Waltzing with the Elephant

I have just finished reading Mark Toomey‘s Waltzing with the Elephant, subtitled A comprehensive guide to directing and controlling information technology. This has taken me longer than I had thought as the book is indeed very comprehensive. I was reminded as I read it of a comment from an early reader of The Information Paradox who described it as  “a book you want to have read but don’t want to read. If you’re an executive with control over your company’s information technology purse strings, you probably don’t want to read a book this detailed in the intricacies of IT, which is exactly the reason that you should.” But will they? I will return to this point later.

As Mark says in the book’s dedication “Through better, more responsible, and effective decision making and control, we can make better use of information technology, and we can improve the world.” I couldn’t agree more – indeed it is that belief that has driven me for the last 20+ years, and which continues to drive me. There is certainly considerable room for improvement – as Mark goes on to say “…there is a compelling reason to improve the performance of IT use within many organizations.” I would  be even stronger here in that I believe this to be the case in most, if not all organizations.

Waltzing with the Elephant is organized around the the six principles of ISO/IEC 38500:2008:

  • responsibility;
  • strategy;
  • acquisition;
  • performance;
  • conformance;
  • human behaviour.

And the three fundamental Governance tasks that it defines – Evaluate, Direct and Monitor.

Mark does a good job of explaining the principles, and of putting “meat on the bones” of what can be seen as fairly high level and broad concepts. The book is a long, but relatively easy read – helped by Mark’s refreshingly irreverent style, and the many real world examples and anecdotes he has included. Mark also makes good use of models to frame and organize sections, including an earlier version my Strategic Governance framework. Although my brief summary may not do the book justice, what I believe you should take away from it, somewhat adapted and, of course, biased by my beliefs, include:

  1. While much has been written and talked about IT governance over the last decade or more,  progress has been painfully slow. As Ian Wightwick says in his introduction, “…there is a fairly strong case for arguing that the investment in IT improvement has not delivered the desired rate of improvement.”
  2. Slide2

  3. A fundamental reason for this lack of progress is that most IT governance activities  deal only with one side of the problem – the supply side. This is what another Australian colleague of mine, Chris Gillies, calls IT governance of IT –  focused on the IT “factory”. If we are to have effective enterprise governance of IT,  as illustrated in the figure to the right, we also need to pay equal attention to the demand side – business governance of IT – focused on how the organization uses IT to create and sustain business value. For more on this, go to Back to the Basics – the Four “Ares”.
  4. If we are to make progress, there must be the  understanding that governance of IT is an important part of the overall governance framework for any organization, and that governance itself is a business system.  Governance must deal with both compliance (meeting regulatory and legislative requirements) and performance (setting and achieving goals).
  5. Ultimately, the people who should control, and be accountable for how IT is used are the business executives and managers who determine what the focus of the business is, how the business processes are performed, how the authority and control structure operates, and how the people in the system perform their roles. None of these decisions are normally within the scope of the CIO, and so, without the means of enacting any decision, the CIO cannot be held responsible or accountable for the organization‟s use of IT. The CIO should be responsible for administering the system of governance on behalf of the governing body, and accountable for most elements of the supply of IT, but not responsible for the demand and certainly not accountable for the use of IT by the business.
  6. Increasingly, we are not making investments in IT  – we are making investments in IT-enabled change. While IT may be a key enabler, all the other aspects of the business system – the business model, business processes, people, and organization need to be considered. Enterprise governance of IT must  go beyond IT strategy, the IT project portfolio and IT projects to more broadly consider the business strategy, and the portfolio(s) of business investment programmes and business and technology projects that enable and support the strategy (for more on Programme and Project Portfolio Management, go to Moving Beyond PPM to P3M and Get With The Programme.)
  7. It is not enough to just focus governance on new investments. Effective governance must cover the full life-cycle of investment decisions – covering both the initial investments and the assets that result from those investments – assets that all too often fall into what Mark calls the “business as usual” space and receive little attention until something goes wrong.
  8. Essential ingredients of the system for governance of IT include transparency and engagement. Transparency means that there is only one version of the truth – that real, accurate and relevant information flows up, down and across the system to support decision making. Engagement means that, at each level, the right people are involved in the system, in the right way with clearly defined, understood and accepted roles, responsibilities and accountabilities.
  9. Effective governance of IT will rarely be achieved by simply following a standard or a generic framework. Rather, it requires fundamental thinking about the issues that are important, and it requires that the leaders of the organization behave in ways that maximise the value and contain the risks in their current and future use of IT.
  10. Ultimately, while standards, such as  ISO/IEC 38500, and frameworks, such as Val IT™ are useful tools, improving the return on IT investments, and improving governance around those investments and resulting assets is about changing human behaviour. Merely developing and issuing policy is insufficient in driving the comprehensive behavioural change that is essential for many organizations that will seek to implement or improve the effectiveness of their enterprise governance of IT. Behaviour is key…changing or implementing a new system for governance of IT necessarily involves taking all of those people on a journey of change – which for some will be quite straight-forward and which for others, will be profoundly challenging.
  11. This journey of change must be managed as an organizational change programme. While much has been written and should be known about this, the absence of attention to the individual and organisational contexts of human behaviour in plans for IT enabled change to business systems is profound. Where there is understanding of the need to do something, enterprises often then run into “The Knowing-Doing Gap” as described by Jeffrey Pfeffer and Robert I. Sutton in their book  of the same name. As the authors say in their preface, “…so many managers know so much about organisational performance, and work so hard, yet are trapped in firms that do so many things that they know will undermine performance.” They found that “…there [are] more and more books and articles, more and more training programs and seminars, and more and more knowledge that, although valid, often had little or no impact on what managers actually did.” For more about this, go to The Knowing-Doing Gap.

I want to return now to my initial comment about who will read this book. In a recent review of the book, Fiona Balfour described it as recommended reading for academics, students of technology, all IT Professionals and “C‟ role leaders and company directors. The book provides very comprehensive and practical guidance for those who have decided that action is required, but will those who have not yet understood or committed to action read it or, more importantly, take action based on it? Almost a year ago, I was having lunch in London with Kenny MacIver, then Editor of Information Age who, after listening to me expound on this topic for some time, said “What you are saying is that we need a clarion call!” Mark’s book adds significant value to those who have decided to embark on this journey, and he is to be commended for the tremendous effort that he has put into it and for his willingness to share his experience and wisdom – but will it provide that Clarion call? It will play well to the converted, but will it convert? Going back to Ian Wightwick’s introduction, he says “Clearly the purpose of Mark Toomey‟s text is to promote the need for adequate IT governance. It is commendable in this regard, but is only the beginning. Company director (including CEO) education courses and regular director briefings will need appropriate attention with provision of simplified explanatory material and check-lists, as well as encouraging the de-mystifying of the whole business-critical IT issue.”

Despite overwhelming evidence of the need to take action to improve enterprise governance of IT, business leadership – boards, executives and business managers – have shown little appetite for getting engaged and taking accountability for their use of IT to create and sustain business value, or to embrace the transparency that must go with it. I hope that, at least in Australia, the emergence of the ISO standard, and  Mark’s book provide that much needed “clarion call”. History, unfortunately, tells us that it may take more than this – we may still have a long way to go!

Back to the Basics – the Four “Ares”

Well, having now finished with the Sidney Fine Art Show – which was incredibly successful – it’s time to get back to this blog.

As I prepare to head down to Seattle where I am speaking at SIMposium09 on November 9th – just 6 weeks before my 65th birthday – I have been reflecting on the underlying foundation of what I have been doing over the last 20 plus years – what have come to be known as the “four ares”. They have certainly guided my thinking and, since they were published in The Information Paradox, continue to be widely referenced  – sometimes those references are even attributed. The idea came when I was presenting a diagram of, what we then called, the Information Resource Planning approach, to the executive of a large Canadian utility. As I was going through it, one of the executives stopped me, saying: “This is all “gobbledygook” to me – can you just explain it in plain English?” So, I turned the somewhat obtuse and long-winded statements on the chart into the questions each box was trying to address. What had been somewhat of a “talking head” session turned into a lively discussion which resulted in a  successful assignment with very positive outcomes. After that, I applied the same approach to almost everything I was doing including, at the time, DMR’s (now Fujitsu’s) Macroscope methodology – and the four “ares” were born. They have been “tweaked”, but have essentially remained the same for more than two decades.

At the time, I am not sure that I had even thought about the term governance, or could have described what it was. However, over time the two ideas have come together in that, in my view, the ability to continually ensure that enterprises can get positive answers to the four “ares” is the essence of effective enterprise governance. I use the term enterprise governance because, although the origins of the four “ares”, and much of their current application relate to governance of IT, they are equally applicable to the broader enterprise governance view. Indeed, one of the comments/criticisms I have had of both The Information Paradox, and the Val IT™ Framework, is that the term IT should have been dropped, or at least de-emphasized,  as they are both more broadly applicable to any form of investment or, indeed, any form  of asset.

For those of you still wondering what I am referring to, the four “ares” are:

  1. Are we doing the right things?
  2. Are we doing them the right way?
  3. Are we getting them done well?
  4. Are we getting the benefits?

Whenever I am talking with executives, I always have to pause when I get to the four “ares”as they invariability write them down. They are questions that are easy to understand although, unfortunately, not always easy to answer. Indeed, I often feel guilty that they appear too simple. I also feel somewhat guilty about the term “right” in the first two questions. I am not sure that there can always, or even ever be a totally right answer to those questions. However, asking these questions can definitely eliminate a lot of “wrong” decisions. A key point about these questions is that they need to be asked continually. Whilst important to ask them when an initial investment decision is being made, it is equally important to ask them throughout the full economic life cycle of that investment decision. That life-cycle includes a number of stages:

  • Development  – creating the necessary capabilities (hereinafter referred to as assets)
  • Implementation  – delivering the assets
  • Value creation  – adopting and using the assets to achieve the expected level of performance
  • Value sustainment  – assuring that the assets resulting from the investment continue to create value, including additional investments required to sustain value
  • Retirement phase – decommissioning some or all of the resulting assets
The four questions, in order, essentially apply to strategy, architecture, delivery, and value. As illustrated below, they collectively encompass alignment with strategy, business worth, including benefits and costs, and risk – including delivery risk and benefits risk.Slide1

As further illustrated below, within the context of governance of IT, the first and last  questions relate to the “demand” side – business governance of IT, while the second and third relate to the “supply” side – IT governance of IT. Collectively, they represent a complete view of enterprise governance of IT.
Slide2

As we said in The Information Paradox [with some updates], “ Tough questioning is also critical to get rid of silver bullet thinking about IT and lose the industrial-age mind-set that is proving extremely costly to organizations.  Asking the four “ares,” in particular, helps to define the business and technical issues clearly, and thus to better define the distinctive roles of  business executives and IT experts in the investment decision process. Are 1, Are we doing the right things? and Are 4, Are we getting the benefits?  raise key business issues relating to both strategic direction and the organization’s ability to produce the targeted business benefits.  Are 2, Are we doing them the right way?  raises a mix of business and technology integration issues that must be answered to design successful [IT-enabled] change programs.  Are 3, Are we getting them done well?  directs attention to traditional IT project delivery issues, as well as to the ability of other business groups to deliver change projects.”

In Val IT, specifically in version 2.0, we fleshed out these questions and also expanded them to include IT services, assets and other resources (while this is in the context of IT – they could equally well be expanded to include other assets).

1.  Are we doing the right things? The Strategic Question.

  • Are our investments:
    • in line with our mandate and vision?
    • consistent with our business principles?
    • contributing to our strategic objectives, both individually and collectively?
    • delivering optimal benefits at an affordable cost with a known and acceptable level of risk?
  • Are resulting IT services, assets and other resources continuing to deliver value by addressing real business needs and priorities?

2.  Are we doing them  the right way? The Architecture Question.

  • Are our investments:
    • in line with our organisation’s enterprise architecture?
    • consistent with our architectural principles and standards?
  • Are we leveraging synergies between our investments?
  • Are our IT services delivered based on optimal use of the IT infrastructure and other assets and resources?

3.  Are we getting them done well? The Delivery Question.

  • Do we have:
    • effective and disciplined management, delivery and change management processes?
    • competent and available technical and business resources to deliver the required capabilities and the organisational changes required to leverage them?
  • Are services delivered reliably, securely and available when and where required?

4. Are we getting the benefits? The Value Question.

  • Do we have:
    • a clear and shared understanding of what constitutes value for the enterprise?
    • a clear and shared understanding of the expected benefits from new investments, and resulting IT services, assets and other resources?
    • clear and accepted accountability for realising the benefits, and relevant metrics?
    • an effective benefits realisation process over the whole investment economic life-cycle, to ensure that we are maximising business value?
One of the objections we often here to implementing or improving governance practices or frameworks is that we are making it much too complex. There is indeed some truth to this given that the IT industry appears to have single-handedly invented English as a second language, i.e. talking in “techno-speak”. There are also a growing number of what are perceived to be competing frameworks in the marketplace. The four “ares” rise above this and provide a very simple yet comprehensive and powerful set of questions that can be used to help you to start the conversation – a conversation that is long overdue in many enterprises.

Get With The Programme!

Technology is today embedded in almost everything that we do as individuals, societies and organizations. We have come a long way from the early days – yes, I was there – when the primary use of technology was automating operational tasks such as payroll, where benefits – largely cost savings – were clear and relatively easy to achieve. Today, applications of IT enable increasingly strategic and transformational business outcomes. While these outcomes would not be possible without the technology, the technology is only a small part of the total investment that organizations must make to achieve their desired outcome, often only 5% to 20%. The reality is that these are no longer IT projects – they are investments in IT-enabled business change – investments in which IT is an essential, but often small part.

Unfortunately, our approach to managing IT continues to lag in recognizing this shift. We still exhibit “silver bullet thinking” when it comes to IT. We focus on the technology, and delegate – more often abdicate – responsibility for realizing value from the technology to the IT function. In a recent post, IT Value Remains Elusive, I discussed a recent ISACA survey in which 49 percent of respondents stated that the CIO or IT managers are responsible for ensuring that stakeholder returns on such investments are optimized – with 8 percent saying no one was responsible. Technology in and of itself does not create value – it is how enterprises use technology that creates value. With the evolution of how we use IT, a different approach to the management of investments involving IT has become a business imperative if we are to fully realize the potential value of these investments.

Realizing this value requires broadening our thinking to take many more interrelating activities into account – moving beyond stand-alone IT project management to business programme management. Managing programmes of business change where technology initiatives contribute to business results in concert with initiatives to change other elements of the overall business system, including the business model, business processes, people skills, and organizational structure. It also means that accountability now must be shared between the business and the IT function – while the IT function is accountable for delivering the required technology capabilities, it is the business that must be accountable for realizing value from the use of the technology. This includes: deciding which programmes to undertake; ownership of the overall programme – including all the necessary  initiatives ; and ensuring that expected business value is realized over the full life cycle of the investment decision. Further, to support this, the business case for any proposed investment should be: at the programme level; complete and comprehensive – including the full scope of change initiatives required to achieve the desired outcomes; and a “living”, operational document that is kept up to date and used to manage the programme through its full economic life cycle.

We originally introduced programme management as one of the cornerstones of the Benefits Realization Approach in The Information Paradox. With Val IT™, we included it as part of the Investment Management domain (IM). OGC has also introduced Managing Successful Programmes (MSP) and, more recently, Portfolio, Programme and Project Offices (P3O), and the Project Management Institute (PMI) have extended their PMBOK to include Programme Management. The good news is that there is certainly no shortage of resources for those who want to implement Programmme Management. The bad news is that, while many organizations across the world have significantly increased value through their use of Programme Management, they are the “early adopters” with the majority of enterprises still lagging.

One of the reasons for this is that there is a common tendency to view programmes  as large, complex beasts – only applicable to large enterprises – and a mistaken belief that using the term will over-complicate things. Nothing could be further from the truth – certainly not when programme management is intelligently applied. Enterprise Resource Planning, Customer Relationship Management, Supply Chain Management, Business Intelligence, Social Networking, etc. are extremely complex programs of business change. Denying complexity – taking a simplistic view of change – only increases complexity. Only when complexity is understood can it be simplified, and then only so far. As Albert Einstein once said “Everything should be as simple as possible but no simpler.” The line between simple and simplistic is a dangerous one. Implementing organisational change requires changing our “traditional” approaches to governance – it requires that we “change how we change”!   Effective Programme Management is an important part of that change.

Taking the programme view can still however be a very daunting prospect – there can be just too much to take in all at once – unless an appropriate technique is used – one designed specifically for this purpose. In an earlier post, A Fool’s Errand, I discussed the need for a benefits mapping process (using Fujitsu’s Results ChainCranfield’s Benefits Dependency Modelling, The State of Victoria’s Investment Logic Mapping, or some other similar technique) to develop “road maps” that support understanding and proactive management of a programme throughout its full economic life cycle. Using Fujitsu’s Results Chain terminology – the one I am most familiar with – the process is used to build simple yet rigorous models of the linkages among four core elements of a programme: outcomes, initiatives, contributions, and assumptions. With the right stakeholders involved, and supported by strong facilitation, such a process can, in a relatively short time frame, result in clearly defined business outcomes and contributions, enabling management to ensure alignment with business strategy, define clear and relevant measurements, and assign clear and unambiguous accountability. They help to “connect the dots” and facilitate understanding and “buy in” of the those who will ultimately receive the benefits.

The challenge facing enterprises today is not implementing technology, although this is certainly not becoming any easier, but implementing IT-enabled organisational change such that value is created and sustained, and risk is known, mitigated or contained. This is where Programme Management, supported by benefits mapping can and must play a key role. The OGC states that: “The fundamental reason for beginning a programme is to realise the benefits through change.” In a March, 2008 Research Note, Gartner said that “We believe [strategic program management] is the management construct best suited to enable better business engagement, value delivery and risk”. Enterprises who want to enable such outcomes would do well to take a serious look at Programme Management.

Enterprise IT or Enterprise IM?

Reflecting on yesterday’s post CIOs told to scrap enterprise IT departments, I realized that over the last 5 years working with ITGI discussing IT governance, I have myself become a victim of the “IT label trap”. While implicit in everything I have done, I have not made explicit a distinction that I started making with a large Canadian resources company client way back in 1991 – the distinction between information management and information technology. Although I am not sure we even used the term back in those days, what we did, working with the executive, was to put in place effective governance of information.  Governance which separated, and made explicit the differences between managing information and managing the technology used to collect, store, manipulate and distribute it – with the business being accountable for managing information, while the IT function was accountable for managing the technology.

We defined the distinction between information management and the management of information technology as:

  • Information Management is concerned with the “why” and “what” of business requirements, and the “how” of business management processes, but not the technological “how”.
  • The management of Information Technology is concerned with the technological “how” of meeting business requirements, within the guidelines established by the information management processes.

As this information is still proprietary, I will not go into more detail here other than to say that, based on understanding this distinction, we created a vision for the role of information, then went on to develop and implement principles, an overall architecture, roles and responsibilities, and supporting organizational structures. Among other things, this involved Integration of business planning and information systems planning and transfer of a significant portion of the IT budget to line departments.

Fast forwarding now to the “Four Ares” that we introduced in The Information Paradox and which became the basis for Val IT™:

  1. Are we doing the right things?
  2. Are we doing them the right way?
  3. Are we getting them done well?
  4. Are we getting the benefits?

The first and last questions are primarily concerned with information management, while the second and third are primarily concerned with effective management of information technology.

I was reminded of this distinction again in 2005 – just as I was getting involved with ITGI so the IT label hadn’t quite got me – when leading a number of CIO workshops with the Seattle chapter of the Society for Information Management (SIM). The workshops were around the topic of  “Rethinking IT Governance – Beyond Alignment to Integration.” I found that the discussion kept descending into technobabble and had to remind the participants that there might be a reason why the organization was called the Society for Information Management – NOT the Society for Information Technology! I will be making this point again when I speak at SimPosium09 in Seattle in November.

Given the above, I think that what I should have said in yesterday’s blog was that the heading of the article should have been: “CIOs told to scrap enterprise IT departments BUT not an enterprise IM Role”. In the same vein, I also think that Val IT might have been more appropriately named Val IM.

You can be assured that I will be making the distinction between information management and the management of information technology more explicit in the future.

CIOs told to scrap enterprise IT departments

Before CIOs seeing this heading go apoplectic at such heresy, let me say that the heading of this article by Shane Schick in itWorldCanada referring to the keynote speech given by Peter Hinssen at an invitation-only event for Canadian CIOs should end with “BUT not an enterprise IT role!”. This would more accurately reflect what  Peter is saying (in this article and supporting video – I have not yet read his book although I have met Peter and heard him speak). Peter’s main points are:

  1. IT is too important to be left to the IT function
  2. IT is today embedded in everything we do
  3. The term IT alignment perpetuates the separation between IT and the rest of the business
  4. We need to move beyond alignment to “fusion”
  5. We need to redefine the relationship between IT and the business
  6. IT needs to move from being a side activity to a core activity of the business
  7. We need to focus on technology-enabled innovation
  8. IT people need to be rewarded on a balance of IT measures and direct business value

I very much agree with all of these points – indeed, we made similar points 11 years ago in The Information Paradox and much of that thinking has carried through into Val IT™ and other similar approaches. I encourage you to watch the short video interview with Peter and reflect on what he is saying. In doing so – going back to my suggested heading change – consider that there will always be an enterprise IT role, but not necessarily or even likely an IT department – parts of which will and should move into the business areas with the “factory” pieces being provided by an external utility, be it SaaS, the “cloud” or whatever we call it by then. How many of today’s CIOs will be able to fill that enterprise role is, as Peter suggests, another question.

Who is “Minding the Farm”?

Two recent articles, one about outsourcing, and the other about risk-management provide yet further evidence of the current shortcomings of enterprise governance, and the urgent need to take action.

Outsourcing – seen as one approach to deal with the current economic downturn – is the subject of a recent CBR article Euro business execs blind to outsourcing cost benefits by Kevin White in which he discusses the results of a new study.  The study, which was carried out by Cognizant in conjunction with Warwick Business School, found that:

  • Most CIOs and finance directors think the outsourcing of IT services can help them reduce costs but fewer than half of them could actually prove it, since they do not try or find it difficult to quantify its impact on the bottom line.
  • More than a third simply do not bother to assess the financial contribution to their businesses and 20% cannot remember if they have tried.
  • A third of CIOs and CFOs believe that the business value of outsourcing cannot be assessed beyond a one-time cost saving.

The research was carried out to assess attitudes to outsourcing and the impact of the current economic climate on IT and business decisions. The researchers polled executives in some of Europe’s biggest companies. The businesses reached across the UK, Germany, Switzerland, Benelux, France and the Nordics and a majority of the 263 respondents were reported to be spending between $5 and $100 million annually on outsourcing.

“They seem to believe outsourcing will save money, but fewer than 20% of the CFOs and CIOs had any confidence in their quantification,” said Sanjiv Gossain, VP and head of Cognizant in the UK. The study also showed that CFOs feel CIOs need more help to communicate the full benefits of outsourcing but only 37% of CFO respondents rate their CIOs ability to do this.

The study report concluded, “Senior executives appear to be making outsourcing decisions based upon short term cost cutting – which remains crucial – but outsourcing’s impact stretches well beyond the initial labour, skills and cost advantages.”

Shareholders and taxpayers alike should find it totally unacceptable that such major decisions would be made without a full understanding of their impact,  inadequate or no quantification of business value, and without even measuring whether cost savings are actually being realized.

Governance shortcomings also extend to risk-management – another recent article from Accenture Heeding lessons from economic downturn discusses the results of an an their 2009 Global Risk Management Strategy Study which found that the vast majority (85 percent) of corporate executives surveyed say they need to overhaul their approach to risk-management if the lessons of the economic crisis are to be used to improve business results.

The study, based on a survey of 260 chief financial officers, chief risk officers and other executives with risk-management responsibilities at large companies in 21 countries, also pointed to a lack of integration of current risk-management and performance-management processes. While nearly half the respondents said that their company’s risk-management function is involved to a great extent in strategic planning (48 percent) or in investment and divestment decisions (45 percent), only 27 percent said the risk-management function was involved to a great extent in objective-setting and performance management.

“Executives could improve their organizations’ performance and position themselves for economic recovery by linking and balancing risk management and performance management to aid their decision-making and increase shareholder returns,” said Dan London, managing director of Accenture’s Finance & Performance Management practice. “Being effective at this also requires companies to integrate their risk management capabilities enterprise-wide.”

Survey respondents identified a number of common problems with their risk-management functions, including:

  • Ineffective integration of risk, return and capital issues in decision-making (identified by 85 percent of respondents);
  • Lack of alignment between the company’s strategies and its risk appetite (85 percent);
  • Insufficient enterprise-wide risk culture (82 percent);
  • Inadequate availability of timely risk, finance and business data (80 percent);
  • Lack of integration and aggregation across all risk types (78 percent); and
  • Ambiguous risk responsibilities between corporate and business units (78 percent).

What I find particularly worrisome is that I could substitute the term “value” for “risk” above and the findings would still apply.

The Val IT™ definition of value is “the total life-cycle benefits net of related costs, adjusted for risk and (in the case of financial value) for the time value of money”. When management continues to focus on cost, with little understanding of, or attention to benefits or risk, or indeed of overall value, and also fails to manage actual performance, it should come as no surprise that we continue to have such a poor track record of actually creating and sustaining value – especially, but certainly not limited to IT-enabled investments! Enterprise governance needs to focus on creating and sustaining value, integrating all aspects of value – benefits, costs and risks –  to support the full life-cycle of investment decisions from ideation, definition, selection and execution of investments through to the operation and eventual retirement of resulting assets.

CIOs in the Era of Doing More with Less

A shorter post than usual, but I wanted to  highlight an interesting article by Brian P.Watson in CIO Insight which quotes, among others, Peter Whatnell, CIO of Sunoco and President of the Society for Information Management (SIM).

While quite a bit of the article is about tactical stuff, the quotes below capture the type of thinking we should be looking for from CIOs, and that CEOs should be demanding. These include:

“Most importantly for IT leaders today, doing the right things means focusing on the long-term view—the strategic components of your plan and that of the overall business, not the bits and bytes of whatever hot technology is dominating the IT buzz”. – Brian Watson

“…the opportunity for IT leaders is more strategic than tactical, more business than technology.” – Peter Whatnell, CIO, Sunoco and President, SIM

“When all is said and done, blending a strategic business focus with the right IT decisions could be what separates the CIO wheat from the chaff. Put those skills together, and you’ll become a true partner:  A CIO has to become the internal, go-to expert consultant for every functional head in the organization to help them execute, innovate and enable strategy more efficiently with the right technology.” – Vincent Cirel, CIO, Norwegian Cruise Line

While these quotes are encouraging, we should remember that the requirement for CIOs to be more strategic business partners should not come as a “Eureka” – resulting from the current economic crisis. The requirement has existed for a long time – certainly well over two decades. The difference today is that the consequences of not doing this are much more serious. CIOs and CEOs who do not understand this are putting the very survival of their organizations at risk!

You can be assured that I will be discussing this topic more in presentation at my SIMposium09 in Seattle on November 9th.

IT Value Remains Elusive

In a previous post, I discussed the US results of a short ISACA survey – which I helped to create – around “Value of IT Investments”. The global results have now been released.  The nine-country survey of 1,217 IT professionals reveals that while enterprises worldwide believe they are realizing value from their IT investments, it is difficult to understand how they can be sure as fewer than half of the respondents believe that there is a shared understanding of what constitutes value across their enterprise, and two-thirds don’t have a comprehensive approach to measuring value from those investments with 10% not measuring it at all.

The survey also showed a lack of business accountability for value from the use of IT in that 49 percent of respondents stated that the CIO or IT managers are responsible for ensuring that stakeholder returns on such investments are optimized. Only 15 percent said responsibility lies with the board, 11 percent the CEO and 9 percent the CFO. Remarkably, 8 percent said no one was responsible.

The results  raise the question, ‘On what basis are spending decisions made?’ Enterprises that do not have clear business accountability for the realization of value from their increasingly significant and complex IT-related investments, and do not fully measure value are unable to determine which investments to undertake, which are successful, which require corrective action, and which need to be  cut—and thereby are likely to miss out on revenue-generating opportunities, pursue unsuccessful investments and miss opportunities to gain competitive advantage.

These findings support the results of a number of other studies, anecdotal evidence and my own experience that most decisions related to value from IT are subjective, and all too often are based on perception and emotion rather than on facts. Organizations will not come close to realizing the full value of their IT investments until they adopt effective value management practices – such as those contained in the Val IT ™ framework – and assign accountability for the realization of value from those investments to the board and CEO, rather than abdicating it to the CIO.

Know your IT cost of goods sold

Although my passion is value, that certainly should not imply that I don’t think about costs – costs are an integral part of the value equation, as are risks. The definition of value used in Val IT™ is the total life-cycle benefits net of related costs, adjusted for risk and (in the case of financial value) for the time value of money. Costs are incurred in two main ways – the cost of executing investments in IT-enabled change, and the on-going costs of operating the new/changed assets that result from those investments, often new/improved business services which increasingly have a significant IT component. These on-going costs often represent somewhere between 65 – 85% of the total IT budget. This article by Craig Symons from Forrester focuses primarily on these costs, and in doing so, makes a strong case for IT financial transparency.

Craig points out that, as IT has become increasingly pervasive in enterprises, IT costs represent a growing and often significant part of their total cost of products and services. Yet, although these costs are associated with a number of different activities, including enterprise-wide and business unit administrative activities, sales and marketing support activities, and direct product and service activities, many enterprises lump them all into the general and administrative costs “bucket”, where they all too often become a very visible target for cost-cutting. Without more specific information around the activities these costs are supporting, there is a significant risk that the wrong things will be cut, and value may well be eroded or destroyed as a result of the “law of unintended consequences”.

With complete financial transparency, IT costs are identified by activity and charged back at the service level based on consumption. This allows IT to have a fact-based discussion with the other parts of the business, showing where IT contributes value to the business activities, and thereby enabling smarter decision-making. It changes the focus of the conversation from the cost of technology, to the value contributed by IT to business activities.

CIOs Need to Get More From the Assets They have

This  article by Tom Jowitt in CIO.Insider discusses a Butler report that highlights the tendency in these tough economic times to focus on cutting costs. It argues that organizations also need to look at leveraging their existing assets, e.g. ERPs.  They need to look at what is not being used, and bring under-utilised functionality into use where it can create or sustain value, thereby increasing the ROI on these expensive assets. It reinforces a view that I have long held – the only disagreement I might have is that I would change the title to read “CIOs Need to Help the Business Get More From the Assets They Own” – after all, it is how the business uses these assets that results in value – or doesn’t! In past lives, I have worked both for a vendor who was interested in selling new technology, and a consulting company interested in designing/building/implementing new systems. When involved in situations where a client was looking to replace their current “legacy” system, I often concluded, and said, that the client could have addressed the perceived deficiencies of their current system through better understanding of it’s functionality, improved documentation and training, and some relatively minor “tweaking”. The alternative was to make a significant investment in the replacement systems, again failing to take the time to fully understand the functionality of the system, failing to provide sufficient documentation and training, and so the cycle continues. Needless to say, my view was never particularly popular – the vendor or consulting company wanted the business, the client already had the funding approved, and the “techies” wanted to work on new stuff. Clearly, there are times when legacy systems need to be replaced, but all too often organizations rush into this before they need to – leaving “money on the table”.