategic value from their portfolios.”

I think this model is very helpful in decomposing the traditional definition of governance from the strategic functions of portfolio selection, control, and evaluation to the additional tactical, strategic, and financial aspects involved in managing it. Particularly, I believe it is useful to separate out the business demand (licenses, new systems and technologies) from the portfolio development and optimization (“the right mix” to satisfy user needs). Additionally, the breakout of financial management from the portfolio development is important in making the distinction between the roles of the Investment Review Board/Enterprise Architecture Board and the financial or resources group that actually budget and accounts for the funding aspect of IT spend.

Nuttall and Houghton do not go into any depth with the supporting processes, so these are presented as high level touch points or supporting processes without any particular explanation of how they support portfolio management and governance.

One critical item, the authors did not include, but should have included is the Systems Development Life Cycle, which take the IT portfolio and governs it from planning through analysis, design, development, testing, deployment, operations and maintenance, and ultimately to disposition. The success of moving systems projects through the SDLC will impact the make-up of future portfolio decisions.