Thursday, November 5, 2009

A National Offender - The Same Old Lessons Have Not Been Learnt

The Public Accounts Committee (PAC) have released their report on the The National Offender Management Information System (C-NOMIS) project.

The C-NOMIS project, originally expected to be delivered in January 2008 for £234 million, was stopped in August 2007 because costs had trebled. Astonishingly, £161 million had been spent but the National Audit Office was unable to determine what the money had been spent on. The scope and benefits have since been reduced and the project is now expected to cost £513 million and be delivered in 2011.
"The way the C-NOMIS project was managed and monitored was completely unacceptable. It is deeply depressing that after numerous highly critical PAC reports on IT projects in recent years, the same mistakes have occurred once again. We question the purpose of our hard work if Whitehall accepts all our recommendations but still cannot ensure a minimum standard of competence. In this report we make further recommendations for how other organisations can avoid the mistakes made on C-NOMIS through identifying risks, monitoring progress properly and taking action to mitigate risks as they emerge."
The Chairman, Edward Leigh, who has reviewed other out of control projects, most notably the NHS Connecting for Health Programme (aka NPfIT), started the proceedings by expressing his exasperation:
"I have had all this before and I just do not know whether there is any point really carrying on frankly...Why did these problems re-occur, the same old lessons have not been learnt; over ambitious, weak project management and all the rest."
The problem was that it was seen as an IT project rather than as a programme of IT-enabled business change and it was badly managed. An analysis by the National Audit Office of the underlying causes of the costs increases and delay indicated that C-NOMIS suffered from seven of the eight common causes of project failure - four in full and three in part.
"In scales of comprehensiveness of incompetence it is largely unmatched."
The recommendations from the report are fundamental to successful delivery of IT-enabled business change:
  • Major projects should be reviewed by senior management with sufficient rigour and scepticism to ensure that proposals are well-focused, realistic and take full account of uncertainties. "As usual it is key managers and what key managers do that makes a really big difference."
  • Do not wait for blame to follow failure. Ensure proper performance management at all levels.
  • A plan showing how business change and new IT are to be integrated should be upfront in the Full Business Case for all major IT projects.
  • The organisation's capacity to manage major projects should be assessed and, where appropriate, strengthened.
  • Monitor projects closely using reporting systems that are fit for purpose, based on actual evidence of performance.
  • Take swift and robust action when reviews, such as OGC Gateway reviews, identify concerns or shortcomings in the management or progress of a project.
  • Use existing guidance to avoid repeating the mistakes of the past.
  • Negotiate contracts to ensure suppliers match expenditure against deliverables.
  • Record and validate benefits and financial savings.
"Clearly this project was handled badly, it achieved poor value for money, many of the causes of delays and cost overruns could have been avoided. I could make some grand eloquent statement about how we never expect to see this happen again in the Civil Service but I suspect I would be wasting my breath." - Edward Leigh

Tuesday, October 27, 2009

How the Mighty Fall

Mark McDonald, in his article How CIOs can sense if their companies are getting ready to fall, draws on Jim Collins book, How The Mighty Fall: And Why Some Companies Never Give In, to provide some useful insight into how five stages of company decline manifests in leadership attitude and use of IT.

Collins' five stages of decline are:
  1. Hubris Born of Success.
  2. Undisciplined Pursuit of More.
  3. Denial of Risk and Peril.
  4. Grasping for Salvation.
  5. Capitulation to Irrelevance or Death.
McDonald maps these to five stages for IT:
  1. A breakdown of investment and technology management disciplines.
  2. Multiple and competing business unit initiatives pursuing more IT.
  3. IT budgets increase focus on current operations as support requirements consume resources. Executives begin to doubt the ‘value of IT’ as they challenge the need for costs that seem to be rising faster than revenues.
  4. Hope that a single integrated application system and infrastructure will erase systemic weaknesses. The silver bullet solution mobilizes IT resources and gives IT an apparent new relevance coming from the prior stage.
  5. Good talent moves on and there are challenges attracting and retaining market leading talent – leading to reduced expectations for IT.
According to one reviewer of Collins' book, the book does a particularly good job of describing dysfunctional leadership behaviors of companies in decline.

I think McDonald does a good job describing the stages of dysfunctional leadership in the use of IT.
"Senior management teams often question the value they get for their IT investments....which sustain - but do not improve - [business] performance. Among the many knee jerk management team responses to these frustrations, firing the CIO and outsourcing all of IT have emerged as perennial favourites. The problem with these two solutions is that, for most enterprises, they do not attack the cause of the problem - poorly designed IT governance, often with a corresponding lack of business leadership participation in the key IT decisions...If IT is not generating value, senior management should first examine its IT governance practices - who makes decisions and how the decision makers are accountable." - Weill & Ross, MIT Sloan School of Management, in their book "IT Governance", p147.

Thursday, October 1, 2009

Waltzing with the Elephant

Mark Toomey's latest newsletter is a good, easy to read summary of the major issue in getting value from IT; that business leaders must be engaged in directing and controlling their organisation’s use of IT to achieve their business goals. That is fundamentally what governance of IT is about.

The article refers to Sir Peter Gershon's address to the ISACA Oceania conference in Canberra, where the Elephant in the Room was identified in the context of public sector governance of IT but applies equally in business:
"Realising the dream of world class governance of IT in the public sector largely depends on the behaviour of those at the top."
The article goes on to explain why leadership in governance is needed; Directing and controlling the use of IT is part of the much bigger picture of directing and controlling the business.
"IT is an enabler of radical change. But, the mere act of buying or building an IT solution does not of itself deliver the change – a reality that has been proven again and again through the failures of projects where there seems to have been a delightfully na├»ve expectation that this would indeed be the case."
After reading the article I'm looking forward to reading Mark Toomey's new book, Waltzing with the Elephant.

Tuesday, September 29, 2009

Governance of Programmes and Portfolios for Strategic Success

Project management success does not mean project success. There is an important distinction:
  • Project management success occurs when the project deliverables are on-time, within budget and according to specification;
  • Project success, on the other hand, occurs when the overriding strategic benefits are realized - after all, this is the reason projects are undertaken.
A Cranfield University study reported in 2006 that only 27% of projects deliver intended benefits, supporting earlier studies that suggested that fewer than 10-20% of projects ever deliver the expected benefits and 30-40% of projects are implemented without any discernable benefits whatsoever.

The limitations of project management must be understood to understand why so many projects do not succeed. Two key limitations are that:
  1. Many benefits cannot be realized until after the project has ended yet benefits realization must be actively managed; and
  2. Project management methods were designed to address the development of new products or assets, not "soft" initiatives, such as as organizational, business process and behavioural change.
A research paper by Raymond Young, Paul O'Conner and Simon Poon, Goverance of Programmes and Portfolios for Stategic Success - Implications from a study of the State of Victoria, demonstrates these issues very well. The paper reports on the results of a study commissioned by the Victoria Auditor General's Office (VAGO) in Australia to evaluate the role of projects within the Victorian public sector and to evaluate the appropriateness of the Victorian Investment Management frameworks:
"The Victorian public sector was expected to be at the forefront of practice but the study suggested billions of dollars are invested in projects with few of the expected strategic benefits being realized."
For example:
"A 2009 VAGO audit of literacy and numeracy found that 10 years of effort by the Victorian Education Department had only lifted literacy in the early childhood years and numeracy had actually declined. There seems to be a similar pattern for Health services where waiting times appear to have remained either static or increased...Our conclusion is that although the Victorian Investment Management frameworks focus on benefits, the emphasis is to ensure an asset is aligned to a benefit rather than the actual realization of a benefit and there is no focus on realizing higher order strategic goals...The high level strategic goals have been clearly defined and relatively stable for at least 10 years. If one of the best performers did not have the tools to help it achieve its strategic goals, what are the implications for the rest of us?"
The paper asserts that the Victorian Investment Management frameworks, though considered to be world class, are inadequate for achieving strategic goals:
"Their strength is that they emphasize a portfolio approach to choosing projects and using benefits as the selection criteria for investment rather than simply focussing on on-time on-budget delivery. Their weakness is that they are directed mainly at asset investments and do not focus on soft-projects even though the majority of project expenditure appears to be on soft-projects...The crucial deficiency seems to the absence of meaningful linkages to programme management."
Furthermore, the paper suggests that the innovations with the most potential to increase project success rates (portfolio management, programme management and project governance) are still too immature to gain widespread adoption:
  • Project governance must be closer aligned with corporate governance principles so that top management provides the level of engagement projects need to succeed and have assurance that key governance issues are being addressed.
  • Programme management has more potential to deliver strategic benefits but requires more flexibility to support strategic thinking and enable top management and programme management to engage in appropriate levels of questioning, feedback and dialogue.
  • Portfolio management must be linked to programme management because strategic outcomes can only be achieved when a whole programme of change is undertaken (the programme then selects the individual projects that will contribute to outcomes).
This has significant implications for organizations that are counting on project management or project portfolio management to achieve IT project success. They need to consider how they will address these issues.

Val IT provides helpful guidance for the governance of IT investment portfolios. It is a coherent approach that can be used to complement existing practices and provides a set of principles, processes and practices for addressing the issues discussed here.

Saturday, August 29, 2009

Leadership is seriously absent in governance

I gave a presentation to the NZ SAP User Group meeting this week. My topic was IT Value Management and my objective was to present the case for managing value from IT, rather than just managing IT, and to show the behaviours needed to achieve it and why this must start at the top.

Research by MIT's Center for Information Systems Reseach identified how firms successfully drive value from the use of IT and generate returns on their IT investments that are up to 40 percent greater than their competitors. These IT savvy firms have three obsessions:
  1. Fixing what’s broken about IT. Behind a spaghetti IT architecture is a broken accountability framework and decision-making model (in other words, governance). There must be agreement and commitment on how the organization will operate and how resources will be focussed on enterprise initiatives rather than product silos. This determines the high level requirements for a digitized platform.
  2. Building a digitized platform that standardizes and automates core data and processes. They start by identifying what is not changing and can be reused over and over again.
  3. Exploiting the platform for profitable growth. Executive leadership leads organizational change to drive value from the new asset (the digitized platform).
For more about this, check out Weill & Ross' outstanding book for C-level executives, IT Savvy: What Top Executives Must Know to Go from Pain to Gain. (Businesses should hope their competitors do not read this book.)

On the eve of my presentation, a timely news article aired on national television that New Zealand’s governance bodies are increasingly out of touch with the organisations they are meant to guide. Dr Liliana Erakovic, of the University of Auckland Business School, says her studies on board processes and practices shows New Zealand has a problem with some under-achieving governors who are not prepared to offer leadership.
"Even more concerning is the lack of knowledge and understanding of major customers/suppliers, company dynamics, organisational processes and practices, staff and users within organisations - along with the absence of passion and some governors juggling too many board positions to be effective,"she says.
Contrast this with the three obsessions of IT savvy firms and you can see that under-achieving boards are a major barrier to a firm becoming IT savvy. Dr Erakovic's conclusions help explain the difficulty we have getting the subject of IT value management on the board agenda.
"Boards should be actively involved in the strategy formation of that organisation, yet many governors don’t know enough about the organisation and its major stakeholders, and are not active in enquiring about more information – sometimes because they simply don’t think it is their job to ask for information outside the board papers," says Dr Erakovic.
Strategic IT direction is a board responsibility. The Val IT governance framework provides useful guidance for boards and it can even be used to improve an organization's overall governance processes.
Behaviours must change at the highest levels if firms can ever hope to leverage IT to outperform their competitors. Strong, leadership commitment to strategic governance is needed to:
  • Align IT decisions with business objectives so that the right investments are selected and managed throughout their full economic life-cycle;
  • Monitor the performance of the IT portfolio;
  • Ensure clear accountability for achieving benefits and the requisite business and IT-enabling changes.

Wednesday, August 5, 2009

News on ISACA's Value of IT Investments survey

Pick more winning IT investments and get the story straight from the horse's mouth, as it were:

ISACA have just issued their news release, Nine-country ISACA Survey: Two-thirds of Companies Not Fully Measuring IT Value, Neglecting Competitive Advantage, about the survey I mentioned in my post yesterday, Businesses failing to capture IT value.

The good news is that 76 percent of the survey respondents are aware of the Val IT framework.

The bad news is that only 44% have some kind of framework or guidelines in place to select the investment that will result in the highest value. What do the remaining 56% do? Even seasoned gamblers have a system.

Tuesday, August 4, 2009

Businesses failing to capture IT value

In this recent NBR article, which refers to a survey by ISACA and quotes John Thorp, one can identify at least five key issues that are preventing organizations from realizing value from their information system (IS) and information technology (IT) investments:
  • The failure to establish a shared understanding of what constitutes value across the enterprise.
  • The failure to focus on and measure the realization of benefits.
  • The failure of business stakeholders to own the realization and measurement of benefits, and assign appropriate accountability for the changes needed to realize the benefits.
  • The failure to adopt effective value delivery practices, such as Val IT, to manage IT-enabled investments as a portfolio of investments, to include the full scope of activities required to achieve business value, and to manage investments through their full economic life-cycle.
  • The failure of boards and CEOs to accept accountability for the performance of their value delivery practices.
Organizations that persist with current value delivery practices cannot reasonably expect to achieve value from their IT-enabled investments, except by chance. In fact, they would problably do better if they gambled the investment in a casino! (A Cranfield Univerity study of the IS investment processes of large companies found that just 27% of projects delivered the benefits that justified the investment. This statistic has remained largely unchanged in 30 years despite the advancements in technology and IT professional practices - the things that IT can control.)

Introducing effective value management requires commitment to a change in behaviour and it is needed from the very top. John Thorp has more to say about this in his blog, Managing Change - The key to Delivering Value: "Individual board members and executives are being asked to change their behaviour – behaviour that they may feel has served them well in the past."
"It is difficult to get a man to understand something when his salary depends upon his not understanding it." - Upton Beall Sinclair, Jr. American novelist and polemicist, 1878-1968

Wednesday, July 15, 2009

Business Analysts need to address BPM problems

BPTrends' latest e-mail advisor, written by Paul Harmon, highlights some problems with multiple meanings of the term Business Analyst. He suspects that most people really mean "Software Analyst", that is someone that stands between IT and business users, translating user requirements into software requirements.

Harmon points out that this view is somewhat reinforced in Version 2.0 of the Business Analysis Body of Knowledge (BABoK), in that it basically defines how a Business Analyst should go about defining the business problems that are to be automated.

I have found this traditional role is often an unwitting accomplice for business managers that subscribe to the Magic Bullet Theory of IT. These managers overlook the feasible improvements to processes and procedures that would minimize the costs of developing and providing ongoing support for software and, furthermore, the obedient Business Analyst helps them with the specifications of the gun and to broker the arms deal!

This role of intermediary between the business and IT is not what is needed in the future. Harmon quotes, Thomas Volmering, the SAP Product Manager who coined the term Business Process Expert (BPx):
"As companies focus more on business processes, they will need individuals who can help their organizations with all of the various problems that are joined under the term Business Process Management."
Harmon uses the term "Business Process Practitioner" to describe the range of skills needed to address BPM problems and really change the way organisations operate:
  • Defining processes, eliminating activities that don't add value and straightening out the flow of the activities.
  • Analyzing employee performance, defining jobs and structuring training to support performance.
  • Establishing and aligning measurement systems and evaluating how managers plan and control the processes they manage.
  • Determining how business policies are implemented in business rules.
  • Understand why processes work or don't work from the information available, the feedback people get, and the incentives and bonuses that structure employee and managerial behavior.
  • Analysing customer needs and the processes customers go through to interact with an organization.
The traditional Business Analyst role of defining processes and specifying requirements for automation is still important, but will not provide "a complete tool set" to really help organisations look beyond IT solutions to address the major problems with their business processes.

To be effective this role should be located in a Centre of Excellence, apart from the IT function, providing expert advice and support to senior executives and business process owners in shaping value creating processes.

Paul Harmon is Executive Editor and Founder of BPTrends, author of Business Process Change, and participated in the development of the International Institute of Business Analysis'(IIBA) Business Analysis Body of Knowledge (BABoK).

Friday, July 10, 2009

Leveraging the Value of IT in Good Times and Bad

John Thorp's article, Leveraging the Value of IT in Good Times and Bad, published in and discussed in his blog today, describes how between 20%-30% of current and new expenditures can be reduced or curtailed and the potential value of investments increased by two to three times. John's advice is for all business leaders:
  • IT can no longer be managed as a black box because IT is now entwined in the business processes that make up an organisation's value chain and investments are not about IT but about change;
  • Effective governance is needed to make the right decisions concerning investment in IT-enabled change, manage those investments throughout their full lifecycle so that they continue to create and sustain value, and letting go the ones that won't;
  • ISACA's Val IT practices for value governance, portfolio management and investment management can be used selectively to improve the quality of decisions and reduce risk.
Val IT 2.0 is a new framework with supporting publications addressing the governance of IT-enabled business investments (see Getting Started With Value Management).

John Thorp is President of The Thorp Network (, author of The Information Paradox, and Chair of Val IT™ Steering Committee for ISACA.

Thursday, July 9, 2009

The Business Case for implementing IT governance frameworks

Organizations that effectively implement IT governance frameworks achieve their IT and business goals more frequently, according to a recent study of 538 organizations worldwide by the IT Alignment and Governance Research Institute of the University of Antwerp (ITAG).

The study was commissioned by ISACA to explore and demonstrate the business value of implementing the COBIT and Val IT frameworks.

Implementing these frameworks is perceived as costly and complex but the research shows that it does ultimately create business value. This study revealed that:
  • A strong, positive relationship exists between the implementation status of COBIT and Val IT processes and the achievement of IT goals - the more complete the implementation of these processes, the higher the achievement of IT goals
  • A strong, positive relationship exists between the achievement of IT goals and the achievement of business goals - the higher the achievement of IT goals, the higher the achievement of business goals.
These strong, positive relationships would also imply that the opposite is true, so not implementing these frameworks across the enterprise is likely to have an adverse effect on business performance.

ISACA's executive briefing on the study, Building the Business Case for COBIT® and Val IT™, can be downloaded from

Tuesday, June 23, 2009

NHS Gateway Reviews damn £13bn IT decisions

This article in Computerworld provides a link to the UK NHS website, which has decided to publish the OGC Gateway reviews of the NHS National Programme for IT (NPfIT). NPfIT is 4 years late and £10bn over original budget. Edward Leigh, Chairman of the Public Accounts Committee for the House of Commons once said, "This is the biggest IT project in the world and it is turning into the biggest disaster.”
These Gateway reports highlight many of the common challenges facing most programmes and provide valuable lessons, most significantly the folly of departing from best practice.
From the very start, the first review in 2002, and the subsequent review in 2004, identified the significant concerns and provided best practice recommendations that would fundamentally determine the success or failure of the programme:
  • The capability of the organisation to manage and run a large scale change programme; the ability to manage widespread IT driven change; and the capability to manage procurement on a scale unprecendented in history.
  • The degree of business change not being reflected into the way the programme was structured, the level of engagement with stakeholders, and into the level of planning.
  • Overly complex thinking in important areas such as procurement, design and implementation rather than building one piece at a time.
  • Unfocussed effort
  • Uncertainty and complexity over the implementation and change management costs
  • Lack of engagement and the need to secure the buy-in of the clinicians and managers who will use and exploit the systems when they arrive
In 2004 there were additional concerns that:
  • The guidance represented by the NAO/OGC Common Causes of Failure were not being satisfied in full
  • The Senior Responsible Owner (the Director General for IT) did not have the responsibility, ability or authority to ensure that the business processes/change and business benefits are delivered [he subsequently took the fall for this ill-conceived programme]
  • There was still a lack of engagement with the hearts and minds of clinicians and staff
  • The absence of a coherent and practical benefits strategy creating a serious risk of deferring benefits once the IT systems have been successfully delivered
  • A lack of clarity regarding the organisational structure that would address these problems
Some of the key recommendations were that:
  • Key stakeholders should participate in the business design work and development of the outline implementation plan
  • The management structure should better reflect the reality of how the programme will have to be managed as the emphasis moves from IT procurement to service implementation and benefit delivery [in other words IT should not have been leading this programme]
  • Instructions and incentives be explicitly integrated and coordinated with the performance management regime to ensure it receives appropriate priority
  • A rigorous review is conducted of the programme as a whole against the NAO/OGC Common Causes of Failure
  • A coherent and practical strategy for benefit realization be promulgated
When you compare the Gateway recommendations to the findings in the report to the House of Commons, NPfIT: Progress since 2006, it is interesting to note that few of the recommendations were implemented.
It is so important to have these independent Gateway reviews for large government programmes. It is even more important to implement their recommendations.

Monday, June 22, 2009

Recession causes rising IT project failure rates?

According to an article in CIO, Jim Johnson, the chairman of The Standish Group, says the recession is causing an increase in IT project failure rates. The Standish Group's latest report, CHAOS Summary 2009, reported a marked decrease in project success rates:
  • 32% of all projects succeeded, i.e. delivered on time, on budget, with required features and functions [this is the Standish definition of success, which unfortunately perpetuates the focus on delivery of technology rather than benefits. For more about the problem with this definition refer to John Thorp's blog];
  • 44% were challenged, i.e. late, over budget, and/or with less than the required features and functions; and
  • 24% failed, i.e. cancelled prior to completion or delivered and never used.
In the CIO article, Johnson gives these reasons:
  1. "People are more prepared to cancel projects than they have been in the past. When they see a project that's not going well, they have more political clout to cancel it and move on." Johnson admits this is a good thing, but he still counts it in the failure statistics.
  2. Staff reductions within IT departments and other project stakeholders taking on increased workloads.
  3. Risk aversion that has led organizations to "overemphasise compliance and governance - to such an extent that too many checks and balances are slowing down projects. And the longer a project takes the more likely it is to fail."
Unfortunately the article does not mention the critical role of good governance to achieving success. Research by Weill & Ross, of the MIT Sloan School of Management, concluded that, "Effective IT governance is the single most important indicator of the value an organization generates from IT."

Good governance enables good decision making. This does not mean bureaucratic processes, which do not enable good decision making.

Killing a project that is no longer viable is a good thing. It is a success for good governance. Busy executives can manage by exception if they have an up to date business cases on which they can make the right decisions. Projects should be governed this way, otherwise they will truck on and fail spectactularly with a huge commitment of resources and lost opportunities.

Not understanding what resources are needed to deliver strategic objectives and not understanding and prioritising their commitments will result in poor cost cutting decisions and create unbalanced and unsatisfactory workloads for remaining staff, thus threatening the organization's ability to deliver key strategic projects.

Good governance has oversight over the whole portfolio of projects, and manages resources and risks (including the impact of the economy) appropriately.

The article states that too many checks and balances are slowing down projects. It is bureaucracy and an immature approach to governance processes that slows down projects. This should not be confused with good governance, which will result in more speed in the long run:
  • Good governance over the whole portfolio of projects leads to good decision making about which projects will result in optimal value being achieved, at an affordable cost and an acceptable level of risk.
  • Good governance over individual projects leads to good decisions about the viability of projects. The business case is enabling, it allows good projects to continue so long as they can achieve their objectives within the stated parameters of the business case and stops as soon as it is apparant the business case will not be achieved.
Organizations are often able to invest huge amounts of resource in starting or rescuing ill-conceived projects.

If only these organizations would put this time into establishing the right governance structures, processes and leadership, to do the right projects the right way in the first place.

Refer to ISACA's Val IT framework for a best practice framework and supporting publications to address the governance of IT-enabled business investments.

Saturday, June 20, 2009

The Conundrum of IT Management

I found a very good paper entitled "The Conundrum of IT Management" by Professor Joe Peppard, the Chair in Information Systems at Cranfield School of Management and one of the expert reviewers of the Val IT Framework. His paper succinctly explains why CIOs find it difficult to generate business value from IT investments and why organizations must not seek to merely manage IT but manage the delivery of business value through IT - "a subtle but profoundly different objective."

The paper compares the portrayal of the IT function as an island, separated from the rest of the organisation, to an island off the coast of North America: California. In 1705, Father Eusebio Kino sparked a raging fire of criticism by publishing a map showing it as part of the North American mainland. King Ferdinand of Spain, in 1747 eventually stepped in and declared, "California is not an island." Even the King couldn't change some minds though; DeVaugandy's maps of 1770 show California sitting off the coast of North America.

Prof. Peppard asks, "Is the orthodoxy that hindered the recognition that California as an island a reflection of the same myopia that is affecting how organizations currently choose to manage IT?" Research clearly indicates that IT cannot be managed as an island but must be fully integrated with the mainland. "Are managers navigating from a map that clearly is erroneous, but for whatever reason they still chose to follow despite all the evidence that it is inaccurate?"
"IT specialists can build the technical infrastructure and systems, but can never deliver the changes in organization processes, work practices and business models that will ultimately see the creation of business value."

"The key challenge they face is marshalling resources and people that are not under their direct control yet are fundamental to the delivery of business value. One CIO summed up this quest as "fighting against the tide" – attempting to come ashore but being pushed back by more powerful forces."

"In posing the question, 'how can the management of IT be improved', the solution inevitably leads down a route that is inappropriate. The task is not to 'manage IT', but to understand the role that IT can play in the production of business value and to therefore manage the delivery of this value through IT. "

"Focusing improvement efforts within the IT function and is premised on a belief that "the problem" lies there. However, in posing the question as to how the value the organization derives through IT can be improved leads to an altogether different response."
Prof. Peppard points out that the genesis of this problem can be traced back to how organisations have been structured and managed into functional silos, though a process-oriented approach would better capture how the work is actually performed.

Research by Cranfield University's Information Systems Research Centre identified six information competencies that all organizations must possess if they are to have any chance of IT investments delivering value:
  1. Business Strategy: Creating and communicating strategy for the organization and defining the role of IT;
  2. Defining the Information Systems Contribution (IS Strategy): Translating business strategy into processes, information and system investments and change plans that match the business priorities;
  3. Defining the IT Capability (IT Strategy): Translating business strategy into long term information architectures, technology infrastructure and resourcing plans that enable the implementation of the strategy;
  4. Supplying IT: Creating and maintaining an appropriate and adaptable information, technology and application supply chain and resource capacity;
  5. Delivering Solutions: Deploying resources to develop, implement and operate IS/IT business solutions, which exploit the capabilities of the technology;
  6. Exploiting IS/IT Investments: Maximizing the realization of benefits through the effective use of information, applications and IT services.
"Seeking to improve the performance of the IT function is likely to achieve little. A central question must be, how do you begin to develop these six competencies?

"For far too long 'IT' has not only been portrayed as an island, but also managed as one; at many organizations it has been designed and positioned as such."
The paper's key points are:
  • Traditional organizational structures, authority patterns, processes and mindsets make IT difficult to manage and actually contribute to the IT-business divide
  • The knowledge resources needed to successfully deliver value are distributed throughout the organization, presenting a challenge for the CIO for its integration and coordination.
  • With the CIO having little or no jurisdiction over all required knowledge, its deployment will therefore be fragmented
  • The conundrum of IT management is how to generate value through IT without having access and authority over necessary resources.
  • To deliver value from their organization’s IT investment, more engagement is needed from executives and users from right across the organization. [I suggest, it would be helpful not to wait 42 years for an edict from the King to reinforce this.]
  • CIOs are attempting to influence people and decisions as well as encourage involvement and actions that do not fall into their realm of authority and are wrestling with aspects of the organization that can encourage behaviours contrary to creating value.
"IT is not an island, but a part of the mainland. Until this fact is acknowledged and recognized on the organizational map, organizations will continue to struggle to generate value through IT. Equally, the challenge is not to manage IT, but to generate value through IT." - Professor Peppard.

Wednesday, May 27, 2009

Best Practice in a Recession

View this workshop by Andy Murray, the Lead Author of PRINCE2:2009, at Project Challenge Spring 2009.

Andy explains why Best Practice in Portfolio, Programme, Project and Risk Management (P3RM) applies, whether in a recession or a boom, and how to embed it.

Boards and executives need to know:

  • How each project contributes to strategic objectives
  • The likelihood of achieving the expected benefits
  • The remaining cost of each project
  • The earliest and latest completion time for each project
  • Exposure to risk
  • Resource capacity to deliver the portfolio
  • The impact on the achievement of strategic objectives if any single project was cancelled, deferred, slowed down or accelerated

Sunday, April 19, 2009

Forging better ties with IT

I have just read Susan Cramm's excellent blog on Forging Better Ties With IT. She asks business leaders two very important and challenging questions. The first question is, "Are you a customer or partner of IT?"

Your answer will determine how effective your organisation can be in serving your customers.

The answer of course should be "partner." In the words of Susan, "IT only has one customer — and that is the customer who buys the company's products and services." Serving this customer requires an effective IT-business partnership to find win-win solutions that can be sustained and return optimal value over the long-term.

I suggest business leaders who answered "customer" are not:

  1. Treating IT as an organisational asset and considering the needs of all stakeholders to find win-win solutions that enhance, rather than undermine, this asset
  2. Involving IT early enough in planning and decision making so that business and IT plans and resources can be aligned (supporting point 1 by doing the right things the right way)
  3. Wanting to commit their very busy staff and resources to ensure successful outcomes but prefer to commit very busy IT staff (all resources are over stretched due to point 2)
  4. Accepting accountability for the outcome of this approach - it is easier to transfer the responsibility for the business case and risks to IT (also the blame when it doesn't work, which is common due to points 1-3)
For 50 years the IT function has actively sought ways to align with the business and cope with increasing complexity as technology has rapidly evolved and pervaded business processes - processes that, usually, the business cannot describe, do not understand and don't know how to improve. 
Meanwhile business leaders are engaging with IT how they were 50 years ago and expecting a different result.
"The onus for strengthening the IT-business partnership is on line leaders...IT has done pretty much everything they know how to do. Unless business leaders commit to forging a better partnership with IT, whatever IT is today, it will still be tomorrow." 
See Susan's blog, Can the IT-Business Marriage Be Saved? for more on this.

Susan closes with the even more important and challenging question for business leaders: "What are you doing to forge a productive partnership with IT?"

Tuesday, March 31, 2009

Alignment perspectives

In my conversations with business managers and IT managers, the subject of the divide between business and IT often comes up. Business managers often have no idea why IT is working on someone else's project and not theirs, or taking too long and still not meeting their expectations, and wonder why IT can't be outsourced. IT managers are asking why the business managers don't have to agree on what is important, don't take an organisational view and get rewarded for making departmental efficiencies at the expense of other departments in the value chain (usually IT), are not held accountable for realising the benefits stated in shoddy, forgotten business cases, and continue to blame IT.

Both sides despair about the wasted opportunities and point the finger but nothing changes. These are symptoms of weak or flawed organisational governance, which is necessary to effect binding improvements in aligning both the business and IT toward the creation of real value and the achievement of the organisation's goals.

Governance drives alignment, which in turn drives the creation of value. 

Commitment and a structured approach to governance at the highest levels is required to continually drive the alignment of business and IT across various dimensions:
  • Strategy and goals
  • Processes and operations
  • Portfolios of plans
  • Resources and budgets
  • Organisational structures, behaviours, and rewards
  • Performance measurement
  • Risk management
  • Benefits realisation
  • Decision making and lines of accountability.
A useful frame of reference for starting discussion with business and IT managers and creating awareness of alignment opportunities and challenges, and the need for sound governance to ensure continual alignment of these dimensions, is Venkatraman's Strategic Alignment model.

Venkatraman's model recognises that value from IT investments cannot be achieved if the strategies of the business and IT do not align and if there is no dynamic process to ensure continual alignment.

The model illustrates four alignment perspectives:
  1. Strategy Execution - How will business strategy drive organisational design and change, and how will IT infrastructure and processes need to support that?
  2. Technology Potential - How will business strategy drive IT strategy, to that the required IT infrastructure and processes can be determined?
  3. Competitive Potential - How will IT trends and capabilities influence or transform the business model and operations?
  4. Service Level - How to build IT capability to support fast changing demands of end-users?
The model is useful when aligning strategies by opening minds to the various alignment perspectives and considerations. It becomes even more useful when managers use it to drill down to understand what that means and what changes will be needed in the various dimensions for business and IT.

Friday, February 27, 2009

4 Steps to IT Alignment

Check out Hank Marquis' presentation, 4 Steps to IT Alignment, on managing IT operations based on business value to help address four of the perennial top 10 IT management goals:
  1. Aligning with the business
  2. Controlling costs
  3. Improving quality
  4. Balancing resource allocation
Business Services Management (BSM) is a term used to focus IT Service Management (ITSM) initiatives on business value. "BSM is a mindset not a product set" according to Peter Armstrong, BMC, the man who is attributed to inventing the term. I like the term BSM because of its business orientation, which is a key aspect of the approach outlined in this presentation.

Hank's recommended approach is:
  1. Define the customer facing services with the customer, in customer terms, the supporting resource facing services, and understand the business case for each service (Hank refers to the SID/eTOM model)
  2. Get the customer to value and prioritise the (customer facing) services in terms of risk to the business, taking into account confidentiality, integrity and availability (refers to CRAMM)
  3. Measure service quality starting with the most important service (refers to SERVQUAL)
  4. Justify projects in terms the business understand and follow best practice.
Keep in mind the term "IT alignment" in this presentation is about aligning IT services with business needs. This presentation is not about aligning IT strategy with business strategy or about aligning the portfolio of IT-enabled investments with business and IT goals and the business's role in this, so this approach alone is not sufficient to achieve alignment of the whole IT portfolio, but it is a good approach for getting your ITSM initiatives in tune with the business.

Saturday, February 21, 2009

District Health Board software push

I read with interest an article in New Zealand's Computerworld about the NZ Health IT Cluster’s questioning of a Request For Information (RFI) issued by seven District Health Boards (DHBs) for a single patient management system and citing the challenged NHS NPfIT project as a reason to be cautious of this approach.

A point overlooked in this debate is the role of effective governance in the health sector. The article points out that there has been a failure to achieve interoperability through architectural standards, that the RFI is pre-empting the update of the national health IT strategy, and that a single IT system is already deemed to be the only solution– these are significant governance issues. What is going to be done differently to ensure that health sector, or even the DHB collective’s, IT-enabled initiatives will be successful in creating (and not eroding) ongoing value?

Reading the background on the RFI, it is very clear that the health boards place an emphasis on an IT solution, rather than how IT will be used, to deliver benefits. In the absence of sound governance, will anyone even be held accountable for realizing the claimed benefits? Experience and research has proved time and time again that technology is only part of the equation and that desired outcomes can only be achieved with full consideration of the required changes to the business model, business processes, organisational structures and culture, the way people work, and the involvement and commitment of all stakeholders. These are the areas where DHB collaboration must occur and it must be addressed as part of a whole programme of change within a structured and integrated governance framework.

Typically IT drives these initiatives when the clinicians won’t and that should be seen as a red flag — just as it was for the ill-conceived NHS NPfIT project. IT has the potential to improve health care but IT alone will not solve the problem of adoption. A survey found that only 62% of doctors think NPfIT will improve patient care and only 20% of consultants had a card to use electronic records. A US survey of physicians' adoption of outpatient electronic health records found only 13% adoption rates. How can the claimed benefits be achieved given these adoption rates?

Research by the IT Governance Institute is very clear on how organisations successfully create value from investments in IT-enabled change – there is:

  • Strategic, leadership-sponsored commitment to IT governance—to align IT decisions with business objectives and to monitor performance with clear accountability for achieving benefits
  • Recognition that IT is not just about implementing technology—it is about unlocking IT-enabled business change
  • A structured approach to the governance of IT-enabled investments, based on proven practices for doing the right things, the right way, getting them done well and getting the benefits.

Wednesday, January 7, 2009

The Information Paradox

John Thorp's book, "The Information Paradox", is about the conflict between widely held belief that investment in IT is a good thing and the reality that this, all to often, cannot be demonstrated. My own experience as a CIO affirms the challenges and experiences described in the book. It gives valuable insight into what needs to change to realize value from IT investments and how to go about it. The book describes the Benefits Realization Approach in terms of three fundamentals and three necessary conditions aimed at changing the way people think and manage. It extends this approach with the concept of Enterprise Value Management to stress that the major effort and challenge that organisations must face is implementing not technology but change.

The three fundamentals of the Benefits Realization Approach are:

  • a shift from project management to program management to produce clearly identified business results;
  • a shift from free-for-all competition for resources to disciplined, strategic portfolio management; and
  • a shift from traditional methods of tracking project delivery to full cycle governance to turn concepts into realized benefits.
The three necessary conditions are:

  • activist accountability that includes the concept of ownership;
  • relevant measurements linked to contribution to outcomes and to lines of accountability;and
  • proactive management of change that is visibly led by senior management.
This book was a key source for many of the concepts used in the IT Governance Institute's Val IT framework.

I suggest these works support another paradox: the conflict between the widely held belief that IT alone is responsible for achieving value from IT investments and the reality that 80% or more of the change needed to achieve this value rests with those who hold this view.

Some hard hitting quotes below from the book demonstrate the challenges faced by CIOs:

"Management thinking has failed to understand the implications of the evolving role of IT in business and how critical IT decisions will affect elements of the overall business system beyond technology."

"The persistence of the industrial-age mind-set leads to what we call 'silver bullet thinking' about the capabilities of IT - and, more specifically, about the power of IT alone to deliver business results. Organisations rush to purchase IT 'silver bullets' in the form of customised business solutions, enterprise application packages and other ready-to-wear IT solutions in the naive belief that they come neatly packaged and stamped benefits inside.' ... the magic bullet theory does not tell us who should aim and fire the gun."

"An industrial-age management practice that encourages silver bullet thinking is the use of one-off business cases to support IT investment decisions."

"Another facet of silver bullet thinking is that most, if not all, of the delivery and implementation focus is on the IT project, with blind faith that any other required changes will fall into place."

"Decisions are generally made in the environment of a competitive free-for-all among stand-alone IT projects, each championed by an executive sponsor interested in pushing his or her pet project....the result is that too many IT decisions are made with no greater chance of success than the average gambler in a casino."

"Tough questioning is critical to get rid of silver bullet thinking and lose the industrial-age mind-set that is proving extremely costly to organisations."

"Senior business sponsors must take ownership of the program and accept clear accountability for delivering benefits."

"... in the case of enterprise application packages, our experience suggests that of the work involved in delivering benefits, 80 to 95 percent lies in the areas of organisation, processes and people - on the business side."

"CIOs will have to leave behind some familiar roles - like chief magician of information technology, and honourable head scapegoat!"

"Business sponsors must join CIOs in leaving behind some outdated roles...that of senior cheerleader, who waves magic pompoms internally as the IT team performs more miracles."