Tuesday, June 23, 2009

NHS Gateway Reviews damn £13bn IT decisions

This article in Computerworld provides a link to the UK NHS website, which has decided to publish the OGC Gateway reviews of the NHS National Programme for IT (NPfIT). NPfIT is 4 years late and £10bn over original budget. Edward Leigh, Chairman of the Public Accounts Committee for the House of Commons once said, "This is the biggest IT project in the world and it is turning into the biggest disaster.”
These Gateway reports highlight many of the common challenges facing most programmes and provide valuable lessons, most significantly the folly of departing from best practice.
From the very start, the first review in 2002, and the subsequent review in 2004, identified the significant concerns and provided best practice recommendations that would fundamentally determine the success or failure of the programme:
  • The capability of the organisation to manage and run a large scale change programme; the ability to manage widespread IT driven change; and the capability to manage procurement on a scale unprecendented in history.
  • The degree of business change not being reflected into the way the programme was structured, the level of engagement with stakeholders, and into the level of planning.
  • Overly complex thinking in important areas such as procurement, design and implementation rather than building one piece at a time.
  • Unfocussed effort
  • Uncertainty and complexity over the implementation and change management costs
  • Lack of engagement and the need to secure the buy-in of the clinicians and managers who will use and exploit the systems when they arrive
In 2004 there were additional concerns that:
  • The guidance represented by the NAO/OGC Common Causes of Failure were not being satisfied in full
  • The Senior Responsible Owner (the Director General for IT) did not have the responsibility, ability or authority to ensure that the business processes/change and business benefits are delivered [he subsequently took the fall for this ill-conceived programme]
  • There was still a lack of engagement with the hearts and minds of clinicians and staff
  • The absence of a coherent and practical benefits strategy creating a serious risk of deferring benefits once the IT systems have been successfully delivered
  • A lack of clarity regarding the organisational structure that would address these problems
Some of the key recommendations were that:
  • Key stakeholders should participate in the business design work and development of the outline implementation plan
  • The management structure should better reflect the reality of how the programme will have to be managed as the emphasis moves from IT procurement to service implementation and benefit delivery [in other words IT should not have been leading this programme]
  • Instructions and incentives be explicitly integrated and coordinated with the performance management regime to ensure it receives appropriate priority
  • A rigorous review is conducted of the programme as a whole against the NAO/OGC Common Causes of Failure
  • A coherent and practical strategy for benefit realization be promulgated
When you compare the Gateway recommendations to the findings in the report to the House of Commons, NPfIT: Progress since 2006, it is interesting to note that few of the recommendations were implemented.
It is so important to have these independent Gateway reviews for large government programmes. It is even more important to implement their recommendations.

Monday, June 22, 2009

Recession causes rising IT project failure rates?

According to an article in CIO, Jim Johnson, the chairman of The Standish Group, says the recession is causing an increase in IT project failure rates. The Standish Group's latest report, CHAOS Summary 2009, reported a marked decrease in project success rates:
  • 32% of all projects succeeded, i.e. delivered on time, on budget, with required features and functions [this is the Standish definition of success, which unfortunately perpetuates the focus on delivery of technology rather than benefits. For more about the problem with this definition refer to John Thorp's blog];
  • 44% were challenged, i.e. late, over budget, and/or with less than the required features and functions; and
  • 24% failed, i.e. cancelled prior to completion or delivered and never used.
In the CIO article, Johnson gives these reasons:
  1. "People are more prepared to cancel projects than they have been in the past. When they see a project that's not going well, they have more political clout to cancel it and move on." Johnson admits this is a good thing, but he still counts it in the failure statistics.
  2. Staff reductions within IT departments and other project stakeholders taking on increased workloads.
  3. Risk aversion that has led organizations to "overemphasise compliance and governance - to such an extent that too many checks and balances are slowing down projects. And the longer a project takes the more likely it is to fail."
Unfortunately the article does not mention the critical role of good governance to achieving success. Research by Weill & Ross, of the MIT Sloan School of Management, concluded that, "Effective IT governance is the single most important indicator of the value an organization generates from IT."

Good governance enables good decision making. This does not mean bureaucratic processes, which do not enable good decision making.

Killing a project that is no longer viable is a good thing. It is a success for good governance. Busy executives can manage by exception if they have an up to date business cases on which they can make the right decisions. Projects should be governed this way, otherwise they will truck on and fail spectactularly with a huge commitment of resources and lost opportunities.

Not understanding what resources are needed to deliver strategic objectives and not understanding and prioritising their commitments will result in poor cost cutting decisions and create unbalanced and unsatisfactory workloads for remaining staff, thus threatening the organization's ability to deliver key strategic projects.

Good governance has oversight over the whole portfolio of projects, and manages resources and risks (including the impact of the economy) appropriately.

The article states that too many checks and balances are slowing down projects. It is bureaucracy and an immature approach to governance processes that slows down projects. This should not be confused with good governance, which will result in more speed in the long run:
  • Good governance over the whole portfolio of projects leads to good decision making about which projects will result in optimal value being achieved, at an affordable cost and an acceptable level of risk.
  • Good governance over individual projects leads to good decisions about the viability of projects. The business case is enabling, it allows good projects to continue so long as they can achieve their objectives within the stated parameters of the business case and stops as soon as it is apparant the business case will not be achieved.
Organizations are often able to invest huge amounts of resource in starting or rescuing ill-conceived projects.

If only these organizations would put this time into establishing the right governance structures, processes and leadership, to do the right projects the right way in the first place.

Refer to ISACA's Val IT framework for a best practice framework and supporting publications to address the governance of IT-enabled business investments.

Saturday, June 20, 2009

The Conundrum of IT Management

I found a very good paper entitled "The Conundrum of IT Management" by Professor Joe Peppard, the Chair in Information Systems at Cranfield School of Management and one of the expert reviewers of the Val IT Framework. His paper succinctly explains why CIOs find it difficult to generate business value from IT investments and why organizations must not seek to merely manage IT but manage the delivery of business value through IT - "a subtle but profoundly different objective."

The paper compares the portrayal of the IT function as an island, separated from the rest of the organisation, to an island off the coast of North America: California. In 1705, Father Eusebio Kino sparked a raging fire of criticism by publishing a map showing it as part of the North American mainland. King Ferdinand of Spain, in 1747 eventually stepped in and declared, "California is not an island." Even the King couldn't change some minds though; DeVaugandy's maps of 1770 show California sitting off the coast of North America.

Prof. Peppard asks, "Is the orthodoxy that hindered the recognition that California as an island a reflection of the same myopia that is affecting how organizations currently choose to manage IT?" Research clearly indicates that IT cannot be managed as an island but must be fully integrated with the mainland. "Are managers navigating from a map that clearly is erroneous, but for whatever reason they still chose to follow despite all the evidence that it is inaccurate?"
"IT specialists can build the technical infrastructure and systems, but can never deliver the changes in organization processes, work practices and business models that will ultimately see the creation of business value."

"The key challenge they face is marshalling resources and people that are not under their direct control yet are fundamental to the delivery of business value. One CIO summed up this quest as "fighting against the tide" – attempting to come ashore but being pushed back by more powerful forces."

"In posing the question, 'how can the management of IT be improved', the solution inevitably leads down a route that is inappropriate. The task is not to 'manage IT', but to understand the role that IT can play in the production of business value and to therefore manage the delivery of this value through IT. "

"Focusing improvement efforts within the IT function and is premised on a belief that "the problem" lies there. However, in posing the question as to how the value the organization derives through IT can be improved leads to an altogether different response."
Prof. Peppard points out that the genesis of this problem can be traced back to how organisations have been structured and managed into functional silos, though a process-oriented approach would better capture how the work is actually performed.

Research by Cranfield University's Information Systems Research Centre identified six information competencies that all organizations must possess if they are to have any chance of IT investments delivering value:
  1. Business Strategy: Creating and communicating strategy for the organization and defining the role of IT;
  2. Defining the Information Systems Contribution (IS Strategy): Translating business strategy into processes, information and system investments and change plans that match the business priorities;
  3. Defining the IT Capability (IT Strategy): Translating business strategy into long term information architectures, technology infrastructure and resourcing plans that enable the implementation of the strategy;
  4. Supplying IT: Creating and maintaining an appropriate and adaptable information, technology and application supply chain and resource capacity;
  5. Delivering Solutions: Deploying resources to develop, implement and operate IS/IT business solutions, which exploit the capabilities of the technology;
  6. Exploiting IS/IT Investments: Maximizing the realization of benefits through the effective use of information, applications and IT services.
"Seeking to improve the performance of the IT function is likely to achieve little. A central question must be, how do you begin to develop these six competencies?

"For far too long 'IT' has not only been portrayed as an island, but also managed as one; at many organizations it has been designed and positioned as such."
The paper's key points are:
  • Traditional organizational structures, authority patterns, processes and mindsets make IT difficult to manage and actually contribute to the IT-business divide
  • The knowledge resources needed to successfully deliver value are distributed throughout the organization, presenting a challenge for the CIO for its integration and coordination.
  • With the CIO having little or no jurisdiction over all required knowledge, its deployment will therefore be fragmented
  • The conundrum of IT management is how to generate value through IT without having access and authority over necessary resources.
  • To deliver value from their organization’s IT investment, more engagement is needed from executives and users from right across the organization. [I suggest, it would be helpful not to wait 42 years for an edict from the King to reinforce this.]
  • CIOs are attempting to influence people and decisions as well as encourage involvement and actions that do not fall into their realm of authority and are wrestling with aspects of the organization that can encourage behaviours contrary to creating value.
"IT is not an island, but a part of the mainland. Until this fact is acknowledged and recognized on the organizational map, organizations will continue to struggle to generate value through IT. Equally, the challenge is not to manage IT, but to generate value through IT." - Professor Peppard.