IT Governance - Managing Portfolios, Projects, Processes, and People

Introduction

Whether an organisation views IT as a strategic capability involving significant investment, or purely as a support service to be delivered at minimal cost, the reality is that all are dependent on information systems as an integral part of many business processes. Effective IT Governance is therefore essential to ensure that the delivery of IT services meets the requirements of the business, and policies and procedures must be in place to guide investment decisions, provide visibility into project progress, assess and mitigate risk, and measure the return against strategic objectives.

Without IT Governance, the business value of IT is substantially impaired, and the organisation becomes subject to the inefficiencies of short-term, tactical IT deployments, unproductive use of human resources and IT assets, and breaches of data security and regulatory requirements.

Creating value through IT-enabled business projects is a chain of activities that involves both business and IT functions, and IT Governance must therefore run throughout the entire IT value lifecycle, have both business and IT elements, and help to align these two perspectives to a common set of objectives.

Business Issues

We define the purpose of IT Governance as the creation of a management framework by which an organisation maximises the value that it derives from IT in support of its strategic objectives, and which includes the following characteristics:

• Defines rights, roles, and accountability for all areas of IT decision-making.
• Provides visibility into demand for IT services, and a mechanism for evaluating and prioritising these requests.
• Supports the measurement of value over the entire lifecycle of IT-enabled business projects.
• Defines and enforces standardised IT processes.
• Helps the organisation to assess and manage risk, and to comply with regulatory requirements.
• Provides for the efficient management and safe use of resources and IT assets.

Whilst much of the existing research on IT Governance focuses on high-level decision-making, investment priorities, and joint business-IT accountability, if IT is to be an effective creator of value for the organisation, and be seen internally as a trusted business service, then the execution of the underlying IT capabilities must be of a consistent quality, and subject to continuous improvement. IT departments trying to move up the value scale without these firm foundations are liable to experience failure, and we believe that IT Governance must address both ends of this spectrum.

Spend on IT can be split into three categories: Run-The-Organisation, Change-The-Organisation, and Innovate, each of which has distinct characteristics and different governance requirements. For Run-The-Organisation spend, the emphasis is on availability, reliability, and running IT operations at lowest reasonable cost. We believe that a key element here is to create a catalogue of IT services against which costs can be accrued, and which can be managed through Service Level Agreements (SLAs). This offers improved visibility into the true costs of providing the services, helps alignment with business processes, and can optionally form the basis of chargeback to business units. Effective governance of Run-The-Organisation spend is vital because it represents the majority of the IT budget, yet is often considered purely as a 'hygiene' issue by the business.

Change-The-Organisation spend represents work on new IT-enabled business projects, with drivers such as customer satisfaction, productivity improvements, competitive insight, or cost advantage. Many organisations now understand the importance of measuring the value of these projects, but struggle to find the appropriate methods and disciplines required. The role of governance in this category is therefore to formalise the process of collaboration between business and IT to deliver these objectives. This will involve the specification of requirements, development of a business case, identification of appropriate business metrics, effective reporting on the status of the project during development, and ongoing tracking of the benefits. The use of a PMO to oversee this process offers a significant improvement in the management and governance of this type of spend, and has become a key interface between business and IT.

The role of IT in innovation involves taking advantage of technology to create new products and services, or to take the company into new markets. The emphasis of IT Governance for this category of spend must be on strong planning, alignment with strategic objectives, effective risk assessment, and ensuring that there is early notification of potential issues.

IT Governance also has a vital role in risk management, security, and compliance. The increased focus on these areas means that they can no longer be handled in isolation, and senior IT executives, managers, and staff not only need to be aware of the issues, but must also take an active role in the process. Regulatory compliance and risk management have a significant impact on every organisation, whether profit-based, not-for-profit, or in the public sector, but is not just about being seen to have procedures and systems in place. It is also about actively demonstrating that an IT department is using its operational processes to best effect to improve the way the business functions.

There is no predefined starting point for IT Governance that suits all environments. Instead, individual organisations should begin by addressing the pain points that allow a quick time-to-value, whether this is, for example, portfolio management to capture details of all IT initiatives, improved project reporting to aid visibility, or developing a service catalogue to gain better control of routine IT operations. These starting points can then evolve into a broader IT Governance framework in a series of incremental steps.

Technology Issues

Historically, IT has been managed either manually, through spreadsheets, or through an array of standalone tooling. Although time and attendance tools exist for calculating IT payroll, project management solutions help IT to choreograph and track the flow of tasks necessary to get jobs done, and asset management systems provide snapshots useful for re-negotiating software contracts or hardware procurement, none of these systems provide the overall visibility of IT projects and services. PPM tools have evolved over the last five years from standalone tools for managing individual projects and programmes, to a wider set of functionality that can support many aspects of IT Governance, including financial management, resource management (both supply and demand), and IT process management.

Project Management is traditionally concerned with managing the construction and delivery of the application, juggling resources, both human and material, against time, budget, and requirements constraints. With better understanding of the software development process, Project Management has grown in scope, influenced by, for example, frameworks and methodologies such as Six Sigma, PRINCE2, and PMBoK. In fact, the focus on the software development process in all its manifestations has made the Project Management role more important than ever before. The role involves following corporate standards, establishing software metrics and other quality control measures, and practising cost estimation and tracking.

Portfolio Management tools help the organisation to visualise the demand for IT services and new initiatives, and prioritise the investment of financial and human resources to meet business objectives. They also provide a variety of lifecycle, risk assessment, modelling, and what-if simulation capabilities so IT managers can optimise the mix, scheduling, and flow of new projects, as well gain as an understanding of the contribution made by current IT services. Those capabilities grow even more critical when company priorities change, a major new business competitor enters the market, or unforeseen obstacles disrupt a project or existing services.

Process Management or workflow now embraces every aspect of the IT operation, from very linear workflows that incorporate a simple task, to complex processes that involve multiple reviews, sub-processes, and conditional tasks, and bring together information and data from multiple tasks. Most IT Governance platforms now include Process Management capabilities to enable IT organisations to model processes and create workflows that integrate together information and data. IT Governance solution vendors are also starting to provide pre-built workflows targeted at specific methodologies and frameworks.

However, it should be noted that implementing an effective IT Governance programme is a multifaceted project, and there is no single out-of-the box solution that can be deployed to provide all the answers. It requires careful planning, the adoption of relevant management frameworks, an ongoing programme to implement the necessary controls, measurement of the results, and above all, the buy-in of both the IT staff to support the initiative and of the organisation as a whole.

Market Issues

The PPM market has coalesced over an extended period of time from a variety of different heritages. Some solutions have come from a pure Project Management or Portfolio Management background, often focused not purely on IT, but as generic tools that were applicable throughout an organisation. A second group of products has come from a Professional Services Automation (PSA) heritage, with an initial focus on supporting professional services teams in a wide range of industry sectors, in areas such as time recording and resource management.

As the customer need for IT Governance has come to the fore over the period from 2001 onwards, these products have increasingly become aligned with this requirement, by adding or acquiring new functionality, and tailoring the product and its marketing towards the language of the IT organisation. For some of the vendors this transition has been wholesale, such that their target market is solely PPM within an IT context, whereas for others, their IT-centric offerings complement PPM solutions aimed at other business applications.

However, the market is still relatively immature, particularly in terms of customer adoption. Whilst the vast majority of organisations perceive IT Governance as being important, the potential benefits of a PPM solution have only gained significant traction in large enterprise customers, where the requirement to manage competing investment and resource requirements for many hundreds and sometimes thousands of projects and proposals, not to mention the issues of improved visibility and risk management, are a clear driver.

For medium to large-sized companies, PPM functionality has often been delivered by a series of point solutions: Microsoft Project is a ubiquitous tool for basic Project Management requirements, and for Portfolio Management, resource management, and financial management, the humble spreadsheet far outstrips any other packaged application in terms of deployment numbers. Butler Group believes that currently the PPM vendors are failing to meet the needs of this market for affordable and easily-deployable solutions.

The other recent characteristic of this market has been a substantial wave of consolidation, with no less than seven of the nine solutions covered in this Report having come under new ownership over the last three years, and the remaining two having made substantial acquisitions of their own. The obvious consequence of the consolidation is that some of the vendors are still in the transition phase between acquiring the new technology and fully integrating it into their own product set, and developing new go-to-market propositions.

Conclusion

We believe that the IT Governance framework must therefore take an end-to-end view of the IT value chain, including both business and IT perspectives, and in doing so, make sure that the objectives of both are fully aligned. There is a risk, however, that IT Governance becomes focused only on business value. Whilst optimising the way that the business uses IT is certainly the goal of IT Governance, concentrating on high level investment decisions and priorities is doomed to failure if the IT function itself is incapable of producing high-quality, efficient services to deliver on those plans. It is, therefore, important to combine the disciplines of Financial Management and Portfolio Management, with those of Project Management and Process Management, and the broader scope of the latest generation of PPM solutions is starting to address this challenge.

Above all else, it should be recognised that effectively applying IT Governance involves working towards multiple objectives which proceed through successive stages of maturity, and that an effective IT Governance framework is essential to guide this process.