Reflections on SIMposium09

I had the opportunity to attend and speak at SIMposium09 in Seattle last week. As Seattle is a great town and close to Victoria,  I took the opportunity to take Diane and we both enjoyed Seattle and spent a few very relaxing “Internet-free” days at the wonderful Lake Quinalt Lodge on the Olympic Peninsula after the conference. Having now had time to reflect on the conference, I offer a summary of my thoughts (and in doing so, draw on a number of my earlier posts).

Introducing the sessions on Tuesday, the Moderator, Julia King, Executive Editor of Computerworld, said that what she had taken away from the conference up to that point were three things – people, process and productivity. While productivity – specifically doing more with less – was a common theme, and there was considerable emphasis on people and some on process, I would expand on this somewhat. From what I heard, both through formal presentations, and in informal discussions, the things that I left thinking about, and which I will expand on below were – value (including but not limited to productivity), leadership, innovation (where I would include process), people, and change (specifically management of strategic change). I will talk a bit more about each of these below.

Value

It should come as no surprise that this is my first point. I was pleased that a number of sessions did focus on value, and it was mentioned to varying degrees in others. I was however disappointed when Jerry Luftman presented the results of the 2009 SIM IT trend survey that the word was not mentioned in any of the top ten CIO issues. In fairness, I do understand that in order to plot trends, there has to be some consistency in questions year over year. While it could be argued that the “alignment” question may be a proxy for value (although many people told me they never wanted to hear this question again), and that it is implied in others – I believe we have to make value explicit and  put it front and centre. Certainly, productivity is one aspect of value, but only one aspect – one that tends to focus on doing more with less, and by inference cost. In The Information Paradox, we talked about 3 aspects of value: alignment (NOT the infamous “Aligning IT with the business” topic which, in my mind, makes about as much sense as talking about “aligning our heart with our body”, but rather ensuring that investments are aligned with the enterprise’s strategic objectives); financial worth (which I now refer to as business worth including both financial and non-financial aspects); and risk (both delivery risk and benefits risk).  The Val IT ™ framework further defines value as “total life cycle benefits net of total life cycle costs adjusted for risk and (in the case of financial value) the time value of money”. We need to shift the discussion from the cost of technology to the value of the business change that it enables. We need to create a culture of value in our enterprises.

Leadership

A quick scan of the agenda shows that this was by far the most prevalent topic – not surprising given SIM’s target constituency. There is absolutely no denying that we need more and better leadership – but what do we mean by that? Are we talking about grooming those few who will rise to the corner offices in the top floor of corporate HQ, or are we/should we be talking about something beyond that?  A former colleague of mine, Don Tapscott, used to say (may still say) that “leadership can come from anywhere”. I have been thinking for a while about the “cult of leadership” – in his book, The Wisdom of CrowdsJames Surowiecki identifies one of the challenges is that we put too much faith in individual leaders or experts, either because of their position or track record and that these individuals also become over-confident in their abilities. I don’t want to question the ability and competence of all leaders or experts – while I certainly have seen my share of bad ones, most are good people doing the best they can. However, in today’s increasingly complex and fast-paced knowledge economy, much of which is both enabled by and driven by technology, it is unrealistic to expect individuals, however good they are, to have all the answers, all the time. The reality is that neither position nor past success is any guarantee of future success.

If organisations are to succeed in today’s knowledge economy, they cannot constrain themselves to the knowledge of a few individuals – to put it a more brutal way, they cannot be constrained by the habits or ego(s) of their leader(s)! Organisations must tap into the collective knowledge of all their people – retaining appropriate accountability, based on the law of subsidiarity – an organizing principle that matters ought to be handled by the smallest, lowest or least centralized competent authority. This means locating accountability and decision-making at the most appropriate level, while supporting decisions with broader and more knowledgeable input.

Innovation

We hear a lot about innovation and the potential for CIOs to become Chief Innovation Officers. Interestingly, a number of recent surveys show that executive leadership is disappointed with the lack of innovative ideas from CIOs. But what is innovation? The Oxford Dictionary defines innovation as [t0] bring in new methods, ideas etc. often followed by making change. All too often, we believe that innovation requires new technologies. In a recent Entrepreneur article, Tim O’Reilly, who launched the first commercial website, coined the term “Web 2.0” and was instrumental in the popularization of open-source software, isn’t buying the hype: He calls the era of the I-word “dead on arrival.” “If it is innovative, everybody will know,” O’Reilly says. “Adding words to it does not help.” The current “innovation” overload is the result of folks who don’t know what true invention is trying to pass themselves off as trailblazers. He’s seen companies throw away great ideas because it wasn’t immediately obvious how to make money from them. Then smaller companies and entrepreneurs would come along and play with the idea, just because they’re passionate about it. And they would be the ones to unlock the idea’s potential and grow into the money. While new technologies do indeed enable new methods and ideas, they are not necessary for innovation. Innovation is equally powerful, and often easier, by simply coming up with new and creative ways of using existing technologies.

People

Ultimately, it is people who lead, people who innovate, and, as a result, people who create value. Over the last few decades, much has been said and written about empowering the people within an enterprise – unfortunately little of that talk and writing has translated into reality. As James Surowiecki says, “Although many companies play a good game when it comes to pushing authority away from the top, the truth is that genuine employee involvement remains an unusual phenomenon.” As a result of this, information flows – up, down and across organisations – are poor, non-existent or “filtered” in all directions, decisions are made by a very few with inadequate knowledge and information, and there is limited buy-in to whatever decisions are made. As Peter Senge says in The Fifth Discipline Fieldbook , “…under our old system of governance, one can lead by mandate. If you had the ability to climb the ladder, gain power and then control that power, then you could enforce…changes…Most of our leaders don’t think in terms of getting voluntary followers, they think in terms of control.” I should add here, based on Monday’s closing keynote “It’s about the People”, given by Bill Baumann, Vice President of Information Technology for REI, that REI does appear to be one enterprise that does understand empowerment.

In this context, although there was not a specific session on the topic, social networking (including Web 2.0 and crowd-sourcing etc.) was discussed in many of the sessions, and in informal discussions. As I have said before, I am becoming increasingly interested in how social networking, rather than being viewed as a potential problem to be managed within the “traditional” view of governance and management – today still largely based on beliefs and structures that are a hundred years old – has enormous potential to revolutionize governance and management. In doing so, we could truly tap in to the experience of all employees (and other stakeholders) – not be limited to the knowledge/experience of those few anointed leaders or experts. This could actually make the much-abused term empowerment mean something by giving people the opportunity to contribute to/participate in decision-making, actually be listened to and, as a result, re-engage and really make a difference.

Change

The challenge facing enterprises today is not implementing technology, although this is certainly not becoming any easier, but implementing IT-enabled organisational change such that value is created and sustained, and risk is known, mitigated or contained. The creation and sustainment of value from innovation requires understanding and effective management of change in how people think, manage and act, i.e. change in human behaviour. Unfortunately, as we were reminded in one session by Jeffrey Barnes and Cheryl White, studies have shown consistently over the last 25 years that the failure rate of strategic change initiatives is between 85-90%. Let’s look at a number of scenarios where such initiatives can come to a premature halt.

The first of these is implementation by fiat, without an adequately thought out plan and commensurate resources. There is all too often a tendency for executives to believe that once they say something should be done it is – this is rarely the case. I sometimes describe this as the “Star Trek school of management”. Executives, just like Captain Picard, say “Make it so!” – they often don’t fully understand what “it” is or how they will know when they get there, and  the people they say it to all run off with very different ideas of what “it” is creating a lot of activity – often in conflicting directions. As Larry Bossidy and Ram Charam suggest in Execution, The Discipline of Getting things Done, the role of the executive when saying “make it so” is to ensure that no-one leaves the room until the executive is confident that they all understand what “it” is and, when they come back with a plan, that they don’t leave the room until he/she is confident that the plan has a good chance of delivering “it”.

In other cases, organisations take on too much in the first bite – this either results in “sticker shock” with no action being taken or, particularly when, as is often the case – especially in the current environment of short-termism – the time-frame is unrealistic, failure. The opposite can also be true, doing too little and/or taking too long to do it such that patience runs out and/or interest diminishes to the point of backing off.

Also, where progress is being made, success is not always promoted and built on – without demonstrated and recognized success it can be very difficult to maintain the interest and attention of executives to sustain the change initiative, especially one that may take many years, as many, if not most such initiatives can do. This can become particularly evident if a new executive comes on the scene and asks “Why are we doing this?” Without a sound response, this is often followed by “We did just fine without this where I came from!”

Many of these scenarios are exacerbated when insufficient thought has been given to metrics – measurements that must include both “lag” metrics – are we there yet? – and “leading” metrics – are we on track to get there?, as well as tangibles and intangibles. As Faisal Hoque, Chairman and CEO of the Business Technology Management Institute says, “…technology [itself] warrants evaluation with a tangible set of measures. But the majority of what technology actually does falls more into the sphere of the intangibles”. Understanding how those intangibles (often lead indicators) can contribute to tangibles (often lag indicators) is a key part of value management.

John Zackman offered another explanation for the challenge of change when positioning enterprise architecture – in the context of the overall enterprise – as being about managing complexity and change (which I very much agree with). John said “If you can’t describe it you can’t build it or change it.” John’s comments raise a number of  interesting questions which I won’t attempt to answer here.  Is it actually possible to “reverse architect” today’s complex global enterprises that have, somewhat like London’s Heathrow airport, grown ad hoc over time without any underlying architectural framework or design? If not, are they doomed to eventually fail? Will new and emerging enterprises take a more disciplined approach or will they follow the same pattern such that the cycle continues?

For more on the topic of change, go to Managing Change – The Key to Realizing Value and The Knowing-Doing Gap.

I will explore some or all of these topics more in subsequent posts.

Waltzing with the Elephant

I have just finished reading Mark Toomey‘s Waltzing with the Elephant, subtitled A comprehensive guide to directing and controlling information technology. This has taken me longer than I had thought as the book is indeed very comprehensive. I was reminded as I read it of a comment from an early reader of The Information Paradox who described it as  “a book you want to have read but don’t want to read. If you’re an executive with control over your company’s information technology purse strings, you probably don’t want to read a book this detailed in the intricacies of IT, which is exactly the reason that you should.” But will they? I will return to this point later.

As Mark says in the book’s dedication “Through better, more responsible, and effective decision making and control, we can make better use of information technology, and we can improve the world.” I couldn’t agree more – indeed it is that belief that has driven me for the last 20+ years, and which continues to drive me. There is certainly considerable room for improvement – as Mark goes on to say “…there is a compelling reason to improve the performance of IT use within many organizations.” I would  be even stronger here in that I believe this to be the case in most, if not all organizations.

Waltzing with the Elephant is organized around the the six principles of ISO/IEC 38500:2008:

  • responsibility;
  • strategy;
  • acquisition;
  • performance;
  • conformance;
  • human behaviour.

And the three fundamental Governance tasks that it defines – Evaluate, Direct and Monitor.

Mark does a good job of explaining the principles, and of putting “meat on the bones” of what can be seen as fairly high level and broad concepts. The book is a long, but relatively easy read – helped by Mark’s refreshingly irreverent style, and the many real world examples and anecdotes he has included. Mark also makes good use of models to frame and organize sections, including an earlier version my Strategic Governance framework. Although my brief summary may not do the book justice, what I believe you should take away from it, somewhat adapted and, of course, biased by my beliefs, include:

  1. While much has been written and talked about IT governance over the last decade or more,  progress has been painfully slow. As Ian Wightwick says in his introduction, “…there is a fairly strong case for arguing that the investment in IT improvement has not delivered the desired rate of improvement.”
  2. Slide2

  3. A fundamental reason for this lack of progress is that most IT governance activities  deal only with one side of the problem – the supply side. This is what another Australian colleague of mine, Chris Gillies, calls IT governance of IT –  focused on the IT “factory”. If we are to have effective enterprise governance of IT,  as illustrated in the figure to the right, we also need to pay equal attention to the demand side – business governance of IT – focused on how the organization uses IT to create and sustain business value. For more on this, go to Back to the Basics – the Four “Ares”.
  4. If we are to make progress, there must be the  understanding that governance of IT is an important part of the overall governance framework for any organization, and that governance itself is a business system.  Governance must deal with both compliance (meeting regulatory and legislative requirements) and performance (setting and achieving goals).
  5. Ultimately, the people who should control, and be accountable for how IT is used are the business executives and managers who determine what the focus of the business is, how the business processes are performed, how the authority and control structure operates, and how the people in the system perform their roles. None of these decisions are normally within the scope of the CIO, and so, without the means of enacting any decision, the CIO cannot be held responsible or accountable for the organization‟s use of IT. The CIO should be responsible for administering the system of governance on behalf of the governing body, and accountable for most elements of the supply of IT, but not responsible for the demand and certainly not accountable for the use of IT by the business.
  6. Increasingly, we are not making investments in IT  – we are making investments in IT-enabled change. While IT may be a key enabler, all the other aspects of the business system – the business model, business processes, people, and organization need to be considered. Enterprise governance of IT must  go beyond IT strategy, the IT project portfolio and IT projects to more broadly consider the business strategy, and the portfolio(s) of business investment programmes and business and technology projects that enable and support the strategy (for more on Programme and Project Portfolio Management, go to Moving Beyond PPM to P3M and Get With The Programme.)
  7. It is not enough to just focus governance on new investments. Effective governance must cover the full life-cycle of investment decisions – covering both the initial investments and the assets that result from those investments – assets that all too often fall into what Mark calls the “business as usual” space and receive little attention until something goes wrong.
  8. Essential ingredients of the system for governance of IT include transparency and engagement. Transparency means that there is only one version of the truth – that real, accurate and relevant information flows up, down and across the system to support decision making. Engagement means that, at each level, the right people are involved in the system, in the right way with clearly defined, understood and accepted roles, responsibilities and accountabilities.
  9. Effective governance of IT will rarely be achieved by simply following a standard or a generic framework. Rather, it requires fundamental thinking about the issues that are important, and it requires that the leaders of the organization behave in ways that maximise the value and contain the risks in their current and future use of IT.
  10. Ultimately, while standards, such as  ISO/IEC 38500, and frameworks, such as Val IT™ are useful tools, improving the return on IT investments, and improving governance around those investments and resulting assets is about changing human behaviour. Merely developing and issuing policy is insufficient in driving the comprehensive behavioural change that is essential for many organizations that will seek to implement or improve the effectiveness of their enterprise governance of IT. Behaviour is key…changing or implementing a new system for governance of IT necessarily involves taking all of those people on a journey of change – which for some will be quite straight-forward and which for others, will be profoundly challenging.
  11. This journey of change must be managed as an organizational change programme. While much has been written and should be known about this, the absence of attention to the individual and organisational contexts of human behaviour in plans for IT enabled change to business systems is profound. Where there is understanding of the need to do something, enterprises often then run into “The Knowing-Doing Gap” as described by Jeffrey Pfeffer and Robert I. Sutton in their book  of the same name. As the authors say in their preface, “…so many managers know so much about organisational performance, and work so hard, yet are trapped in firms that do so many things that they know will undermine performance.” They found that “…there [are] more and more books and articles, more and more training programs and seminars, and more and more knowledge that, although valid, often had little or no impact on what managers actually did.” For more about this, go to The Knowing-Doing Gap.

I want to return now to my initial comment about who will read this book. In a recent review of the book, Fiona Balfour described it as recommended reading for academics, students of technology, all IT Professionals and “C‟ role leaders and company directors. The book provides very comprehensive and practical guidance for those who have decided that action is required, but will those who have not yet understood or committed to action read it or, more importantly, take action based on it? Almost a year ago, I was having lunch in London with Kenny MacIver, then Editor of Information Age who, after listening to me expound on this topic for some time, said “What you are saying is that we need a clarion call!” Mark’s book adds significant value to those who have decided to embark on this journey, and he is to be commended for the tremendous effort that he has put into it and for his willingness to share his experience and wisdom – but will it provide that Clarion call? It will play well to the converted, but will it convert? Going back to Ian Wightwick’s introduction, he says “Clearly the purpose of Mark Toomey‟s text is to promote the need for adequate IT governance. It is commendable in this regard, but is only the beginning. Company director (including CEO) education courses and regular director briefings will need appropriate attention with provision of simplified explanatory material and check-lists, as well as encouraging the de-mystifying of the whole business-critical IT issue.”

Despite overwhelming evidence of the need to take action to improve enterprise governance of IT, business leadership – boards, executives and business managers – have shown little appetite for getting engaged and taking accountability for their use of IT to create and sustain business value, or to embrace the transparency that must go with it. I hope that, at least in Australia, the emergence of the ISO standard, and  Mark’s book provide that much needed “clarion call”. History, unfortunately, tells us that it may take more than this – we may still have a long way to go!

Back to the Basics – the Four “Ares”

Well, having now finished with the Sidney Fine Art Show – which was incredibly successful – it’s time to get back to this blog.

As I prepare to head down to Seattle where I am speaking at SIMposium09 on November 9th – just 6 weeks before my 65th birthday – I have been reflecting on the underlying foundation of what I have been doing over the last 20 plus years – what have come to be known as the “four ares”. They have certainly guided my thinking and, since they were published in The Information Paradox, continue to be widely referenced  – sometimes those references are even attributed. The idea came when I was presenting a diagram of, what we then called, the Information Resource Planning approach, to the executive of a large Canadian utility. As I was going through it, one of the executives stopped me, saying: “This is all “gobbledygook” to me – can you just explain it in plain English?” So, I turned the somewhat obtuse and long-winded statements on the chart into the questions each box was trying to address. What had been somewhat of a “talking head” session turned into a lively discussion which resulted in a  successful assignment with very positive outcomes. After that, I applied the same approach to almost everything I was doing including, at the time, DMR’s (now Fujitsu’s) Macroscope methodology – and the four “ares” were born. They have been “tweaked”, but have essentially remained the same for more than two decades.

At the time, I am not sure that I had even thought about the term governance, or could have described what it was. However, over time the two ideas have come together in that, in my view, the ability to continually ensure that enterprises can get positive answers to the four “ares” is the essence of effective enterprise governance. I use the term enterprise governance because, although the origins of the four “ares”, and much of their current application relate to governance of IT, they are equally applicable to the broader enterprise governance view. Indeed, one of the comments/criticisms I have had of both The Information Paradox, and the Val IT™ Framework, is that the term IT should have been dropped, or at least de-emphasized,  as they are both more broadly applicable to any form of investment or, indeed, any form  of asset.

For those of you still wondering what I am referring to, the four “ares” are:

  1. Are we doing the right things?
  2. Are we doing them the right way?
  3. Are we getting them done well?
  4. Are we getting the benefits?

Whenever I am talking with executives, I always have to pause when I get to the four “ares”as they invariability write them down. They are questions that are easy to understand although, unfortunately, not always easy to answer. Indeed, I often feel guilty that they appear too simple. I also feel somewhat guilty about the term “right” in the first two questions. I am not sure that there can always, or even ever be a totally right answer to those questions. However, asking these questions can definitely eliminate a lot of “wrong” decisions. A key point about these questions is that they need to be asked continually. Whilst important to ask them when an initial investment decision is being made, it is equally important to ask them throughout the full economic life cycle of that investment decision. That life-cycle includes a number of stages:

  • Development  – creating the necessary capabilities (hereinafter referred to as assets)
  • Implementation  – delivering the assets
  • Value creation  – adopting and using the assets to achieve the expected level of performance
  • Value sustainment  – assuring that the assets resulting from the investment continue to create value, including additional investments required to sustain value
  • Retirement phase – decommissioning some or all of the resulting assets
The four questions, in order, essentially apply to strategy, architecture, delivery, and value. As illustrated below, they collectively encompass alignment with strategy, business worth, including benefits and costs, and risk – including delivery risk and benefits risk.Slide1

As further illustrated below, within the context of governance of IT, the first and last  questions relate to the “demand” side – business governance of IT, while the second and third relate to the “supply” side – IT governance of IT. Collectively, they represent a complete view of enterprise governance of IT.
Slide2

As we said in The Information Paradox [with some updates], “ Tough questioning is also critical to get rid of silver bullet thinking about IT and lose the industrial-age mind-set that is proving extremely costly to organizations.  Asking the four “ares,” in particular, helps to define the business and technical issues clearly, and thus to better define the distinctive roles of  business executives and IT experts in the investment decision process. Are 1, Are we doing the right things? and Are 4, Are we getting the benefits?  raise key business issues relating to both strategic direction and the organization’s ability to produce the targeted business benefits.  Are 2, Are we doing them the right way?  raises a mix of business and technology integration issues that must be answered to design successful [IT-enabled] change programs.  Are 3, Are we getting them done well?  directs attention to traditional IT project delivery issues, as well as to the ability of other business groups to deliver change projects.”

In Val IT, specifically in version 2.0, we fleshed out these questions and also expanded them to include IT services, assets and other resources (while this is in the context of IT – they could equally well be expanded to include other assets).

1.  Are we doing the right things? The Strategic Question.

  • Are our investments:
    • in line with our mandate and vision?
    • consistent with our business principles?
    • contributing to our strategic objectives, both individually and collectively?
    • delivering optimal benefits at an affordable cost with a known and acceptable level of risk?
  • Are resulting IT services, assets and other resources continuing to deliver value by addressing real business needs and priorities?

2.  Are we doing them  the right way? The Architecture Question.

  • Are our investments:
    • in line with our organisation’s enterprise architecture?
    • consistent with our architectural principles and standards?
  • Are we leveraging synergies between our investments?
  • Are our IT services delivered based on optimal use of the IT infrastructure and other assets and resources?

3.  Are we getting them done well? The Delivery Question.

  • Do we have:
    • effective and disciplined management, delivery and change management processes?
    • competent and available technical and business resources to deliver the required capabilities and the organisational changes required to leverage them?
  • Are services delivered reliably, securely and available when and where required?

4. Are we getting the benefits? The Value Question.

  • Do we have:
    • a clear and shared understanding of what constitutes value for the enterprise?
    • a clear and shared understanding of the expected benefits from new investments, and resulting IT services, assets and other resources?
    • clear and accepted accountability for realising the benefits, and relevant metrics?
    • an effective benefits realisation process over the whole investment economic life-cycle, to ensure that we are maximising business value?
One of the objections we often here to implementing or improving governance practices or frameworks is that we are making it much too complex. There is indeed some truth to this given that the IT industry appears to have single-handedly invented English as a second language, i.e. talking in “techno-speak”. There are also a growing number of what are perceived to be competing frameworks in the marketplace. The four “ares” rise above this and provide a very simple yet comprehensive and powerful set of questions that can be used to help you to start the conversation – a conversation that is long overdue in many enterprises.

Focus Must Shift beyond IT Spending to Business Value

I have been a little quiet on the blog lately as I have been, and am still heavily involved with my wife in organizing and running the Sidney Fine Art Show – one of the largest and most anticipated shows in British Columbia and a highlight on the cultural calendar of Vancouver Island. In the space of three days, we transform a community hall

BodineEmpty

into a world-class art gallery which is visited by more than 5,000 people over the three days of the Show.

SFAS

The Show is also an example of what can be done when you have a clear vision, great people – over 300 volunteers – and appropriately used technology – in this case good old Excel which supports just about every element of the Show. In the current economic climate, and certainly in the context of significant cuts to government support for the arts in this part of the world, we have certainly had to be careful with our finances this year – the 7th year of the Show. We did not however make cuts “across the board” – we focused our spending on those areas that we felt would add the greatest value within the context of our vision. We spent less, sometimes nothing, in some areas, and more in others. I should add that the Show, totally run by volunteers, is not for profit, and not only do artists receive 85% of their sales revenue, but also any surplus from the Show goes directly back to the Community Arts Council of the Saanich Peninsula to support their many diverse programs. The cuts in government arts funding make the Show’s contribution even more important this year.

So, what does this have to do with IT – other than Excel? I read two somewhat conflicting reports on IT spending today, interestingly both under the CIO banner. The first, More CIOs Planning to Spend Money, Hire IT Staff, by Carolyn Johnson, suggests that more CIOs are planning to increase IT spending than at any time since mid-2008, with the average overall change (mean) being +5% . The second, IDC: IT spending unlikely to recover fully before next recession, by Leo King, reports  that IDC has warned that spending on technology will not return to pre-recession levels before the next downturn. IDC said CIOs should expect their budgets to grow, but only to a lower level than was reached before the recession, the highest realistic prediction was for a two per cent growth in spending by 2013.

Now, I don’t know who is right – nor quite frankly do I really care. While the amount of IT spend is interesting, and budgets should be managed responsibly, such discussion  continues to focus on the cost of IT. As in the case of the Sidney Fine Art Show above, the real focus has to shift to what is the business value of that spend. Our continued focus on spend – the cost of IT, is plain wrong-headed.We need to focus on value – value as defined by the Val IT ™ framework as “total life cycle benefits net of total life cycle costs adjusted for risk and (in the case of financial value) the time value of money”. Only when we do this will we come anywhere near to realizing the full potential of IT-enabled change.

Moving Beyond PPM to P3M

Over the last little while, I have been asked to write introductions to, or testimonials for a number of books on Project Portfolio Management (PPM). This has caused me some angst because, while PPM most certainly has its place and is a valuable management tool, the name also unfortunately perpetuates the myth that IT projects, in and of themselves, deliver value. As discussed in an earlier post, Get With The Programme!, we need to move beyond IT projects to comprehensive business change programmes.

The concepts of portfolio management (as related to IT investments) and programme management were introduced in The Information Paradox. While portfolio management has seen significant adoption since then, largely in the form of PPM, the adoption of programme management has been slower, which certainly contributes to the popularity of the PPM term. (It would likely help if we could all agree on a common spelling of program/me!)

I have heard  number of arguments against using the term “programme” including that we are making things too complex by introducing another term, it scares people, and it doesn’t apply to small enterprises etc. The reality is that much of what we are enabling with IT today is complex – very complex, and denying that results in even greater complexity. Taking the programme view facilitates better understanding – shared understanding – of complexity and, as a result, more effective management of change. Regarding scaring people, I always say when I am presenting or discussing this topic that if the audience doesn’t leave both excited and scared, they haven’t “got it”. As Albert Einstein once said “You cannot solve a problem by applying the same thinking that got you into the problem in the first place.” We need to shake people out of their complacency and get them to think and act differently. I also believe that the concept of programme applies just as much to smaller enterprises – appropriately  scaled to fit  size and culture.

Programme management does now appear to be gaining some momentum. In addition to ITGI’s Val IT™, both OGC and PMI have programme-related materials. In a recent research paper, Gartner states “Organisations are discovering that program management is a level of business discipline that is key to delivering business outcomes”. It goes on to say that “We are focusing on a specific research project that addresses strategic program management – an emerging discipline focused around the multi project delivery of business outcomes…we believe that this is the management construct best suited to enable better business engagement, value delivery and risk.”

The definition of Portfolios, Programmes and Projects – as introduced in The Information Paradox, and continued in Val IT – is illustrated in the figure below.
Slide1

Given the above definitions and relationships, I would strongly recommend adoption of the term “Programme and Project Portfolio Management”, or P3M to better reflect both the relationships between portfolios, programmes and projects and the need to have all 3 in place. Indeed, I usually portray this with the “3” in superscript (which WordPress doesn’t seem to like) as I truly believe that it is “P to the power of 3 M”. While all three are necessary, none are sufficient on their own. All three, working together, are needed if enterprises are to:

  • Identify, define, select and execute new investments in IT-enabled change such that they maximize value creation and sustainment, taking early corrective action when this is at risk
  • Make intelligent spending decisions, focusing on spend that creates or sustains value, and avoiding the value destruction inherent in across-the-board (percentage) cuts
  • Ensure that their ongoing investments optimize benefits –  contributing to the creation and sustainment of  value – and again, where this is at risk, take early and appropriate corrective action
  • Deliver business and technology capabilities in a reliable, responsive and cost-effective manner

The relationship between Portfolios, Programmes and Projects, in the context of value management, is illustrated in the figure below.

Slide1

There is an argument that you shouldn’t consider portfolio management until you have dealt with project and programme management, i.e. get delivery right before you determine if you are doing the right things and creating or sustaining business value. I clearly do not agree with that argument – as Peter Drucker said “There is nothing worse than doing well that which should not be done at all!” Portfolio and Programme Management are the vehicles that bridge the gap between strategy and execution – ensuring alignment with business objectives and delivery of value through investments in IT-enabled change by effectively understanding and managing that change. Project management ensures that the technology and business capabilities required to enable the IT-enabled change and the resulting benefits and value are delivered. If we are to realize the full potential of IT-enabled change and translate that into real and sustainable business value, we need to work to all three of these areas – we have no choice!

Best Practice – the Enemy of Good Practice!

Susan Cramm’s latest blog, Why Do We Ignore “Best Practices”?, has stimulated an interesting discussion about what really is the $64,000 question (actually a lot more these days!) – why do we often ignore the “blindingly obvious” and not do what we know is the right thing to do?  I discussed aspects of this question in a recent blog The Knowing-Doing Gap which referred to the book of the same name by Jeffrey Pfeffer and Robert I. Sutton. In the book, they say “…so many managers know so much about organizational performance, and work so hard, yet are trapped in firms that do so many things that they know will undermine performance.” They found that “…there [are] more and more books and articles, more and more training programs and seminars, and more and more knowledge that, although valid, often had little or no impact on what managers actually did.”

However, I don’t want to go more into the Knowing-Doing Gap here – what the blog and the associated comments caused me to reflect upon was the term “best practice”  – a term I dislike and avoid for a number of reasons:

  • Voltaire said  “the best is the enemy of the good”. We rarely need, or can afford, “the best”, and, in any event, what is best for one organization, or one situation, may not be best for other organizations, or different situations.
  • The term “best” can also create an erroneous and dangerous belief that there is no need for further improvement. The world doesn’t stand still – changes to the global economy, the regulatory environment, business models, and technology will continue at a fast rate. We must continue to learn, adapt and improve our practices – standing still is not an option.
  • Voltaire also said  “common sense is not so common” which is also relevant here. “Best practices” are all too often seen as a substitute for judgment or common sense – or for good, experienced people. As a result, they are treated as checklists to be followed blindly without the need to think. After all, “if all you have is a hammer, every problem looks like a nail”. In many cases, more focus is put on following the practice than on the desired outcome – with the means becoming more important than the end. As one commentator on Susan’s post, Mike Myatt says in his blog, The Downside of Best Practices, “My experience has been consistent over the years in that whenever a common aspect of business turns into a “practice area” and the herd mentality of the politically correct legions of consultants and advisers use said area as a platform to be evangelized, the necessity of common sense and the reality of what actually works often times gets thrown out the window as a trade-off for promotional gain.”
  • Another problem with “best”, which I see all the time, is that it implies a competition. When an organization determines that they need to improve their practices, they undertake an evaluation of “competing” practices to determine which is the best. As yet another saying goes – “the less you want to do something the more you study it”. Rather than trying to select the best – organizations should pick one and “just do it”!
  • The term that I have preferred to use, and that we use in Val IT™, is “proven practices”. We do, however, need “proven practices” that are “fit for purpose” – adapted intelligently and innovatively to specific organizational cultures and situations based on sound judgement and common sense. In this context I use one of the many definitions of common sense – “shared understanding” – which could well be extended to mean “shared values”.

All of the above notwithstanding, the real challenge here is that we are trying to get people to change their behaviour to conform to rational, logical practices. People are not always logical or rational – often egos, emotions, old habits and a variety of other factors cause them to behave  differently. Changing such behaviour requires a well-orchestrated organizational change plan (even this is badly expressed as it is not organizations that change – it is individuals). We need to move beyond what is often mandated compliance to getting “buy in” and understanding of the need to behave differently, and the value in doing it – to the organization and the individual. We need to create those shared values within which proven practices are adopted but can be adapted to meet specific situations with an appropriate balance of rigour and agility.  Unfortunately, organizational change management is still largely paid lip service to and rarely done in most organizations.

If we are to deliver on the promise of IT – if we as individuals, organizations and societies are to realize the value of IT-enabled change – we need to change the way we manage that change. We have to stop asking: “When will they do something about this?”. We are “they” – all of us – we need to change how we think, manage and act. Only when we do this will we truly realize the potential value of the changes that IT can enable!

Get With The Programme!

Technology is today embedded in almost everything that we do as individuals, societies and organizations. We have come a long way from the early days – yes, I was there – when the primary use of technology was automating operational tasks such as payroll, where benefits – largely cost savings – were clear and relatively easy to achieve. Today, applications of IT enable increasingly strategic and transformational business outcomes. While these outcomes would not be possible without the technology, the technology is only a small part of the total investment that organizations must make to achieve their desired outcome, often only 5% to 20%. The reality is that these are no longer IT projects – they are investments in IT-enabled business change – investments in which IT is an essential, but often small part.

Unfortunately, our approach to managing IT continues to lag in recognizing this shift. We still exhibit “silver bullet thinking” when it comes to IT. We focus on the technology, and delegate – more often abdicate – responsibility for realizing value from the technology to the IT function. In a recent post, IT Value Remains Elusive, I discussed a recent ISACA survey in which 49 percent of respondents stated that the CIO or IT managers are responsible for ensuring that stakeholder returns on such investments are optimized – with 8 percent saying no one was responsible. Technology in and of itself does not create value – it is how enterprises use technology that creates value. With the evolution of how we use IT, a different approach to the management of investments involving IT has become a business imperative if we are to fully realize the potential value of these investments.

Realizing this value requires broadening our thinking to take many more interrelating activities into account – moving beyond stand-alone IT project management to business programme management. Managing programmes of business change where technology initiatives contribute to business results in concert with initiatives to change other elements of the overall business system, including the business model, business processes, people skills, and organizational structure. It also means that accountability now must be shared between the business and the IT function – while the IT function is accountable for delivering the required technology capabilities, it is the business that must be accountable for realizing value from the use of the technology. This includes: deciding which programmes to undertake; ownership of the overall programme – including all the necessary  initiatives ; and ensuring that expected business value is realized over the full life cycle of the investment decision. Further, to support this, the business case for any proposed investment should be: at the programme level; complete and comprehensive – including the full scope of change initiatives required to achieve the desired outcomes; and a “living”, operational document that is kept up to date and used to manage the programme through its full economic life cycle.

We originally introduced programme management as one of the cornerstones of the Benefits Realization Approach in The Information Paradox. With Val IT™, we included it as part of the Investment Management domain (IM). OGC has also introduced Managing Successful Programmes (MSP) and, more recently, Portfolio, Programme and Project Offices (P3O), and the Project Management Institute (PMI) have extended their PMBOK to include Programme Management. The good news is that there is certainly no shortage of resources for those who want to implement Programmme Management. The bad news is that, while many organizations across the world have significantly increased value through their use of Programme Management, they are the “early adopters” with the majority of enterprises still lagging.

One of the reasons for this is that there is a common tendency to view programmes  as large, complex beasts – only applicable to large enterprises – and a mistaken belief that using the term will over-complicate things. Nothing could be further from the truth – certainly not when programme management is intelligently applied. Enterprise Resource Planning, Customer Relationship Management, Supply Chain Management, Business Intelligence, Social Networking, etc. are extremely complex programs of business change. Denying complexity – taking a simplistic view of change – only increases complexity. Only when complexity is understood can it be simplified, and then only so far. As Albert Einstein once said “Everything should be as simple as possible but no simpler.” The line between simple and simplistic is a dangerous one. Implementing organisational change requires changing our “traditional” approaches to governance – it requires that we “change how we change”!   Effective Programme Management is an important part of that change.

Taking the programme view can still however be a very daunting prospect – there can be just too much to take in all at once – unless an appropriate technique is used – one designed specifically for this purpose. In an earlier post, A Fool’s Errand, I discussed the need for a benefits mapping process (using Fujitsu’s Results ChainCranfield’s Benefits Dependency Modelling, The State of Victoria’s Investment Logic Mapping, or some other similar technique) to develop “road maps” that support understanding and proactive management of a programme throughout its full economic life cycle. Using Fujitsu’s Results Chain terminology – the one I am most familiar with – the process is used to build simple yet rigorous models of the linkages among four core elements of a programme: outcomes, initiatives, contributions, and assumptions. With the right stakeholders involved, and supported by strong facilitation, such a process can, in a relatively short time frame, result in clearly defined business outcomes and contributions, enabling management to ensure alignment with business strategy, define clear and relevant measurements, and assign clear and unambiguous accountability. They help to “connect the dots” and facilitate understanding and “buy in” of the those who will ultimately receive the benefits.

The challenge facing enterprises today is not implementing technology, although this is certainly not becoming any easier, but implementing IT-enabled organisational change such that value is created and sustained, and risk is known, mitigated or contained. This is where Programme Management, supported by benefits mapping can and must play a key role. The OGC states that: “The fundamental reason for beginning a programme is to realise the benefits through change.” In a March, 2008 Research Note, Gartner said that “We believe [strategic program management] is the management construct best suited to enable better business engagement, value delivery and risk”. Enterprises who want to enable such outcomes would do well to take a serious look at Programme Management.

Enterprise IT or Enterprise IM?

Reflecting on yesterday’s post CIOs told to scrap enterprise IT departments, I realized that over the last 5 years working with ITGI discussing IT governance, I have myself become a victim of the “IT label trap”. While implicit in everything I have done, I have not made explicit a distinction that I started making with a large Canadian resources company client way back in 1991 – the distinction between information management and information technology. Although I am not sure we even used the term back in those days, what we did, working with the executive, was to put in place effective governance of information.  Governance which separated, and made explicit the differences between managing information and managing the technology used to collect, store, manipulate and distribute it – with the business being accountable for managing information, while the IT function was accountable for managing the technology.

We defined the distinction between information management and the management of information technology as:

  • Information Management is concerned with the “why” and “what” of business requirements, and the “how” of business management processes, but not the technological “how”.
  • The management of Information Technology is concerned with the technological “how” of meeting business requirements, within the guidelines established by the information management processes.

As this information is still proprietary, I will not go into more detail here other than to say that, based on understanding this distinction, we created a vision for the role of information, then went on to develop and implement principles, an overall architecture, roles and responsibilities, and supporting organizational structures. Among other things, this involved Integration of business planning and information systems planning and transfer of a significant portion of the IT budget to line departments.

Fast forwarding now to the “Four Ares” that we introduced in The Information Paradox and which became the basis for Val IT™:

  1. Are we doing the right things?
  2. Are we doing them the right way?
  3. Are we getting them done well?
  4. Are we getting the benefits?

The first and last questions are primarily concerned with information management, while the second and third are primarily concerned with effective management of information technology.

I was reminded of this distinction again in 2005 – just as I was getting involved with ITGI so the IT label hadn’t quite got me – when leading a number of CIO workshops with the Seattle chapter of the Society for Information Management (SIM). The workshops were around the topic of  “Rethinking IT Governance – Beyond Alignment to Integration.” I found that the discussion kept descending into technobabble and had to remind the participants that there might be a reason why the organization was called the Society for Information Management – NOT the Society for Information Technology! I will be making this point again when I speak at SimPosium09 in Seattle in November.

Given the above, I think that what I should have said in yesterday’s blog was that the heading of the article should have been: “CIOs told to scrap enterprise IT departments BUT not an enterprise IM Role”. In the same vein, I also think that Val IT might have been more appropriately named Val IM.

You can be assured that I will be making the distinction between information management and the management of information technology more explicit in the future.

CIOs told to scrap enterprise IT departments

Before CIOs seeing this heading go apoplectic at such heresy, let me say that the heading of this article by Shane Schick in itWorldCanada referring to the keynote speech given by Peter Hinssen at an invitation-only event for Canadian CIOs should end with “BUT not an enterprise IT role!”. This would more accurately reflect what  Peter is saying (in this article and supporting video – I have not yet read his book although I have met Peter and heard him speak). Peter’s main points are:

  1. IT is too important to be left to the IT function
  2. IT is today embedded in everything we do
  3. The term IT alignment perpetuates the separation between IT and the rest of the business
  4. We need to move beyond alignment to “fusion”
  5. We need to redefine the relationship between IT and the business
  6. IT needs to move from being a side activity to a core activity of the business
  7. We need to focus on technology-enabled innovation
  8. IT people need to be rewarded on a balance of IT measures and direct business value

I very much agree with all of these points – indeed, we made similar points 11 years ago in The Information Paradox and much of that thinking has carried through into Val IT™ and other similar approaches. I encourage you to watch the short video interview with Peter and reflect on what he is saying. In doing so – going back to my suggested heading change – consider that there will always be an enterprise IT role, but not necessarily or even likely an IT department – parts of which will and should move into the business areas with the “factory” pieces being provided by an external utility, be it SaaS, the “cloud” or whatever we call it by then. How many of today’s CIOs will be able to fill that enterprise role is, as Peter suggests, another question.

Who is “Minding the Farm”?

Two recent articles, one about outsourcing, and the other about risk-management provide yet further evidence of the current shortcomings of enterprise governance, and the urgent need to take action.

Outsourcing – seen as one approach to deal with the current economic downturn – is the subject of a recent CBR article Euro business execs blind to outsourcing cost benefits by Kevin White in which he discusses the results of a new study.  The study, which was carried out by Cognizant in conjunction with Warwick Business School, found that:

  • Most CIOs and finance directors think the outsourcing of IT services can help them reduce costs but fewer than half of them could actually prove it, since they do not try or find it difficult to quantify its impact on the bottom line.
  • More than a third simply do not bother to assess the financial contribution to their businesses and 20% cannot remember if they have tried.
  • A third of CIOs and CFOs believe that the business value of outsourcing cannot be assessed beyond a one-time cost saving.

The research was carried out to assess attitudes to outsourcing and the impact of the current economic climate on IT and business decisions. The researchers polled executives in some of Europe’s biggest companies. The businesses reached across the UK, Germany, Switzerland, Benelux, France and the Nordics and a majority of the 263 respondents were reported to be spending between $5 and $100 million annually on outsourcing.

“They seem to believe outsourcing will save money, but fewer than 20% of the CFOs and CIOs had any confidence in their quantification,” said Sanjiv Gossain, VP and head of Cognizant in the UK. The study also showed that CFOs feel CIOs need more help to communicate the full benefits of outsourcing but only 37% of CFO respondents rate their CIOs ability to do this.

The study report concluded, “Senior executives appear to be making outsourcing decisions based upon short term cost cutting – which remains crucial – but outsourcing’s impact stretches well beyond the initial labour, skills and cost advantages.”

Shareholders and taxpayers alike should find it totally unacceptable that such major decisions would be made without a full understanding of their impact,  inadequate or no quantification of business value, and without even measuring whether cost savings are actually being realized.

Governance shortcomings also extend to risk-management – another recent article from Accenture Heeding lessons from economic downturn discusses the results of an an their 2009 Global Risk Management Strategy Study which found that the vast majority (85 percent) of corporate executives surveyed say they need to overhaul their approach to risk-management if the lessons of the economic crisis are to be used to improve business results.

The study, based on a survey of 260 chief financial officers, chief risk officers and other executives with risk-management responsibilities at large companies in 21 countries, also pointed to a lack of integration of current risk-management and performance-management processes. While nearly half the respondents said that their company’s risk-management function is involved to a great extent in strategic planning (48 percent) or in investment and divestment decisions (45 percent), only 27 percent said the risk-management function was involved to a great extent in objective-setting and performance management.

“Executives could improve their organizations’ performance and position themselves for economic recovery by linking and balancing risk management and performance management to aid their decision-making and increase shareholder returns,” said Dan London, managing director of Accenture’s Finance & Performance Management practice. “Being effective at this also requires companies to integrate their risk management capabilities enterprise-wide.”

Survey respondents identified a number of common problems with their risk-management functions, including:

  • Ineffective integration of risk, return and capital issues in decision-making (identified by 85 percent of respondents);
  • Lack of alignment between the company’s strategies and its risk appetite (85 percent);
  • Insufficient enterprise-wide risk culture (82 percent);
  • Inadequate availability of timely risk, finance and business data (80 percent);
  • Lack of integration and aggregation across all risk types (78 percent); and
  • Ambiguous risk responsibilities between corporate and business units (78 percent).

What I find particularly worrisome is that I could substitute the term “value” for “risk” above and the findings would still apply.

The Val IT™ definition of value is “the total life-cycle benefits net of related costs, adjusted for risk and (in the case of financial value) for the time value of money”. When management continues to focus on cost, with little understanding of, or attention to benefits or risk, or indeed of overall value, and also fails to manage actual performance, it should come as no surprise that we continue to have such a poor track record of actually creating and sustaining value – especially, but certainly not limited to IT-enabled investments! Enterprise governance needs to focus on creating and sustaining value, integrating all aspects of value – benefits, costs and risks –  to support the full life-cycle of investment decisions from ideation, definition, selection and execution of investments through to the operation and eventual retirement of resulting assets.