Did You Know?

One of the arguments that we have always faced when discussing the dismal track record of IT and promoting the need for different governance models around enterprise use of IT to create/sustain value is that the same thing happened with the emergence of railroads and electricity and that, essentially, "this too will pass". I have always had a problem with this for a number of reasons including i) the pervasiveness of IT, iii) the pace of the change, and iii) the fact that it is unclear if/when we will ever reach a "stable state". This youtube video certainly reinforces that view and provides much food for thought - not the least being that we need to be moving beyond "tweaking" traditional governance models to thinking about radically different models.

Uncle Sam's IT dashboard: Your tax dollars at work

It is a holiday - Canada Day - here today so this post will be brief. I couldn't resist looking at this article by Robert X. Cringely in Infoworld while looking for some personal email. After only a cursory review, the IT Dashboard discussed here appears to be a huge leap forward in terms of investment transparency, in this case by the U.S. Government. Over the next few days, I will be looking into this more, and will certainly be posting additional comments.

Value Management - We Still Have a Long Way To Go!

I recently worked with ISACA to create a short survey around "Value of IT Investments". The responses from more than 500 IT professionals in the US raise some interesting questions. While 67% of respondents felt that they were realizing between 50 - 100% of expected value from their IT investments, only 34% felt there was a shared understanding of what value was in their enterprise, and only 29% had a comprehensive approach to measuring that value. This raises the question, “On what basis are spending decisions made?”.

These findings support the results of a number of other studies, anecdotal evidence and my own experience that most decisions related to value from IT are subjective, and all too often based on perception and emotion rather than facts. The survey also confirms that responsibility for ensuring the realization of value from IT-enabled investments continues to be abdicated to the IT function with 57% responding that this is the case. Remarkably, 11% responded that no-one was responsible!

In response to another question about responding to the current economic crisis:

· 16% of enterprises are making across-the-board cuts in IT spending;

· 14% are freezing at current levels;

· 44% are reducing spending selectively; and

· 26% are increasing selectively.

These results are encouraging in that they show that enterprises are moving away from the traditional across-the-board cuts, but again raise the question of how spending decisions - decisions to freeze, spend more or spend less - are made.

We are still consolidating these results with those from other countries, which, while largely consistent, show some interesting differences. I will post and discuss these when they are made public.

The results so far, however, show that we still have a long way to go - organizations will continue to come nowhere near to realizing the full value of their increasingly significant and complex IT-related investments until they implement effective governance of IT, as an integral part of overall enterprise governance, adopt proven value management practices - such as those in the Val IT™ Framework 2.0 from ISACA, and assign accountability for the realization of value for those investments to the business, rather than abdicating it to the IT function.

The Social Process

I am becoming increasingly interested in how social networking, rather than being viewed as a potential problem to be managed within the "traditional" view of governance and management - today still largely based on beliefs and structures that are a hundred years old - has enormous potential to revolutionize governance and management. In doing so, we could truly tap in to the experience of all employees (and other stakeholders) - not be limited to the knowledge/experience of a few anointed leaders or experts - and actually make the much-abused term empowerment mean something by giving people the opportunity to contribute to/participate in decision-making, actually be listened to and, as a result, really make a difference.

Will this be easy? Of course not - it will require major cultural and behavioural changes. Is it worth seriously considering? Absolutely!

This article by Peter Swabey in Information Age provides some food for thought in this regard.

Drive Profit and Sales Growth Through IT Portfolio Planning

A colleague in Australia sent me this document by Asad Quraishi of Knowledgework (a Canadian organization as it turns out). While the ideas are not new, nor necessarily complete (what document is/can be?) - one serious omission being no reference to The Information Paradox (just, not quite, joking) - it is concise and well organized and, as such, a useful addition to the field of portfolio management (not just planning).

The language used in the document does however risk perpetuating beliefs that need to be changed in that the use of the IT label in "IT portfolio planning", "IT value", and "IT governance" can be read as reinforcing the prevailing view that the challenge, and poor track record of realizing value from today's significant and increasingly complex investments in IT is an IT problem, and the responsibility of the IT function - an implication that is reinforced in the Summary which talks only about the requirement for a "highly effective IT organization."

Whilst no-one could dispute the need for an effective IT organization, this is not enough. IT, in and of itself, delivers no value - it is how the business uses IT - in the context of IT-enabled change - that delivers value. If organizations are to truly realize the full potential of IT, they need to think and act very differently. If we are to accomplish this, one thing we must do is change the language we use. We must move beyond the term "IT governance", which today largely focus on the "supply" side - the delivery and operation of IT services to "Enterprise (or Corporate) governance of IT" covering both the supply side and the "demand" side - determining what services are required and using those services to create and sustain business value. This requires the executive, business management and the IT function to work in partnership with clearly defined (and accepted) roles, responsibilities and accountabilities for both the supply and demand aspects of IT, supported by processes including portfolio management, and relevant metrics.

While there is still room for improvement in many, if not most organizations, in how IT services are delivered (the supply side) we will continue to come nowhere near realizing the full potential of IT-enabled change - and IT will remain the "black sheep of the corporate family" - until the business takes ownership of the demand side, in partnership with IT on the supply side, within the context of overall enterprise governance, including IT. Let's start using language that moves us in this direction!

NHS Gateway Reviews damn £13bn IT decisions

As followers of this blog will know, I have long held the UK NHS's massive National program for Information Technology in Health (NPfIT) to be a case study in what to do wrong in implementing IT-enabled change programmes.

What has constantly amazed me about this and other similar debacles is that report after report - which bring to light the issues and recommend corrective actions - are ignored and nothing changes - once again, as I have said on other occasions, I wish I could put this blog to the music of "When will they ever learn?".

Basil Wood's latest commentary in his bazpractice blog does a very good job of describing the problem - and the solution!

Factors That Kill Risk Management: Stupidity, Fear, Greed

While this article, by Christine Davis in The Cutter Edge, deals with constraints to risk management, it applies equally well to value management. With my total focus on value, I view risk as one of the factors - a major one - that can significantly impact the creation and sustainment of value and all too often, erode or destroy it.

The article is well worth reading - the only omission is the failure to identify analysts as one of the causes, if not the major cause of short-term thinking. I had hoped when they so dramatically misread and misled the dot.com boom, and subsequent bust, that their credibility would have been irreparably damaged but, apparently, not so. We will continue to do stupid things, as a result of fear, greed and blind hope, when driven by people who are big on theory, and enamored with computer models, but low on real-world experience or even basic common sense. The result will continue to be that, rather than creating or sustaining value, we will erode or destroy it.

Until executives and upper management truly lead, within the context of an effective enterprise governance, based on a strong value system decisions will continue to be made

To slightly paraphrase Christine's last paragraph: "As Albert Einstein said, 'Three great forces rule the world: stupidity, fear, and greed.' When it comes to both value management, and risk management, we have all of these forces coming together in a very ugly way, with even more ugly consequences."

Recession Causes Rising IT Project Failure Rates

Those of you who follow this blog will notice that is been over 3 months since my last post - after many years of heavy workload and extensive travel, and with my 65th birthday coming up fast, Diane and I decided to take an extended European vacation, which ended up being "book-ended" by speaking engagements in Manila and Seoul, the last of which I have just returned from. I had hoped to post occasional blogs while away but my ISP migrated to a new platform the day after I left resulting in the Blogger publisher's IP addresses being blocked - don't you just love technology!

Now that I am able to post again, this article by Meredith Levinson in CIO.com which discusses the latest Standish Chaos Survey results would appear to indicate that not much has changed since I have been away or, indeed, over the years since I wrote The Information Paradox, and began talking about the subject of getting real value from increasingly large and complex investments in IT-enabled change. Certainly, the "failure" rate continues to hover around 30%, with the "challenged" rate fairly constant in the mid 40% range and the "successful" rate equally constant in the low 20% range.

I do however think we need to be very careful in interpreting these numbers and, to his credit, Jim Johnson, Chairman of The Standish Group admits this. First, we need to really understand what we mean by success or failure, and indeed "challenged" - then we need to understand what is really "good" or "bad".

Is it a "failure" to cancel a project? I would argue that in many cases it is not. Rather, it shows that effective governance is in place to monitor when either a project is unlikely to deliver the results originally expected or that business requirements have changed such that the project is no longer aligned with business objectives. History is replete with projects that should have been cancelled long before they became expensive and highly visible debacles.

Is a "challenged" project bad? If it is over budget &/or over schedule &/or does not deliver all the originally specified functionality but still creates significant business value I could argue that it was successful. On the other hand, if a "successful" project comes in on time, on schedule and delivers all the originally specified functionality, but does not create or sustain business value, or worse, destroys it, I would consider this a failure.

Bottom line - the Standish results are always interesting but we need to move beyond measuring "inputs' (time and money) and "outputs" (technical capabilities) to measuring "outcomes" - the most important of which (I might say the only one) is creating or sustaining business value.

Mismanagement of prisoner IT system exposed

The UK's litany of failed public-sector IT projects continues, as described in this Information Age article by Peter Swabey, with the latest being the Department of Justice's National Offender Management Information System (C-Nomis). Originally estimated to cost £234 million through 2020, C-Nomis has currently spent £115, is now two years late, and projected to cost £513 million through 2011. A recent Information Age interview with the CIO of the Department of Justice, Andrew Gay, provided some valuable insight into the cause of these failures. Gay said that:

“It doesn’t matter what type of project it is, whether IT or anything else. It’s a question of not nailing down the functionality you actually need, and that has been one of the principal faults with government IT spend. If you are going to deliver an IT project vaguely near budget, it would be far better to spend a huge amount of time working out exactly what you were trying to do with that programme rather than drift into it.”

There is a subtle distinction in Andrew Gay’s comments between an IT project – that delivers a technology capability or service – and a business-change programme – that includes all the initiatives, including but certainly not limited to the IT project, required to realize the expected outcomes. A recent report by the NAO reinforces this saying that “C-Nomis was treated as an IT project and not as a business-change programme” and identifies another all too common problem in that “bad news about the project failed to go up the ladder of command to those who could have made decisions to rescue it.”

This NAO report contains valuable guidance, not just for the public sector, but for all enterprises in managing IT-enabled business change programmes.

Ending the management illusion: Preventing another financial crisis

This is an Ivey Business Journal article by Hersh Shefrin that provides a very interesting perspective on the current financial crisis. While this is interesting in itself, there are many parallels here with other failures of governance, including IT governance - in fact, particularly on the first page, if you drop the word "financial", what Hersh is presenting is that governance failures all too often result from our failure to understand the need to both recognize and change human behaviour. A few (slightly restructured and "de-financialed") quotes:

"The root cause...is the psychological excess that was manifest in unsound managerial judgement and poor managerial decisions...much of that excess was preventable....going forward, we need to figure out how to deal with our self-destructive elements. We need to learn how to build organizations that are psychologically smart. We need to structure organizational cultures that foster sensible approaches to risk-taking...the starting point is to face up to a major management illusion...the belief that organizations can ignore psychological obstacles to effective decision-making, and yet succeed in the long-run without being lucky...addressing psychological obstacles effectively requires the development of a co-ordinated, integrated approach...setting clear goals. It means:

• planning with a view to execution and the achievement of goals;
• putting in place a balanced mix of financial and non-financial incentives which reward members of the organization according to how well goals are met;
• excelling in the sharing of information about whether the organization is track in carrying out its plans, achieving its goals, and rewarding its members.

Programmed for recovery

A article by Paul Fisher in Management Today UK that discusses the CIO role in the current economic climate, and includes a quote from me. The basic premise of the article (to quote) is:

"Smart CIOs realise that there's a lot more to surviving a downturn than cutting costs and waiting for the storm to pass."

Can IT solve the electronic health records challenge?

An interesting article in InfoWorld by Ephraim Schwartz that relates back to a number of my earlier blogs, including "Will Obama get IT right?", and discusses the challenges of implementing a "universal" EHR system - in this case in the U.S. - but the same issues exist elsewhere. They include:

1. Aligning the reward system
2. Scalability (among other technical issues)
3. Standards (we've never had a shortage of those - if only we could have one!)
4. Privacy

A vendor comment near the end captures the essence of the challenge here:

"...deploying an EHR system is just like implementing any big enterprise application, only the enterprise in this case is bigger, and the stakes are higher."

Given the track record of enterprise systems in much smaller and less complex environments, and the history of health systems such as the UK NHS National Program for IT , I would describe this as an overly optimistic understatement.

While this is undoubtedly the right thing to do, how it is done will be the key to success or failure. If it is managed as the huge organizational and behavioural change programme that it is, it will have a chance of succeeding - if it is managed as a technology project, it will fail.

As the article concludes:

"...the challenge of orchestrating and satisfying so many stakeholders remains...to make it happen will require a great deal of cooperation, innovation and investment...this shift will likely happen at a less ambitious level than the political rhetoric suggest..."

Value Management: Why it matters today

This is obviously the week for getting articles published - this article appeared in Computerworld UK today.

Managing in the fog

This article in the February 28th edition of The Economist starts with an interesting quote from Jack Welch that reinforces what I have been thinking and saying for many years. He says:

Not to beat about the bush, but the budgeting process at most companies has to be the most ineffective practice in management.

There are a number of problems with the "traditional" budgeting process:

1. It's not dynamic - it is usually an annual event/ritual and tightly coupled with planning - the result being that planning also becomes an annual event/ritual.
2. It's not efficient - it is incredibly time consuming - I once heard a former CIO of Microsoft joke at a conference that Microsoft had to get all its work done in 3 months because the budgeting process took 9 months.
3. It's not focused on outcomes - when you cut through all the "window dressing", people go into the process to justify keeping the resources they already have.
4. It is far too detailed - as a result of point #3, enormous effort is spent on defining projects that might happen, to justify resources that might be needed for what might actually need to be done.
5. It's not objective - budget decisions are all too often emotional - the result of "relationship based " or "decibel based" decision making rather than a rational, objective process.
6. It's not flexible/agile - once struck, the budget is hard to change - other than through "across the board" cuts.

Even before the current economic meltdown, the rate and pace of change makes annual budget cycles not just obsolete but downright dangerous. We certainly need some form of budgeting process, but we need a much more practical, pragmatic and dynamic process. The article discusses a number of alternatives , which I would summarize as:

An efficient and flexible/agile scenario based budgeting process, with contingency planning for each scenario, and dynamic rolling forecasts, at an appropriate level of detail, reviewed and adjusted regularly (monthly or when certain trigger conditions occur) by senior management, making objective, outcome-based decisions supported by relevant, reliable and up-to date information (as of today vs. last month/quarter).

Such an approach has implications for governance processes, for the information, and enabling technology required to support them, and for management behaviour.

Delivering on the promise of IT

Check out this article on pages 24 - 26 in the February digital edition of Computer Business Review (you may need to register but it's free).

Challenging the Cult of Leadership!

On Saturday morning, I was reading the Report on Business Magazine that come once a month with my Globe and Mail newspaper when I came upon this Exit Interview article with Richard Currie - now, while the article is interesting, what really caught my attention was his response to the question "What are your rules for running a business?" which was:

"I dislike centralization with a passion - the idea that all the brains and ability reside at the top, and the rest of the organization has to be obedient."

I have been thinking for a while about the "cult of leadership" - in a book on this topic, The Wisdom of Crowds, James Surowiecki identifies one of the challenges is that we put too much faith in individual leaders or experts, either because of their position or track record and that these individuals also become over-confident in their abilities. I don’t want to question the ability and competence of all leaders or experts – while I certainly have seen my share of bad ones, most are good people doing the best they can. However, in today’s increasingly complex and fast-paced knowledge economy, much of which is both enabled by and driven by technology, it is unrealistic to expect individuals, however good they are, to have all the answers, all the time. The reality is that neither position nor past success is any guarantee of future success.

If organisations are to succeed in today’s knowledge economy, they cannot constrain themselves to the knowledge of a few individuals – to put it a more brutal way, they cannot be constrained by the habits or ego(s) of their leader(s)! Organisations must tap into the collective knowledge of all their people. We need effective governance that reaches out to and involves key stakeholders – retaining appropriate accountability, based on the law of subsidiarity - an organizing principle that matters ought to be handled by the smallest, lowest or least centralized competent authority. This means locating accountability and decision-making at the most appropriate level, while supporting decisions with broader and more knowledgeable input.

This leads to an unlikely but interesting marriage - that of "traditional" governance and social networking - I believe that this has enormous potential - stay tuned for more thinking on this topic!

Upcoming Speaking Engagements

As I am still waiting for a revamp to my website, I have including my upcoming speaking engagements below:

• March 17th I will be in Vancouver for an ISACA Vancouver Chapter Executive Breakfast and follow-on Val IT workshop
• April 2nd I will be in London participating in a Value Management Forum with the ISACA London Chapter
• April 8th I will be in Toronto running a full day Val IT workshop for CICA
• April 13 - 14th I will be in Manila for an Executive Dinner Briefing and speaking at the ISACA Manila Chapter Annual Conference
• In May I will be taking some extended R&R, as well as doing some research and writing
• June 15th - 17th I will be in Seoul speaking at the itSMF Korea Chapter Annual Conference, and a number of other events
• For September and October I am currently working to "nail down" a number of potential events in the UK, Europe and Australia
• November 9th I will be in Seattle speaking at SIMposium 2009

I will update this post as I get more details of the events.

Why the Recession is Marginalizing CIOs

This CIO Enterprise blog by Thomas Wailgum paints a sorry picture of the state of the CIO and the IT function - below are a few quotes with my comments in bold - yes this time I am quietly screaming! If I had the smarts to add music to this post it would be that old Peter, Paul and Mary line (for those of you old enough to remember) - "When will they ever learn?"

"...business execs getting angrier about the typical 12- to 18-month ERP or CRM software implementation that is unlikely to come in on time, costs more than anticipated and typically delivers unsatisfying results"

How engaged were the business executives in the decision to undertake this "software implementation" - actually a business change program - and in managing the program? They are the ones ultimately responsible for the delivery of value from such programs!

"...business executives [53%] said that the top IT priority and most important driver was acquiring and retaining customers...Nearly 50% of business execs judged IT's performance as 'fair' or 'poor' ...5% said IT [did not support it] at all"

So what are they doing about this disconnect - hoping it will get better?

"...slightly less than 50% of CIOs said that IT is still considered a cost center"

If you treat IT as a cost center, you only have yourself to blame if it behaves like a cost center!

"CIOs having only technology aspects in mind will be replaced..."

Why are they still there? Maybe the person who hasn't already replaced them should also be replaced!

"End of era for technology implementations without immediate return is promptly approaching"

It ended a long time ago - where have these people been?

The really sad thing here is that this blog could well have been written ten years ago - probably even fifteen or twenty...OK, cut to music - "When will they ever learn?"