Implement Risk-Based Vulnerability Management

  • Buy Link or Shortcode: {j2store}296|cart{/j2store}
  • member rating overall impact (scale of 10): 9.2/10 Overall Impact
  • member rating average dollars saved: $122,947 Average $ Saved
  • member rating average days saved: 34 Average Days Saved
  • Parent Category Name: Threat Intelligence & Incident Response
  • Parent Category Link: /threat-intelligence-incident-response
  • Vulnerability scanners, industry alerts, and penetration tests are revealing more and more vulnerabilities, and it is unclear how to manage them.
  • Organizations are struggling to prioritize the vulnerabilities for remediation, as there are many factors to consider, including the threat of the vulnerability and the potential remediation option itself.

Our Advice

Critical Insight

  • Patches are often seen as the only answer to vulnerabilities, but these are not always the most suitable solution.
  • Vulnerability management does not equal patch management. It includes identifying and assessing the risk of the vulnerability, and then selecting a remediation option which goes beyond just patching alone.
  • There is more than one way to tackle the problem. Leverage your existing security controls in order to protect the organization.

Impact and Result

  • At the conclusion of this blueprint, you will have created a full vulnerability management program that will allow you to take a risk-based approach to vulnerability remediation.
  • Assessing a vulnerability’s risk will enable you to properly determine the true urgency of a vulnerability within the context of your organization; this ensures you are not just blindly following what the tool is reporting.
  • The risk-based approach will allow you prioritize your discovered vulnerabilities and take immediate action on critical and high vulnerabilities, while allowing your standard remediation cycle to address the medium to low vulnerabilities.
  • With your program defined and developed, you now need to configure your vulnerability scanning tool, or acquire one if you don’t already have a tool in place.
  • Lastly, while vulnerability management will help address your systems and applications, how do you know if you are secure from external malicious actors? Penetration testing will offer visibility, allowing you to plug those holes and attain an environment with a smaller risk surface.

Implement Risk-Based Vulnerability Management Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should design and implement a vulnerability management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Identify vulnerability sources

Begin the project by creating a vulnerability management team and determine how vulnerabilities will be identified through scanners, penetration tests, third-party sources, and incidents.

  • Vulnerability Management SOP Template

2. Triage vulnerabilities and assign priorities

Determine how vulnerabilities will be triaged and evaluated based on intrinsic qualities and how they may compromise business functions and data sensitivity.

  • Vulnerability Tracking Tool
  • Vulnerability Management Risk Assessment Tool
  • Vulnerability Management Workflow (Visio)
  • Vulnerability Management Workflow (PDF)

3. Remediate vulnerabilities

Address the vulnerabilities based on their level of risk. Patching isn't the only risk mitigation action; some systems simply cannot be patched, but other options are available. Reduce the risk down to medium/low levels and engage your regular operational processes to deal with the latter.

4. Measure and formalize

Evolve the program continually by developing metrics and formalizing a policy.

  • Vulnerability Management Policy Template
  • Vulnerability Scanning Tool RFP Template
  • Penetration Test RFP Template

Infographic

Workshop: Implement Risk-Based Vulnerability Management

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Identify Vulnerability Sources

The Purpose

Establish a common understanding of vulnerability management, and define the roles, scope, and information sources of vulnerability detection.

Key Benefits Achieved

Attain visibility on all of the vulnerability information sources, and a common understanding of vulnerability management and its scope.

Activities

1.1 Define the scope & boundary of your organization’s security program.

1.2 Assign responsibility for vulnerability identification and remediation.

1.3 Develop a monitoring and review process of third-party vulnerability sources.

1.4 Review incident management and vulnerability management

Outputs

Defined scope and boundaries of the IT security program

Roles and responsibilities defined for member groups

Process for review of third-party vulnerability sources

Alignment of vulnerability management program with existing incident management processes

2 Triage and Prioritize

The Purpose

We will examine the elements that you will use to triage and analyze vulnerabilities, prioritizing using a risk-based approach and prepare for remediation options.

Key Benefits Achieved

A consistent, documented process for the evaluation of vulnerabilities in your environment.

Activities

2.1 Evaluate your identified vulnerabilities.

2.2 Determine high-level business criticality.

2.3 Determine your high-level data classifications.

2.4 Document your defense-in-depth controls.

2.5 Build a classification scheme to consistently assess impact.

2.6 Build a classification scheme to consistently assess likelihood.

Outputs

Adjusted workflow to reflect your current processes

List of business operations and their criticality and impact to the business

Adjusted workflow to reflect your current processes

List of defense-in-depth controls

Vulnerability Management Risk Assessment tool formatted to your organization

Vulnerability Management Risk Assessment tool formatted to your organization

3 Remediate Vulnerabilities

The Purpose

Identifying potential remediation options.

Developing criteria for each option in regard to when to use and when to avoid.

Establishing exception procedure for testing and remediation.

Documenting the implementation of remediation and verification.

Key Benefits Achieved

Identifying and selecting the remediation option to be used

Determining what to do when a patch or update is not available

Scheduling and executing the remediation activity

Planning continuous improvement

Activities

3.1 Develop risk and remediation action.

Outputs

List of remediation options sorted into “when to use” and “when to avoid” lists

4 Measure and Formalize

The Purpose

You will determine what ought to be measured to track the success of your vulnerability management program.

If you lack a scanning tool this phase will help you determine tool selection.

Lastly, penetration testing is a good next step to consider once you have your vulnerability management program well underway.

Key Benefits Achieved

Outline of metrics that you can then configure your vulnerability scanning tool to report on.

Development of an inaugural policy covering vulnerability management.

The provisions needed for you to create and deploy an RFP for a vulnerability management tool.

An understanding of penetration testing, and guidance on how to get started if there is interest to do so.

Activities

4.1 Measure your program with metrics, KPIs, and CSFs.

4.2 Update the vulnerability management policy.

4.3 Create an RFP for vulnerability scanning tools.

4.4 Create an RFP for penetration tests.

Outputs

List of relevant metrics to track, and the KPIs, CSFs, and business goals for.

Completed Vulnerability Management Policy

Completed Request for Proposal (RFP) document that can be distributed to vendor proponents

Completed Request for Proposal (RFP) document that can be distributed to vendor proponents

Further reading

Implement Risk-Based Vulnerability Management

Get off the patching merry-go-round and start mitigating risk!

Table of Contents

4 Analyst Perspective

5 Executive Summary

6 Common Obstacles

8 Risk-based approach to vulnerability management

16 Step 1.1: Vulnerability management defined

24 Step 1.2: Defining scope and roles

34 Step 1.3: Cloud considerations for vulnerability management

33 Step 1.4: Vulnerability detection

46 Step 2.1: Triage vulnerabilities

51 Step 2.2: Determine high-level business criticality

56 Step 2.3: Consider current security posture

61 Step 2.4: Risk assessment of vulnerabilities

71 Step 3.1: Assessing remediation options

Table of Contents

80 Step 3.2: Scheduling and executing remediation

85 Step 3.3: Continuous improvement

89 Step 4.1: Metrics, KPIs, and CSFs

94 Step 4.2: Vulnerability management policy

97 Step 4.3: Select & implement a scanning tool

107 Step 4.4: Penetration testing

118 Summary of accomplishment

119 Additional Support

120 Bibliography

Analyst Perspective

Vulnerabilities will always be present. Know the unknowns!

In this age of discovery, technology changes at such a rapid pace. New things are discovered, both in new technology and in old. The pace of change can often be very confusing as to where to start and what to do.

The ever-changing nature of technology means that vulnerabilities will always be present. Taking measures to address these completely will consume all your department’s time and resources. That, and your efforts will quickly become stale as new vulnerabilities are uncovered. Besides, what about the systems that simply can’t be patched? The key is to understand the vulnerabilities and the levels of risk they pose to your organization, to prioritize effectively and to look beyond patching.

A risk-based approach to vulnerability management will ensure you are prioritizing appropriately and protecting the business. Reduce the risk surface!

Vulnerability management is more than just systems and application patching. It is a full process that includes patching, compensating controls, segmentation, segregation, and heightened diligence in security monitoring.

Jimmy Tom, Research Advisor – Security, Privacy, Risk, and Compliance, Info-Tech Research Group.Jimmy Tom
Research Advisor – Security, Privacy, Risk, and Compliance
Info-Tech Research Group

Executive Summary

Your Challenge

Vulnerability scanners, industry alerts, and penetration tests are revealing more and more vulnerabilities, and it is unclear how to manage them.

Organizations are struggling to prioritize the vulnerabilities for remediation, as there are many factors to consider, including the threat of the vulnerability and the potential remediation option.

Common Obstacles

Patches are often seen as the answer to vulnerabilities, but these are not always the most suitable solution.

Some systems deemed vulnerable simply cannot be patched or easily replaced.

Companies are unaware of the risk implications that come from leaving the vulnerability open and from the remediation option itself.

Info-Tech’s Approach

Design and implement a vulnerability management program that identifies, prioritizes, and remediates vulnerabilities.

Understand what needs to be considered when implementing remediation options, including patches, configuration changes, and defense-in-depth controls.

Build a process that is easy to understand and allows vulnerabilities to be remediated proactively, instead of in an ad hoc fashion.

Info-Tech Insight

Vulnerability management does not always equal patch management. There is more than one way to tackle the problem, particularly if a system cannot be easily patched or replaced. If a vulnerability cannot be completely remediated, steps to reduce the risk to a tolerable level must be taken.

Common obstacles

These barriers make vulnerability management difficult to address for many organizations:
  • The value of vulnerability management is not well articulated in many organizations. As a result, investment in vulnerability scanning technology is often insufficient.
  • Many organizations feel that a “patch everything” approach is the most effective path.
  • Vulnerability management is commonly misunderstood as being a process that only supports patch management.
  • There is often misalignment between SecOps and ITOps in remediation action and priority, affecting the timeliness of remediation.
CVSS Score Distribution From the National Vulnerability Database: Pie Charts presenting the CVSS Core Distribution for the National Vulnerability Database. The left circle represents 'V3' and the right 'V2', where V3 has an extra option for 'Critical', above 'High', 'Medium', and 'Low', and V2 does not.
(Source: NIST National Vulnerability Database Dashboard)

Leverage risk to sort, triage, and prioritize vulnerabilities

Reduce your risk surface to avoid cost to your business; everything else is table stakes.

Reduce the critical and high vulnerabilities below the risk threshold and operationalize the remediation of medium/low vulnerabilities by following your effective vulnerability management program cycles.

Identify vulnerability sources

An inventory of your scanning tool and vulnerability threat intelligence data sources will help you determine a viable strategy for addressing vulnerabilities. Defining roles and responsibilities ahead of time will ensure you are not left scrambling when dealing with vulnerabilities.

Triage and prioritize

Bring the vulnerabilities into context by assessing vulnerabilities based on your security posture and mechanisms and not just what your data sources report. This will allow you to gauge the true urgency of the vulnerabilities based on risk and determine an effective mitigation plan.

Remediate vulnerabilities

Address the vulnerabilities based on their level of risk. Patching isn't the only risk mitigation action; some systems simply cannot be patched, but other options are available.

Reduce the risk down to medium/low levels and engage your regular operational processes to deal with the latter.

Measure and formalize

Upon implementation of the program, measure with metrics to ensure that the program is successful. Improve the program with each iteration of vulnerability mitigation to ensure continuous improvement.

Tactical Insight 1

All actions to address vulnerabilities should be based on risk and the organization’s established risk tolerance.

Tactical Insight 2

Reduce the risk surface down below the risk threshold.

The industry has shifted to a risk-based approach

Traditional vulnerability management is no longer viable.

“For those of us in the vulnerability management space, ensuring that money, resources, and time are strategically spent is both imperative and difficult. Resources are dwindling fast, but the vulnerability problem sure isn’t.” (Kenna Security)

“Using vulnerability scanners to identify unpatched software is no longer enough. Keeping devices, networks, and digital assets safe takes a much broader, risk-based vulnerability management strategy – one that includes vulnerability assessment and mitigation actions that touch the entire ecosystem.” (Balbix)

“Unlike legacy vulnerability management, risk-based vulnerability management goes beyond just discovering vulnerabilities. It helps you understand vulnerability risks with threat context and insight into potential business impact.” (Tenable)

“A common mistake when prioritizing patching is equating a vulnerability’s Common Vulnerability Scoring System (CVSS) score with risk. Although CVSS scores can provide useful insight into the anatomy of a vulnerability and how it might behave if weaponized, they are standardized and thus don’t reflect either of the highly situational variables — namely, weaponization likelihood and potential impact — that factor into the risk the vulnerability poses to an organization.” (SecurityWeek)

Why a take risk-based approach?

Vulnerabilities, by the numbers

60% — In 2019, 60% of breaches were due to unpatched vulnerabilities.

74% — In the same survey, 74% of survey responses said they cannot take down critical applications and systems to patch them quickly. (Source: SecurityBoulevard, 2019)

Info-Tech Insight

Taking a risk-based approach will allow you to focus on mitigating risk, rather than “just patching” your environment.

The average cost of a breach in 2020 is $3.86 million, and “…the price tag was much less for mature companies and industries and far higher for firms that had lackluster security automation and incident response processes.” (Dark Reading)

Vulnerability Management

A risk-based approach

Reduce the risk surface to avoid cost to your business, everything else is table stakes

Logo for Info-Tech.
Logo for #iTRG.

1

Identify

4

Address

Mitigate the risk surface by reducing the time across the phases ›Mitigate the risk by implementing:
  • patch systems & apps
  • compensating controls
  • systems and apps hardening
  • systems segregation
Chart presenting an example of 'Risk Surface' with the axes 'Risk Level' and 'Time' with lines created by individual risks. The highlighted line begins in 'Critical' and eventually drops to low. The area between the line and your organization's risk tolerance is labelled 'Risk Surface'.

Objective: reduce risk surface by reducing time to address

Your organization's risk tolerance threshold

Identify vulnerability management scanning tools & external threat intel sources (Mitre CVE, US-CERT, vendor alerts, etc.)Vulnerability information feeds:
  • scanning tool
  • external threat intel
  • internal threat intel

2

Analyze

Assign actual risk (impact x urgency) to the organization based on current security posture

Triage based on risk ›

Your organization's risk tolerance threshold

Risk tolerance threshold map with axes 'Impact' and 'Likelihood'. High levels of one and low levels of the other, or medium levels of both, is 'Medium', High level of one and Medium levels of the other is 'High', and High levels of both is 'Critical'.

3

Assess

Plan risk mitigation strategy ›Consider:
  • risk tolerance
  • compensating controls
  • business impact

Info-Tech’s vulnerability management methodology

Focus on developing the most efficient processes.

Vulnerability management isn’t “old school.”

The vulnerability management market is relatively mature; however, vulnerability management remains a very relevant and challenging topic.

Security practitioners are inundated with the advice they need to prioritize their vulnerabilities. Every vulnerability scanning vendor will proclaim their ability to prioritize the identified vulnerabilities.

Third-party prioritization methodology can’t be effectively applied across all organizations. Each organization is too unique with different constraints. No tool or service can account for these variables.

Equation to find 'Vulnerability Priority'.

When patching is not possible, other options exist: configuration changes (hardening), defense-in-depth, compensating controls, and even elevated security monitoring are possible options.

Info-Tech Insight

Vulnerability management is not only patch management. Patching is only one aspect.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Key deliverable:

Vulnerability Management SOP

The Standard operating procedure (SOP) will comprise the end-to-end description of the program: roles & responsibilities, data flow, and expected outcomes of the program.

Sample of the key deliverable, Vulnerability Management SOP.
Vulnerability Management Policy

Template for your vulnerability management policy.

Sample of the Vulnerability Management Policy blueprint.Vulnerability Tracking Tool

This tool offers a template to track vulnerabilities and how they are remedied.

Sample of the Vulnerability Tracking Tool blueprint.
Vulnerability Scanning RFP Template

Request for proposal template for the selection of a vulnerability scanning tool.

Sample of the Vulnerability Scanning RFP Template blueprint.Vulnerability Risk Assessment Tool

Methodology to assess vulnerability risk by determining impact and likelihood.

Sample of the Vulnerability Risk Assessment Tool blueprint.

Blueprint benefits

IT Benefits

  • A standardized, consistent methodology to assess, prioritize, and remediate vulnerabilities.
  • A risk-based approach that aligns with what’s important to the business.
  • A way of dealing with the high volumes of vulnerabilities that your scanning tool is reporting.
  • Identification of “where to start” in terms of vulnerability management.
  • Ability to not lose yourself in the patch madness but rather take a sound approach to scheduling and prioritizing patches and updates.
  • Knowledge of what to do when patching is simply not possible or feasible.

Business Benefits

  • Alignment with IT in ensuring that business processes are only interrupted when absolutely necessary while maintaining a regular cadence of vulnerability remediation.
  • A consistent program that the business can plan around and predict when interruptions will occur.
  • IT’s new approach being integrated with existing IT operations processes, offering the most efficient yet expedient method of dealing with vulnerabilities.

Info-Tech’s process can save significant financial resources

PhaseMeasured Value
Phase 1: Identify vulnerability sources
    Define the process, scope, roles, vulnerability sources, and current state
    • Consultant at $100 an hour for 16 hours = $1,600
Phase 2: Triage vulnerabilities and assign urgencies
    Establish triaging and vulnerability evaluation process
    • Consultant at $100 an hour for 16 hours = $1,600
    Determine high-level business criticality and data classifications
    • Consultant at $100 an hour for 40 hours = $4,000
    Assign urgencies to vulnerabilities
    • Consultant at $100 an hour for 8 hours = $800
Phase 3: Remediate vulnerabilities
    Prepare documentation for the vulnerability process
    • Consultant at $100 an hour for 8 hours = $800
    Establish defense-in-depth modelling
    • Consultant at $100 an hour for 24 hours = $2,400
    Identify remediation options and establish criteria for use
    • Consultant at $100 an hour for 40 hours = $4,000
    Formalize backup and testing procedures, including exceptions
    • Consultant at $100 an hour for 8 hours = $800
    Remediate vulnerabilities and verify
    • Consultant at $100 an hour for 24 hours = $2,400
Phase 4: Continually improve the vulnerability management process
    Establish a metrics program for vulnerability management
    • Consultant at $100 an hour for 16 hours = $1,600
    Update vulnerability management policy
    • Consultant at $100 an hour for 8 hours = $800
    Develop a vulnerability scanning tool RFP
    • Consultant at $100 an hour for 40 hours = $4,000
    Develop a penetration test RFP
    • Consultant at $100 an hour for 40 hours = $4,000
Potential financial savings from using Info-Tech resourcesPhase 1 ($1,600) + Phase 2 ($6,400) + Phase 3 ($10,400) + Phase 4 ($10,400) = $28,800

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

What does a typical GI on this topic look like?

Phase 1

Phase 2

Phase 3

Phase 4

Call #1: Scope requirements, objectives, and your specific challenges.

Call #2: Discuss current state and vulnerability sources.

Call #3: Identify triage methods and business criticality.

Call #4:Review current defense-in-depth and discuss risk assessment.

Call #5: Discuss remediation options and scheduling.

Call #6: Review release and change management and continuous improvement.

Call #7: Identify metrics, KPIs, and CSFs.

Call #8: Review vulnerability management policy.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Day 1Day 2Day 3Day 4Day 5
Activities
Identify vulnerability sources

1.1 What is vulnerability management?

1.2 Define scope and roles

1.3 Cloud considerations for vulnerability management

1.4 Vulnerability detection

Triage and prioritize

2.1 Triage vulnerabilities

2.2 Determine high-level business criticality

2.3 Consider current security posture

2.4 Risk assessment of vulnerabilities

Remediate vulnerabilities

3.1 Assess remediation options

3.2 Schedule and execute remediation

3.3 Drive continuous improvement

Measure and formalize

4.1 Metrics, KPIs & CSFs

4.2 Vulnerability Management Policy

4.3 Select & implement a scanning tool

4.4 Penetration testing

Next Steps and Wrap-Up (offsite)

5.1 Complete in-progress deliverables from previous four days

5.2 Set up review time for workshop deliverables and to discuss next steps

Deliverables
  1. Scope and boundary definition of vulnerability management program
  2. Responsibility assignment for vulnerability identification and remediation
  3. Monitoring and review process of third-party vulnerability sources
  4. Incident management and vulnerability convergence
  1. Methodology for evaluating identified vulnerabilities
  2. Identification of high-level business criticality
  3. Defined high-level data classifications
  4. Documented defense-in-depth controls
  5. Risk assessment criteria for impact and likelihood
  1. Documented risk assessment methodology and remediation options
  1. Defined metrics, key performance indicators (KPIs), and critical success factors (CSFs)
  2. Initial draft of vulnerability management policy
  3. Scanning tool selection criteria
  4. Introduction to penetration testing
  1. Completed vulnerability management standard operating procedure
  2. Defined vulnerability management risk assessment criteria
  3. Vulnerability management policy draft

Implement Risk-Based Vulnerability Management

Phase 1

Identify Vulnerability Sources

Phase 1

1.1 What is vulnerability management?
1.2 Define scope and roles
1.3 Cloud considerations for vulnerability management
1.4 Vulnerability detection

Phase 2

2.1 Triage vulnerabilities
2.2 Determine high-level business criticality
2.3 Consider current security posture
2.4 Risk assessment of vulnerabilities

Phase 3

3.1 Assessing remediation options
3.2 Scheduling and executing remediation
3.3 Continuous improvement

Phase 4

4.1 Metrics, KPIs & CSFs
4.2 Vulnerability management policy
4.3 Select and implement a scanning tool
4.4 Penetration testing

This phase will walk you through the following activities:

Establish a common understanding of vulnerability management, define the roles, scope, and information sources of vulnerability detection.

This phase involves the following participants:

  • Security operations team
  • IT Security Manager
  • IT Director
  • CISO

Step 1.1

Vulnerability Management Defined

Activities

None for this section

This step will walk you through the following activities:

Establish a common understanding of vulnerability management and its place in the IT organization.

This step involves the following participants:

  • Security operations team
  • IT Security Manager
  • IT Director
  • CISO

Outcomes of this step

Foundational knowledge of vulnerability management in your organization.

Identify vulnerability sources
Step 1.1Step 1.2Step 1.3Step 1.4

What is vulnerability management?

It’s more than just patching.

  • Vulnerability management is the regular and ongoing practice of scanning an operating environment to uncover vulnerabilities. These vulnerabilities can be outdated applications, unpatched operating systems and software, open ports, obsolete hardware, or any combination of these.
  • The scanning and detection of vulnerabilities is the first step. Planning and executing of remediation is next, along with the approach, prioritized sequence of events, and timing.
  • A vendor-supplied software patch or firmware update is often the easy answer, however, this is not always a viable solution. What if you can’t patch in a timely fashion? What if patching is not possible as it will break the application and bring down operations? What if no patch exists due to the age of the application or operating platform?

“Most organizations do not have a formal process for vulnerability management.” (Morey Haber, VP of Technology, BeyondTrust, 2016)

Effective vulnerability management

It’s not easy, but it’s much harder without a process in place.
  • Effective vulnerability management requires a formal process for organizations to follow; without one, vulnerabilities are dealt with in an ad hoc fashion.
  • Patching isn’t the only solution, but it’s the one that often draws focus.
  • Responsibilities for the different aspects of vulnerability management are often unclear, such as for testing, remediation, and implementation.
  • Identifying new threats without proper vulnerability scanning tools can be a near-impossible task.
  • Determining which vulnerabilities are most urgent can be an inconsistent process, increasing the organizational risk.
  • Measuring the effectiveness of your vulnerability remediation activities can help you better manage resources in SecOps and ITOps. Your staff will be spending the appropriate effort on vulnerabilities that warrant that level of attention.

You’re not just doing this for yourself. It’s also for your auditors.

Many compliance and regulatory obligations require organizations to have thorough documentation of their vulnerability management practices.

Vulnerability management revolves around your asset security services

Diagram with 'Asset Security Services' at the center. On either side are 'Network Security Services' and 'Identity Security Services', all three of which flow up into 'Security Analytics | Security Incident Response', and all four share a symbiotic flow with 'Management' below and contribute to 'Mega Trend Mapping' above. Management is supported by 'Governance'.Vulnerabilities can be found primarily within your assets but also connect to your information risk management. These must be effectively managed as part of a holistic security program.

Without management, vulnerabilities left unattended can be easy for attackers to exploit. It becomes difficult to identify the correct remediation option to mitigate against the vulnerabilities.

Vulnerability management works in tandem with SecOps and ITOps

Vulnerability Management Process Inputs/Outputs:
'Vulnerability Management (Process and Tool)' outputs are 'Incident Management', 'Release Management', 'Change Management', 'IT Asset Management', 'Application Security Testing', 'Threat Intelligence', and 'Security Risk Management'; inputs are 'Vulnerability Disclosure', 'Threat Intelligence', and 'Security Risk Management'.

Arrows denote direction of information feed

Vulnerability management serves as the input into a number of processes for remediation, including:
  • Incident management, to deal with issues
  • Release management, for patch management
  • Change management, for change control
  • IT asset management, to track version information, e.g. for patching
  • Application security testing, for the verification of vulnerabilities

A two-way data flow exists between vulnerability management and:

  • Security risk management, for the overall risk posture of the organization
  • Threat intelligence, as vulnerability management reveals only one of several threat vectors

For additional information please refer to Info-Tech’s research for each area:

  • Vulnerability management can leverage your existing processes to gain an operational element for the program.
  • As you strive to mature each of the processes on their own, vulnerability management will benefit accordingly.
  • Review our research for each of these areas and speak to one of our analysts if you wish to improve any of the listed processes.

Info-Tech’s Information Security Program Framework

Vulnerability management is a component of the Infrastructure Security section of Security Management

Information Security Framework with Level 1 and Level 2 capabilities in two main sections, 'Management' and 'Governance'. Level 2 capabilities are grouped within Level 1 capabilities.For more information, review our Build an Information Security Strategy blueprint, or speak to one of our analysts.

Info-Tech Insight

Vulnerability management is but one piece of the information security puzzle. Ensure that you have all the pieces!

Case Study

Logo for Cimpress.
INDUSTRY: Manufacturing
SOURCE: Cimpress, 2016

One organization is seeing immediate benefits by formalizing its vulnerability management program.

Challenge

Cimpress was dealing with many challenges in regards to vulnerability management. Vulnerability scanning tools were used, but the reports that were generated often gave multiple vulnerabilities that were seen as critical or high and required many resources to help address them. Scanning was done primarily in an attempt to adhere to PCI compliance rather than to effectively enable security. After re-running some scans, Cimpress saw that some vulnerabilities had existed for an extended time period but were deemed acceptable.

Solution

The Director of Information Security realized that there was a need to greatly improve this current process. Guidelines and policies were formalized that communicated when scans should occur and what the expectations for remediations should be. Cimpress also built a tiered approach to prioritize vulnerabilities for remediation that is specific to Cimpress instead of relying on scanning tool reports.

Results

Cimpress found better management of the vulnerabilities within its system. There was no pushback to the adoption of the policies, and across the worldwide offices, business units have been proactively trying to understand if there are vulnerabilities. Vulnerability management has been expanded to vendors and is taken into consideration when doing any mergers and acquisitions. Cimpress continues to expand its program for vulnerability management to include application development and vulnerabilities within any existing legacy systems.

Step 1.2

Defining the scope and roles

Activities
  • 1.2.1 Define the scope and boundary of your organization’s security program
  • 1.2.2 Assign responsibility for vulnerability identification and remediation

This step will walk you through the following activities:

Define and understand the scope and boundary of the security program. For example, does it include OT? Define roles and responsibilities for vulnerability identification and remediation

This step involves the following participants:

  • Security operations team
  • IT Security Manager
  • IT Director
  • CISO

Outcomes of this step

Understand how far vulnerability management extends and what role each person in IT plays in the remediation of vulnerabilities

Identify vulnerability sources
Step 1.1Step 1.2Step 1.3Step 1.4

Determine the scope of your security program

This will help you adjust the depth and breadth of your vulnerability management program.
  • Determining the scope will help you decide how much organizational risk the vulnerability management program will oversee.
  • Scope can be defined along four aspects:
    • Data Scope – What data elements in your organization does your security program cover? How is data classified?
    • Physical Scope – What physical scope, such as geographies, does the security program cover?
    • Organizational Scope – How are business units engaged with security initiatives? Does the scope cover all subsidiary organizations?
    • IT Scope – What parts of the organization does IT cover? Does their coverage include operational technology (OT) and industrial control systems (ICS)?
Stock image of figures standing in connected circles.

1.2.1 Define the scope and boundary of your organization’s security program

60 minutes

Input: List of Data Scope, Physical Scope, Organization Scope, and IT Scope

Output: Defined scope and boundaries of the IT security program

Materials: Whiteboard/Flip Charts, Sticky Notes, Markers, Vulnerability Management SOP Template

Participants: Business stakeholders, IT leaders, Security team members

  1. On a whiteboard, write the headers: Data Scope, Physical Scope, Organizational Scope, and IT Scope.
  2. Give each group member a handful of sticky notes. Ask them to write down as many items as possible for the organization that could fall under one of the four scope buckets.
  3. In a group, discuss the sticky notes and the rationale for including them. Discuss your security-related locations, data, people, and technologies, and define their scope and boundaries.

The goal is to identify what your vulnerability management program is responsible for and document it.

Consider the following:

How is data being categorized and classified? How are business units engaged with security initiatives? How are IT systems connected to each other? How are physical locations functioning in terms of information security management?

Download the Vulnerability Management SOP Template

Assets are part of the scope definition

An inventory of IT assets is necessary if there is to be effective vulnerability management.

  • Organizations need an up-to-date and comprehensive asset inventory for vulnerability management. This is due to multiple reasons:
    • When vulnerabilities are announced, they will need to be compared to an inventory to determine if the organization has any relevant systems or versions.
    • It indicates where all IT assets can be found both physically and logically.
    • Asset inventories typically have owners assigned to the assets and systems whose responsibility it is to carry out remediations for vulnerabilities.
  • Furthermore, asset inventories can provide insight into where data can be found within the organization. This is extremely useful within a formal data classification program, which plays a large factor in vulnerability management.
If you need assistance building your asset inventory, review Info-Tech’s Implement Hardware Asset Management and Implement Software Asset Management blueprints.

Info-Tech Insight

Create a formal IT asset inventory before continuing with the rest of this project. Otherwise, you risk being at the mercy of a weak vulnerability management program.

Assign responsibility for vulnerability identification and remediation

Determine who is critical to effectively detecting and managing vulnerabilities.
  • Some of the remediation steps will involve members of IT management to identify the true organizational risk of a vulnerability.
  • Vulnerability remediation comes in different shapes and sizes. In addition to patching, this can include implementing compensating controls, server and application hardening, or the segregating of vulnerable systems.
    • Who carries out each of these activities? Who coordinates the activities and tracks them to ensure completion?
  • The people involved may be members outside of the security team, such as members from IT operations, infrastructure, and applications. The specific roles that each of these groups play should be clearly identified.
Stock image of many connected profile photos in a cloud network.

1.2.2 Assign responsibility for vulnerability identification and remediation

60 minutes

Input: Sample list of vulnerabilities and requisite actions from each group, High-level organizational chart with area functions

Output: Defined set of roles and responsibilities for member groups

Materials: Vulnerability Management SOP Template

Participants: CIO, CISO, IT Management representatives for each area of IT

  1. Display the table of responsibilities that need to be assigned.
  2. List all the positions within the IT security team.
  3. Map these to the positions that require IT security team members.
  4. List all positions that are part of the IT team.
  5. Map these to the positions that require IT team members.

If your organization does not have a dedicated IT security team, you can perform this exercise by mapping the relevant IT staff to the different positions shown on the right.

Download the Vulnerability Management SOP TemplateSample of the Roles and Responsibilities table from the Vulnerability Management SOP Template.

Step 1.3

Cloud considerations for vulnerability management

Activities

None for this section.

This step will walk you through the following activities:

Review cloud considerations for vulnerability management

This step involves the following participants:

  • Security operations team
  • IT Security Manager
  • IT Director
  • CISO

Outcomes of this step

Understand the various types of cloud offerings and the implications (and limitations) of vulnerability management in a cloud environment.

Identify vulnerability sources
Step 1.1Step 1.2Step 1.3Step 1.4

Cloud considerations

Cloud will change your approach to vulnerability management.
  • There will be a heavy dependence on the cloud service provider to ensure that vulnerabilities in their foundational technologies have been addressed.
  • Depending on the level of “as-a-Service,” customers will have varying degrees of control and visibility into the underlying operations.
  • With vendor acquiescence, you can set your tool to scan a given cloud environment, depending on how much visibility you have into their environment based on the service you have purchased.
  • Due to compliance obligations of their customers, there is a growing trend among cloud providers to allow more scanning of cloud environments.
  • In the absence of customer scanning capability, vendors may offer attestation of vulnerability management and remediation.
Table outlining who has control, between the 'Organization' and the 'Vendor', of different cloud capabilities in different cloud strategies.

For more information, see Info-Tech Research Group’s Document Your Cloud Strategy blueprint.

Cloud environment scanning

Cloud scanning is becoming a more common necessity but still requires special consideration.

An organization’s cloud environment is just an extension of its own environment. As such, cloud environments need to be scanned for vulnerabilities.

Private Cloud
If your organization owns a private cloud, these environments can be tested normally.
Public Cloud
Performing vulnerability testing against public, third-party cloud environments is an area experiencing rapid growth and general acceptance, although customer visibility will still be limited.

In many cases, a customer must rely on the vendor’s assurance that vulnerabilities are being addressed in a sufficient manner.

Security standards’ compliance requirements are driving the need for cloud suppliers to validate and assure that they are appropriately scanning for and remediating vulnerabilities.

Infrastructure- or Platform-as-a-Service (IaaS or PaaS) Environments
  • There is a general trend for PaaS and IaaS vendors to allow testing if given due notice.
  • Your contract with the cloud vendor or the vendor’s terms and conditions will outline the permissibility of customer vulnerability scanning. In some cases, a cloud vendor will deny the ability to do vulnerability scanning if they already provide a solution as part of their service.
  • Always ensure that the vendor is aware of your vulnerability scanning activity so that false positives aren’t triggering their security measures as possible denial-of-service (DoS) attacks.
Software-as-a-Service (SaaS) Environments
  • SaaS offers very limited visibility to the services behind the software that the customer sees. You therefore cannot test for patch levels or vulnerabilities.
  • SaaS customers must rely exclusively on the provider for the regular scanning and remediation of vulnerabilities in the back-end technologies supporting the SaaS application.
  • You can only test the connection points to SaaS environments. This involves trying to figure out what you can see, e.g. looking for encrypted traffic.

Certain testing (e.g. DoS or load testing) will be very limited by your cloud vendor. Cloud vendors won’t open themselves to testing that would possibly impact their operations.

Step 1.4

Vulnerability detection

Activities
  • 1.4.1 Develop a monitoring and review process of third-party vulnerability sources
  • 1.4.2 Incident management and vulnerability management

This step will walk you through the following activities:

Create an inventory of your vulnerability monitoring capability and third-party vulnerability information sources.

Determine how incident management and vulnerability management interoperate.

This step involves the following participants:

  • Security operations team
  • IT Security Manager
  • IT Director
  • CISO

Outcomes of this step

Catalog of vulnerability information data sources. Understanding of the intersection of incident management and vulnerability management.

Identify vulnerability sources
Step 1.1Step 1.2Step 1.3Step 1.4

Vulnerability detection

Vulnerabilities can be identified through numerous mediums.

Info-Tech has determined the following to be the four most common ways to identify vulnerabilities.

Vulnerability Assessment and Scanning Tools
  • Computer programs that function to identify and assess security vulnerabilities and weaknesses within computers, computer systems, applications, or networks.
  • Using a known vulnerability database, the tool scans targeted hosts or systems to identify flaws and generate reports and recommendations based on the results.
  • There are four main types of tools under this category: network and operating system vulnerability scanners, application scanning and testing tools, web application scanners, and exploitation tools.
Penetration Tests
  • The act of identifying vulnerabilities on computers, computer systems, applications, or networks followed by testing of the vulnerability to validate the findings.
  • Penetration tests are considered a service that is offered by third-parties in which a variety of products, tools, and methods are used to exploit systems and gain access to data.
Open Source Monitoring
  • New vulnerabilities are detected daily with each vulnerability’s information being uploaded to an information-sharing platform to enable other organizations to be able to identify the same vulnerability on their systems.
  • Open source platforms are used to alert and distribute information on newly discovered vulnerabilities to security professionals.
Security Incidents
  • Any time an incident response plan is called into action to mitigate an incident, there should be formal communication with the vulnerability management team.
  • Any IT incident an organization experiences should provide a feed for analysis into your vulnerability management program.

Automate with a vulnerability scanning tool

Vulnerabilities are too numerous for manual scanning and detection.
  • Vulnerability management is not only the awareness of the existence of vulnerabilities but that they are actively present in your environment.
  • A vulnerability scanner will usually report dozens, if not hundreds, of vulnerabilities on a regular and recurring basis. Typical IT environments have several dozen, if not hundreds, of servers. We haven’t even considered the amount of network equipment or the hundreds of user workstations in an environment.
  • This tool will give you information of the presence of a vulnerability in your environment and the host on which the vulnerability exists. This includes information on the version of software that contains a vulnerability and whether you are running that version. The tool will also report on the criticality of the vulnerability based on industry criticality ratings.
  • The tools are continually updated by the vendor with the latest definition updates for the latest vulnerabilities out there. This ensures you are always scanning for the greatest number of potential vulnerabilities.
Automation requires oversight.
  1. Vulnerability scanners bring great automation to the task of scanning and detecting vulnerabilities in high numbers.
  2. Vulnerability scanners, however, do not have your level of intelligence. Any compensating controls, network segregation, or other risk mitigation features that you have in place will not be known by the tool.
  3. Determining the risk and urgency of a vulnerability within the context of your specific environment will still require internal review by you or your SecOps team.

For guidance on tool selection

Refer to section 4.3 Selecting and Implement a Scanning Tool in this blueprint.

Vulnerability scanning tool considerations

Select a vulnerability scanning tool with the features you need to be effective.
  • Vulnerability scanning tool selection can be an exciting and confusing process. You will need to consider what features you desire in a tool and whether you want the tool to go beyond just scanning and reporting.
  • In addition to vulnerability scanning, some tools will integrate with your IT service management (service desk ticketing system) tool and asset, configuration, and change management modules. This can facilitate the necessary workflow that the remediation process follows once a vulnerability is discovered.
  • A number of vulnerability scanning tool vendors have started offering remediation as part of their software features. This includes the automation and orchestration functionality and configuration and asset management to track its remediation activities.
  • A side benefit of the asset discovery feature in vulnerability scanning tools is that it can help enhance an organization’s asset inventory and license compliance, particularly in cases where end users are able to install software on their workstations.
Stock photo of a smartphone scanning a barcode.

For guidance on tool vendors

Visit SoftwareReviews for information on vulnerability management tools and vendors.

Vulnerability scanning tool best practices

How often should scans be performed?

One-off scans provide snapshots in time. Repeated scans over time provide tracking for how systems are changing and how well patches are being applied and software is being updated.

The results of a scan (asset inventory, configuration data, and vulnerability data) are basic information needed to understand your security posture. This data needs to be as up to date as possible.

ANALYST PERSPECTIVE: Organizations should look for continuous scanning

Continuous scanning is the concept of providing continual scanning of your systems so any asset, configuration, or vulnerability information is up to date. Most vendors will advertise continuous scanning but you need to be skeptical of how this feature is met.

Continuous Scanning Methods

Continuous agent scanning

Real-time scanning that is completed through agent-based scanning. Provides real-time understanding of system changes.

On-demand scanning

Cyclical scanning is the method where once you’re done scanning an area, you start it again. This is usually done because doing some scans on some areas of your network take time. How long the scan takes depends on the scan itself. How often you perform a scan depends on how long a scan takes. For example, if a scan takes a day, you perform a daily scan.

Cloud-based scanning

Cloud-scanning-as-a-Service can provide hands-free continuous monitoring of your systems. This is usually priced as a subscription model.

Vulnerability scanning tool best practices

Where to perform a scan.

What should be scannedHow to point a scanner
The general idea is that you want to scan pretty much everything. Here are considerations for three environments:
Mobile Devices

You need to scan mobile devices for vulnerabilities, but the problem is these can be hard to scan and often come and go on your network. There are always going to be some devices that aren’t on the network when scanning occurs.

Several ways to scan mobile devices:

  • Intercept the device when it remotes into your network using a VPN. You catch the device with a remote scan. This can only be done if a VPN is required.
  • An agent-based approach can be used for mobile devices. Locally installed software gives the information needed to evaluate the security posture of a device. Discernibly, concerns around device processing, memory, and network bandwidth come into play. Ease of installation becomes key for agents.
Virtualization
  • In a virtual environment, you will have servers being dynamically spun up. Ensure your tool is able to scan these new servers automatically.
  • Often, vulnerability scanning tool providers will restrict scanning to preapproved scanners. Look for tools that are preapproved by the VM vendors.
Cloud Environments
  • You can set your tool to scan a given cloud environment. The main concern here is who owns the cloud. If it is a private cloud, there is little concern.
  • If it is a third-party cloud (AWS, Azure, etc.) you need to confirm with the cloud service provider that scanning of your cloud environment can occur.
  • There is a trend to allow more scanning of cloud environments.
  • You need to tell the scanner an IP address, a group of IP addresses, an asset group, or a combination of those.
  • You can categorize by functional classifications – internet-facing servers, workstations, network devices, etc., or by organizational structure – Finance, HR, Legal, etc.
  • If you have a strong change management system, you can better hone when and where to perform a scan based on actual changes.
  • You can set the number of concurrent outbound TCP connections that are being made. For example, set the tool so it sends out to 10 ports at a time, rather than pinging at 64k ports on a machine, which would flood the NIC.
  • Side Note: Flooding a host with pings from a scanning tool can be done to find out DoS thresholds on a machine. There are no bandwidth concerns for a network DoS, however, because the packets are so small.

Vulnerability scanning tool best practices

Communication and measurement

Pre-Scan Communication With Users

  • It is always important to inform owners and users of systems that a scan will be happening.
  • Although it is unlikely any performance issues will arise, it is important to notify end users of potential impact.
  • Local admins or system owners may have controls in place that stop vulnerability scans and you need to inform the owners so that they can safelist the scanner you will be using.
Vulnerability Scanning Tool Tracking Metrics
  • Vulnerability score by operating system, application, or organization division.
    • This provides a look at the widely accepted severity of the vulnerability as it relates across the organization’s systems.
  • Most vulnerable applications and application version.
    • This provides insight into how outdated applications are creating risk exposure for an organization.
    • This will also provide metrics on the effectiveness of your patching program.
  • Number of assets scanned within the last number of days.
    • This provides visibility into how often your assets are being scanned and thus protected.
  • Number of unowned devices or unapproved applications.
    • This metric will track how many unowned devices or unapproved applications may be on your network. Unowned devices may be rogue devices or just consultant/contractor devices.

Third-party vulnerability information sources

IT security forums and mailing lists are another source of vulnerability information.

Proactively identify new vulnerabilities as they are announced.

By monitoring for vulnerabilities as they are announced through industry alerts and open-source mechanisms, it is possible to identify vulnerabilities beyond your scanning tool’s penetration tests.

Common sources:
  • Vendor websites and mailing lists
    • Vendors are the trusted sources for vulnerability and patch information on their products, particularly with new industry vulnerability disclosure requirements. Vendors are the most familiar with their products, downloads are most likely malware free, and additional information is often included.
    • There are some issues: vendors won’t announce a vulnerability until a patch is created, which creates a potential unknown risk exposure; numerous vendor sites will have to be monitored continually.
  • Third-party websites
    • A non-vendor site providing information on vulnerabilities. They often will cover a specific technology or an industry section, becoming a potential “one-stop shop” for some. They will often provide vulnerability information that is augmented with different remediation recommendations faster than vendors.
    • However, it’s more likely that malicious code could be downloaded and it will often not be comprehensive information on patching.
  • Third-party mailing lists, newsgroups, live paid subscriptions, and live open-source feeds
    • These are alerting and notification services for the detection and dissemination of vulnerability information. They provide information on the latest and most critical vulnerabilities, e.g. US-CERT Cybersecurity Alerts.
  • Vulnerability databases
    • These usually consist of dedicated databases on vulnerabilities. They perform the hard work of identifying and aggregating vulnerability and patch information into a central repository for end-user consumption. The commentary features on these databases provide excellent insight for practitioners, e.g. National Vulnerability Database (NVD).
Stock photo of a student checking a bulletin board.

Third-party vulnerability information sources

IT security forums and mailing lists are another source of vulnerability information.

Third-party sources for vulnerabilities

  • Open Source Vulnerability Database (OSVDB)
    • An open-source database that is run independently of any vendors.
  • Common Vulnerabilities and Exposures (CVE)
    • Free, international dictionary of publicly known information security vulnerabilities and exposures.
  • National Vulnerability Database (NVD)
    • Through NIST, the NVD is the US government’s repository of vulnerabilities and includes product names, flaws, and any impact metrics.
    • The National Checklist Repository Program (NCRP), also provided by NIST, provides security checklists for configurations of operating systems and applications.
    • The Center for Internet Security, a separate entity unrelated to NIST, provides configuration benchmarks that are often referenced by the NCRP.
  • Open Web Application Security Project (OWASP)
    • OWASP is another free project helping to expose vulnerabilities within software.
  • US-CERT National Cyber Alert System (US-CERT Alerts)
    • Cybersecurity Alerts – Provide timely information about current security issues, vulnerabilities, and exploits.
    • Cybersecurity Tips – Provide advice about common security issues for the general public.
    • Cybersecurity Bulletins – Provide weekly summaries of new vulnerabilities. Patch information is provided when available.
  • US-CERT Vulnerability Notes Database (US-CERT Vulnerability Notes)
    • Database of searchable security vulnerabilities that were deemed not critical enough to be covered under US-CERT Alerts. Note that the NVD covers both US-CERT Alerts and US-CERT Notes.
  • Open Vulnerability Assessment Language (OVAL)
    • Coding language for security professionals to discuss vulnerability checking and configuration issues. Vulnerabilities are identified using tests that are disseminated in OVAL definitions (XML executables that can be used by end users).

1.4.1 Develop a monitoring and review process for third-party vulnerability sources

60 minutes

Input: Third-party resources list

Output: Process for review of third-party vulnerability sources

Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

Participants: IT Security Manager, SecOps team members, ITOps team members, CISO

  1. Identify what third-party resources are useful and relevant.
  2. Shortlist your third-party sources.
  3. Identify what is the best way to receive information from a third party.
  4. Document the method to receive or check information from the third-party source.
  5. Identify who is responsible for maintaining third-party vulnerability information sources
  6. Capture this information in the Vulnerability Management SOP Template.
Download the Vulnerability Management SOP TemplateSample of the Third Party Vulnerability Monitoring tables from the Vulnerability Management SOP Template.

Incidents and vulnerability management

Incidents can also be a sources of vulnerabilities.

When any incident occurs, for example:

  • A security incident, such as malware detected on a machine
  • An IT incident, such as an application becomes unresponsive
  • A crisis occurs, like a worker accident

There can be underlying vulnerabilities that need to be processed.

Three Types of IT Incidents exist:
  1. Information Security Incident
  2. IT Incident and/or Problem
  3. Crisis

Note: You need to have developed your various incident response plans to develop information feeds to the vulnerability mitigation process.
If you are missing an incident response plan, take a look at Info-Tech’s Related Resources.

Info-Tech Related Resources:
If you do not have a formalized information security incident management program, take a look at Info-Tech’s blueprint Develop and Implement a Security Incident Management Program.

If you do not have a formalized problem management process, take a look at Info-Tech’s blueprint Incident and Problem Management.

If you do not have a formalized IT incident management process, take a look at Info-Tech’s blueprint Develop and Implement a Security Incident Management Program.

If you do not have formalized crisis management, take a look at Info-Tech’s blueprint Implement Crisis Management Best Practices.

1.4.2 Incident management and vulnerability management

60 minutes

Input: Existing incident response processes, Existing crisis communications plans

Output: Alignment of vulnerability management program with existing incident management processes

Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

Participants: IT Security Manager, SecOps team members, ITOps team members, including tiers 1, 2, and 3, CISO, CIO

  1. Inventory what incident response plans the organization has. These include:
    1. Information Security Incident Response Plan
    2. IT Incident Plan
    3. Problem Management Plan
    4. Crisis Management Plan
  2. Identify what part of those plans contains the post-response recap or final analysis.
  3. Formalize a communication process between the incident response plan and the vulnerability mitigation process.

Note: Most incident processes will cover some sort of root cause analysis and investigation of the incident. If a vulnerability of any kind is detected within this analysis it needs to be reported on and treated as a detected vulnerability, thus warranting the full vulnerability mitigation process.

Download the Vulnerability Management SOP Template

Implement Risk-Based Vulnerability Management

Phase 2

Triage & prioritize

Phase 1

1.1 What is vulnerability management?
1.2 Define scope and roles
1.3 Cloud considerations for vulnerability management
1.4 Vulnerability detection

Phase 2

2.1 Triage vulnerabilities
2.2 Determine high-level business criticality
2.3 Consider current security posture
2.4 Risk assessment of vulnerabilities

Phase 3

3.1 Assessing remediation options
3.2 Scheduling and executing remediation
3.3 Continuous improvement

Phase 4

4.1 Metrics, KPIs & CSFs
4.2 Vulnerability management policy
4.3 Select and implement a scanning tool
4.4 Penetration testing

This phase will walk you through the following activities:

Examine the elements that you will use to triage and analyze vulnerabilities, prioritizing using a risk-based approach, and prepare for remediation options.

This phase involves the following participants:

  • IT Security Manager
  • SecOps team members
  • ITOps team members, including tiers 1, 2, and 3
  • CISO
  • CIO

Step 2.1

Triage vulnerabilities

Activities
  • 2.1.1 Evaluate your identified vulnerabilities

This step will walk you through the following activities:

Review your vulnerability information sources and determine a methodology that will be used to consistently evaluate vulnerabilities as your scanning tool alerts you to them.

This step involves the following participants:

  • IT Security Manager
  • SecOps team members
  • ITOps team members, including tiers 1, 2, and 3
  • CISO
  • CIO

Outcomes of this step

A consistent, documented process for the evaluation of vulnerabilities in your environment.

Triage & prioritize
Step 2.1Step 2.2Step 2.3Step 2.4

Triaging vulnerabilities

Use Info-Tech’s methodology to allocate urgencies to your vulnerabilities to assign the appropriate resources to each one.

When evaluating numerous vulnerabilities, use the following three factors to help determine the urgency of vulnerabilities:

  • The intrinsic qualities of the vulnerability
  • The business criticality of the affected asset
  • The sensitivity of the data stored on the affected asset

Intrinsic qualities of the vulnerability — Vulnerabilities need to be examined for the inherent risk they pose specifically to the organization, which includes if an exploit has been identified or if the industry views this as a serious and likely threat.

Business criticality of the affected asset — Assets with vulnerabilities need to be assessed for their criticality to the business. Vulnerabilities on systems that are critical to business operations or customer interactions are usually top of mind.

Sensitivity of the data of the affected asset — Beyond just the criticality of the business, there must be consideration of the sensitivity of the data that may be compromised or modified as a result of any vulnerabilities.

Info-Tech Insight

This methodology allows you to determine urgency of vulnerabilities, but your remediation approach needs to be risk-based, within the context of your organization.

Triage your vulnerabilities, filter out the noise

Triaging enables your vulnerability management program to focus on what it should focus on.

Use the Info-Tech Vulnerability Mitigation Process Template to define how to triage vulnerabilities as they first appear.

Triaging is an important step in vulnerability management, whether you are facing ten to tens of thousands of vulnerability notifications.
Many scanning tools already provide the capability to compare known vulnerabilities against existing assets through integration with the asset inventory.

There are two major use cases for this process:
  1. For organizations that have identified vulnerabilities but do not know their own systems well enough. This can be due to a lack of a formal asset inventory.
  2. For proactive organizations that are regularly staying up to date with industry announcements regarding vulnerabilities. Once an alert has been made publicly, this process can assist in confirming if the vulnerability is relevant to the organization.
The Info-Tech methodology for initial triaging of vulnerabilities:
Flowchart of the Info-Tech methodology for initial triaging of vulnerabilities, beginning with 'Vulnerability has been identified' and ending with either 'Vulnerability has been triaged' or 'No action needed'.

Even if neither of these use cases apply to your organization, triaging still addresses the issues of false positives. Triaging provides a quick way to determine if vulnerabilities are relevant.

After eliminating the noise, evaluate your vulnerabilities to determine urgency

Consider the intrinsic risk to the organization.

Is there an associated, verified exploit?
  • For a vulnerability to become a true threat to the organization, it must be exploited to cause damage. In today’s threat landscape, exploit kits are sold online that allow individuals with low technical knowledge to exploit a vulnerability.
  • Not all vulnerabilities have an associated exploit, but this does not mean that these vulnerabilities can be left alone. In many cases, it is just a matter of time before an exploit is created.
  • Another point to consider is that while exploits can exist theoretically, they may not be verified. Vulnerabilities always pose some level of risk, but if there are no known verified exploits, there is less risk attached.
Is there a CVSS base score of 7.0 or higher?
  • Common Vulnerability Scoring System (CVSS) is an open-source industry scoring method to assess the potential severity of vulnerabilities.
  • CVSS takes into account: attack vector, complexity, privileges required, user interaction, scope, confidentiality impact, integrity impact, and availability impact.
  • Vulnerabilities that have a score of 4.0 or lower are classified as low vulnerabilities, while scores between 4.0 and 6.9 are put in the medium category. Scores of 7 or higher are in the high and critical categories. As we will review in the Risk Assessment section, you will want to immediately deal with high and critical vulnerabilities.
Is there potential for significant lateral movement?
  • Even though a vulnerability may appear to be part of an inconsequential asset, it is important to consider whether it can be leveraged to gain access to other areas of the network or system by an attacker.
  • Another consideration should be whether the vulnerability can be exploited by remote or local access. Remote exploits pose a greater risk as this can mean that attackers can perform an exploit from any location. Local exploits carry less risk, although the risk of insider threats should be considered here as well.

2.1.1 Evaluate your identified vulnerabilities

60 minutes

Input: Visio workflow of Info-Tech’s vulnerability management process

Output: Adjusted workflow to reflect your current processes, Vulnerability Tracking Tool

Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

Participants: IT Security Manager, SecOps team members, ITOps team members, including tiers 1, 2, and 3, CISO, CIO

Using the criteria from the previous slide, Info-Tech has created a methodology to evaluate your vulnerabilities by examining their intrinsic qualities.

The methodology categorizes the vulnerabilities into high, medium, and low risk importance categorizations, before assigning final urgency scores in the later steps.

  1. Review the evaluation process in the Vulnerability Management Workflow library.
  2. Determine if this process makes sense for the organization; otherwise, change the flow to include any other considerations of process flows.
  3. As this process is used to evaluate vulnerabilities, document vulnerabilities to an importance category. This can be done in the Vulnerability Tracking Tool or using a similar internal vulnerability tracking document, if one exists.

Download the Vulnerability Management SOP Template

Step 2.2

Determine high-level business criticality

Activities
  • 2.2.1 Determine high-level business criticality
  • 2.2.2 Determine your high-level data classifications

This step will walk you through the following activities:

Determining high-level business criticality and data classifications will help ensure that IT security is aligned with what is critical to the business. This will be very important when decisions are made around vulnerability risk and the urgency of remediation action.

This step involves the following participants:

  • IT Security Manager
  • SecOps team members
  • CISO

Outcomes of this step

Understanding and consistency in how business criticality and business data is assessed by IT in the vulnerability management process.

Triage & prioritize
Step 2.1Step 2.2Step 2.3Step 2.4

Understanding business criticality is key to determining vulnerability urgency

Prioritize operations that are truly critical to the operation of the business, and understand how they would be impacted by an exploited vulnerability.

Use the questions below to help assess which operations are critical for the business to continue functioning.

For example, email is often thought of as a business-critical operation when this is not always the case. It is important to the business, but as regular operations can continue for some time without it, it would not be considered extremely business critical.

Questions to askDescription
Is there a hard-dollar impact from downtime?This refers to when revenue or profits are directly impacted by a business disruption. For example, when an online ordering system is compromised and shut down, it impacts sales, and therefore, revenue.
Is there an impact on goodwill/ customer trust?If downtime means delays in service delivery or otherwise impacts goodwill, there is an intangible impact on revenue that may make the associated systems mission critical.
Is regulatory compliance a factor?Depending on the circumstances of the vulnerabilities, it can be a violation of regulatory compliance and would cause significant fines.
Is there a health or safety risk?Some operations are critical to health and safety. For example, medical organizations have operations that are necessary to ensure that individuals’ health and safety are maintained. An exploited vulnerability that prevents these operations can directly impact the lives of these individuals.
Don’t start from scratch – your disaster recovery plan (DRP) may have a business impact analysis (BIA) that can provide insight into which applications and operations are considered business critical.

Analyst Perspective

When assessing the criticality of business operations, most core business applications may be deemed business critical over the long term.

Consider instead what the impact is over the first 24 or 48 hours of downtime.

2.2.1 Determine high-level business criticality

120 minutes; less time if a Disaster recovery plan business impact analysis exists

Input: List of business operations, Insight into business operations impacts to the business

Output: List of business operations and their criticality and impact to the business

Materials: Vulnerability Management SOP Template

Participants: Participants from the business, IT Security Manager, CISO, CIO

  1. List your core business operations at a high level.
  2. Use a High, Medium, or Low ranking to prioritize the business operations based on mission-critical criteria and the impact of the vulnerability.
  3. When using the process flow, consider if the vulnerability directly affects any of these business operations and move through the process flow based on the corresponding High, Medium, or Low ranking.
Example prioritization of business operations for a manufacturing company:Questions to ask:
  1. Is there a hard-dollar impact from downtime?
  2. Is there impact on goodwill or customer trust?
  3. Is regulatory compliance a factor?
  4. Is there a health or safety risk?

Download the Vulnerability Management SOP Template

Determine vulnerability urgency by its data classification

Consider how to classify your data based on if the Confidentiality, Integrity, or Availability (CIA) is compromised.

To properly classify your data, consider how the confidentiality, integrity, and availability of that data would be affected if it were to be exploited by a vulnerability. Review the table below for an explanation for each objective.
Confidentiality

Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

Integrity

Guarding against improper information modification or destruction, and ensuring information non-repudiation and authenticity.

Availability

Ensuring timely and reliable access to and use of information.

Each piece of data should be ranked as High, medium, or low across confidentiality, integrity, and availability based on adverse effect.Arrow pointing right.Low — Limited adverse effect

Moderate — Serious adverse effect

High — Severe or catastrophic adverse effect

If you wish to build a whole data classification methodology, refer to our Discover and Classify Your Data blueprint.

How to determine data classification when CIA differs:

The overall ranking of the data will be impacted by the highest objective’s ranking.

For example, if confidentiality and availability are low, but integrity is high, the overall impact is high.

This process was developed in part by Federal Information Processing Standards Publication 199.

2.2.2 Determine your high-level data classifications

120 minutes, less time if data classification already exists

Input: Knowledge of data use and sensitivity

Output: Adjusted workflow to reflect your current processes, Vulnerability Tracking Tool

Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

Participants: IT Security Manager, CISO, CIO

If your organization has formal data classification in place, it should be leveraged to determine the high, medium, and low rankings necessary for the process flows. However, if there is no formal data classification in place, the process below can be followed:

  1. List common assets or applications that are prone to vulnerabilities.
  2. Consider the data that is on these devices and provide a high (severe or catastrophic adverse effect), medium (serious adverse effect), or low (limited adverse effect) ranking based on confidentiality, availability, and integrity.
    1. Use the table on the previous slide to assist in providing the ranking.
    2. Remember that it is the highest ranking that dictates the overall ranking of the data.
  3. Document which data belongs in each of the categories to provide contextual evidence.

Download the Vulnerability Management SOP Template

This process should be part of your larger data classification program. If you need assistance in building this out, review the Info-Tech research, Discover and Classify Your Data.

Step 2.3

Consider current security posture

Activities
  • 2.3.1 Document your defense-in-depth controls

This step will walk you through the following activities:

Your defense-in-depth controls are the existing layers of security technology that protects your environment. These are relevant when considering the urgency and risk of vulnerabilities in your environment, as they will mitigate some of the risk.

This step involves the following participants:

  • IT Security Manager
  • SecOps team members
  • ITOps team members, including tiers 1, 2, and 3
  • CISO
  • CIO

Outcomes of this step

Understanding and documentation of your current defense-in-depth controls.

Triage & prioritize
Step 2.1Step 2.2Step 2.3Step 2.4

Review your current security posture

What you have today matters.
  • In most cases, your vulnerability scanning tool alone will not have the context of your security posture in the results of its scans. This can skew the true urgency of detected vulnerabilities in your environment.
  • What you have in place today is what comprises your organization’s overall security posture. This bears high relevance to the determination of the risk that a vulnerability poses to your environment.
  • Elements such as enterprise architecture and defense in depth mechanisms should be factored into determining the risk of a vulnerability and what kind of immediacy is warranted to address it.
  • Details of your current security posture will also contribute to the assessment and selection of remediation options.
Stock image of toy soldiers split into two colours, facing eachother down.

Enterprise architecture considerations

What does your network look like?
  • Most organizations have a network topology that has been put in place with operational needs in mind. These includes specific vLANs or subnets, broadcast domains, or other methods of traffic segregation.
  • The firewall and network ACLs (access control lists) will manage traffic and the routes that data packets follow to traverse a network.
  • Organizations may physically separate data network types, for example, a network for IT services and one for operational technology (OT)(OT is often known as ICS (industrial control systems) or SCADA (supervisory control and data acquisition)) or other types of production technology.
  • The deployment of distribution and access switches across an enterprise can also be a factor, where a flatter network will have fewer network devices within the topology.
  • In a directory services environment such as Windows Active Directory, servers and applications can be segregated by domains and trust relationships, organizational units, and security groups.
What’s the relevance to vulnerability management?

For a vulnerability to be exploited, a malicious actor must find a way to access the vulnerable system to make use of the vulnerability in question.

Any enterprise architecture characteristics that you have in place may lessen the probability of a successful vulnerability exploit.

This may potentially “buy time” for SecOps to address and remediate the vulnerability.

Defense-in-depth

Defense-in-depth provides extra layers of protection to the organization.

  • Defense-in-depth refers to the coordination of security controls to add layers of security to the organization.
    • This means that even if attackers are able to get past one control or layer, they are hindered by additional security.
  • Defense-in-depth is distinct from the previous section on enterprise architecture as these are security controls put in place with the purpose of being lines of defense within your security posture.
  • This can be extremely useful in managing vulnerabilities; thus, it is important to establish the existing defense-in-depth controls. By establishing the base model for your defense-in-depth, it will allow you to leverage these controls to manage vulnerabilities.
  • Controls are typically distributed across endpoints, network infrastructure, servers, and physical security.

Note: Defense-in-depth controls do not entirely mitigate vulnerability risk. They provide a way in which the vulnerability cannot be exploited, but it continues to exist on the application. This must be kept in mind as the controls or applications themselves change, as it can re-open the vulnerability and cause potential problems.

Examples of defense-in-depth controls can consist of any of the following:
  • Antivirus software
  • Authentication security
  • Multi-factor authentication
  • Firewalls
  • Demilitarized zones (DMZ)
  • Sandboxing
  • Network zoning
  • Application whitelisting
  • Access control lists
  • Intrusion detection & prevention systems
  • Airgapping
  • User security awareness training

2.3.1 Document your defense-in-depth controls

2 hours, less time if a security services catalog exists

Input: List of technologies within your environment, List of IT security controls that are in place

Output: List of defense-in-depth controls

Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

Participants: IT Security Manager, Infrastructure Manager, IT Director, CISO

  1. Document the existing defense-in-depth controls within your system.
  2. Review the initial list that has been provided and see if these are controls that currently exist.
  3. Indicate any other controls that are being used by the organization. This may already exist if you have a security services catalog.
  4. Indicate who the owners of the different controls are.
  5. Track the information in the Vulnerability Management SOP Template.

Download the Vulnerability Management SOP Template

Sample table of security controls within a Defense-in-depth model with column headers 'Defense-in-depth control', 'Description', 'Workflow', and 'Control Owner'.

Step 2.4

Risk assessment of vulnerabilities

Activities
  • 2.4.1 Build a classification scheme to consistently assess impact
  • 2.4.2 Build a classification scheme to consistently assess likelihood

This step will walk you through the following activities:

Assessing risk will be the cornerstone of how you evaluate vulnerabilities and what priority you place on remediation. This is actual risk to the organization and not simply what the tool reports without the context of your defense-in-depth controls.

This step involves the following participants:

  • IT Security Manager
  • IT Operations Management
  • CISO
  • CIO

Outcomes of this step

A risk matrix tailored to your organization, based on impact and likelihood. This will provide a consistent, unambiguous way to assess risk across the vulnerability types that is reported by your scanning tool.

Triage & prioritize
Step 2.1Step 2.2Step 2.3Step 2.4

Vulnerabilities and risk

Vulnerabilities must be addressed to mitigate risk to the business.
  • Vulnerabilities are a concern because they are potential threats to the business. Vulnerabilities that are not addressed can turn from potential threats into actual threats; it is only a matter of time and opportunity.
  • Your organization will already be familiar with risk management, as every decision carries a business risk component. There may even be a senior manager assigned as corporate risk officer to manage organizational risk.
  • The organization likely has a risk tolerance level that defines the organization’s risk appetite. This may be measured in dollars, non-productivity time, or other units of inefficiency.
  • The risk of a vulnerability can be calculated using impact and likelihood. Impact is the effect that the vulnerability will have if it is exploited by a malicious actor. Likelihood is the degree to which a vulnerability exploit can possibly occur.
Stock image of a cartoon character in a tie hanging on the needle of a 'RISK' meter as it sits at 'LOW'.

Info-Tech Insight

Risk to the organization is business language that everyone can understand. This is particularly true when the risk is to productivity or to the company’s bottom line.

A risk-based approach to vulnerability management

CVSS scores are just the starting point!

Vulnerabilities are constant.
  • There will always be vulnerabilities in the environment, many of which won’t be reported as they are currently unknown.
  • Don’t focus on trying to resolve all vulnerabilities in your environment. You are neither resourced for it nor can the business tolerate the downtime needed to remediate every single vulnerability.
    • The constant follow of new vulnerabilities will quickly render your efforts useless and it will become a game of “whack-a-mole.”
  • Being able to prioritize which vulnerabilities require appropriate levels of response is crucial to ensuring that an organization stays ahead of the continual flow.
  • Your vulnerability scanning tool will report the severity of a vulnerability, often using an industry Common Vulnerability Scoring System (CVSS) system ranging from 0 to 10. It will then scan your environment for the presence of the vulnerability and report accordingly.
    • Your vulnerability scanning tool will not be aware of any mitigation components in your environment, such as compensating controls, network segregation, server/application hardening, or any other measures that can reduce the risk. That is why determining actual risk is a crucial step.

Stock image of a whack-a-mole game.

Info-Tech Insight

Vulnerability scanning is a valuable function, but it does not tell the full picture. You must determine how urgent a vulnerability truly is, based on your specific environment.

Prioritize remediation by levels of risk

Address critical and high risk with high immediacy.

  • Addressing the critical and high-risk vulnerabilities with urgency will ensure that you are addressing a more manageable number of vulnerabilities.
  • An optimized vulnerability management process will address the medium and low risk vulnerabilities within the regular cycle.
  • This may be very similar to what you do today in an ad hoc fashion:
    • Zero-day vulnerabilities tend to warrant a stop in operations and are dealt with immediately (or as soon as a vendor has a fix).
    • The standard remediation process (patching/updating, change of configuration, etc.) happens within a regular controlled time cycle.
  • Formalizing this process will ensure that appropriate attention is given to vulnerabilities that warrant it and that the remaining vulnerabilities are dealt with as a regular, recurring activity.

Mitigate the risk surface by reducing the time across the phases

Chart titled 'Mitigate the risk surface by reducing the time across the phases' with the axes 'Risk Level' and 'Time' with lines created by individual risks. The highlighted line begins in 'Critical' and eventually drops to low. A note on the line reads 'Objective: Reduce risk surface by reducing time to address'. The area between the line and your organization's risk tolerance is labelled 'Risk Surface, to be addressed with high priority'. A bracket around Risk levels 'High' and 'Critical' reads 'Priority focus zone (risk surface)'. Risk lines within levels 'Low' and 'Medium' read 'Follow standard vulnerability management cycles'.

Risk matrix

Risk = Impact x Likelihood
  • Info-Tech’s Vulnerability Management Risk Assessment Tool provides a method of calculating the risk of a vulnerability. The risk rating is assigned using the impact of the risk and the likelihood or probability that the event may occur.
  • The tool puts the vulnerability into your organization’s context: How many people will be affected? What service types are vulnerable and how does that impact the business? Is there an anticipated update from the vendor of the system being affected?
  • Urgency of remediation should be based on the business consequences if the vulnerability were to be exploited, relative to the business’ risk tolerance.

Info-Tech Insight

Risk determination should be done within the context of your current environment and not simply based on what your vulnerability tool is reporting.

A risk matrix is useful in calculating a risk rating for vulnerabilities. Risk matrix with axes 'Impact' and 'Time' and individual vulnerabilities mapped onto it via their risk rating. The example 'Organizational Risk Tolerance Threshold' line runs diagonally through the 'Medium' squares.

2.4.1 Build a classification scheme to consistently assess impact

60 minutes

Input: Knowledge of IT environment, Knowledge of business impact for each IT component or service

Output: Vulnerability Management Risk Assessment Tool formatted to your organization

Materials: Vulnerability Management Risk Assessment Tool

Participants: Functional Area Managers, IT Security Manager, CISO

Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and the severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.

  1. Define a set of questions to measure risk impact or edit existing questions in the tool.
  2. For each question, assign a weight that should be placed on that factor.
  3. Define criteria for each question that would categorize the risk. The drop-down box content can be modified in the hidden Labels tab.

Note that you are looking to baseline vulnerability types, rather than categorizing every single vulnerability your scanning tool reports. The volume of vulnerabilities will be high, but vulnerabilities can be categorized into types on a regular basis.

Download the Vulnerability Management Risk Assessment Tool

Screenshot of table from Info-Tech's Vulnerability Management Risk Assessment Tool for assessing Impact. Column headers are 'Weight', 'Question', 'OS vulnerability', 'Application vulnerability', 'Network vulnerability', and 'Vendor patch release'.

2.4.2 Build a classification scheme to consistently assess likelihood

60 minutes

Input: Knowledge of IT environment, Knowledge of business impact for each IT component or service

Output: Vulnerability Management Risk Assessment Tool formatted to your organization

Materials: Vulnerability Management Risk Assessment Tool

Participants: Functional Area Managers, IT Security Manager, CISO

Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and the severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.

  1. Define a set of questions to measure risk impact or edit existing questions in the tool.
  2. For each question, assign a weight that should be placed on that factor.
  3. Define criteria for each question that would categorize the risk. The drop-down box content can be modified in the hidden Labels tab.

Note that you are looking to baseline vulnerability types, rather than categorizing every single vulnerability that your scanning tool reports. The volume of vulnerabilities will be high, but vulnerabilities can be categorized into types on a regular basis.

Download the Vulnerability Management Risk Assessment Tool

Screenshot of table from Info-Tech's Vulnerability Management Risk Assessment Tool for assessing Likelihood. Column headers are 'Weight', 'Question', 'OS vulnerability', 'Application vulnerability', and 'Network vulnerability'.

Prioritize based on risk

Select the best remediation option to minimize risk.

Through the combination of the identified risk and remediation steps in this phase, the prioritization for vulnerabilities will become clear. Vulnerabilities will be assigned a priority once their intrinsic qualities and threat potential to business function and data have been identified.

  • Remediation options will be identified for the higher urgency vulnerabilities.
  • Options will be assessed for whether they are appropriate.
  • They will be further tested to determine if they can be used adequately prior to full implementation.
  • Based on the assessments, the remediation will be implemented or another option will be considered.
Prioritization
  1. Assignment of risk
  2. Identification of remediation options
  3. Assessment of options
  4. Implementation

Remediation plays an incredibly important role in the entire program. It plays a large part in wider risk management when you must consider the risk of the vulnerability, the risk of the remediation option, and the risk associated with the overall process.

Implement Risk-Based Vulnerability Management

Phase 3

Remediate vulnerabilities

Phase 1

1.1 What is vulnerability management?
1.2 Define scope and roles
1.3 Cloud considerations for vulnerability management
1.4 Vulnerability detection

Phase 2

2.1 Triage vulnerabilities
2.2 Determine high-level business criticality
2.3 Consider current security posture
2.4 Risk assessment of vulnerabilities

Phase 3

3.1 Assessing remediation options
3.2 Scheduling and executing remediation
3.3 Continuous improvement

Phase 4

4.1 Metrics, KPIs & CSFs
4.2 Vulnerability management policy
4.3 Select and implement a scanning tool
4.4 Penetration testing

This phase will walk you through the following activities:

  • Identifying potential remediation options.
  • Developing criteria for each option with regards to when to use and when to avoid.
  • Establishing exception procedure for testing and remediation.
  • Documenting the implementation of remediations and verification.

This phase involves the following participants:

  • CISO, or equivalent
  • Security Manager/Analyst
  • Network, Administrator, System, Database Manager
  • Other members of the vulnerability management team
  • Risk managers for the risk-related steps

Determining how to remediate

Patching is only one option.

This phase will allow organizations to build out the specific processes for remediating vulnerabilities. The overall process will be the same but what will be critical is the identification of the correct material. This includes building the processes around:
  • Identifying and selecting the remediation option to be used.
  • Determining what to do when a patch or update is not available.
  • Scheduling and executing the remediation activity.
  • Continuous improvement.

Each remediation option carries a different level of risk that the organization needs to consider and accept by building out this program.

It is necessary to be prepared to do this in real time. Careful documentation is needed when dealing with vulnerabilities. Use the Vulnerability Tracking Tool to assist with documentation in real time. This is separate from using the process template but can assist in the documentation of vulnerabilities.

Step 3.1

Assessing remediation options

Activities
  • 3.1.1 Develop risk and remediation action

This step will walk you through the following activities:

With the risk assessment from the previous activity, we can now examine remediation options and make a decision. This activity will guide us through that.

This step involves the following participants:

  • IT Security Manager
  • SecOps team members
  • ITOps team members, including tiers 1, 2, and 3
  • CISO
  • CIO

Outcomes of this step

List of remediation options and criteria on when to consider each.

Remediate vulnerabilities
Step 3.1Step 3.2Step 3.3

Identify remediation options

There are four options when it comes to vulnerability remediation.

Patches and Updates

Patches are software or pieces of code that are meant to close vulnerabilities or provide fixes to any bugs within existing software. These are typically provided by the vendor to ensure that any deployed software is properly protected after vulnerabilities have been detected.

Configuration Changes

Configuration changes involve administrators making significant changes to the system or network to remediate against the vulnerability. This can include disabling the vulnerable application or specific element and can even extend to removing the application altogether.

Remediation

Compensating Controls

By leveraging security controls, such as your IDS/IPS, firewalls, or access control, organizations can have an added layer of protection against vulnerabilities beyond the typical patches and configuration changes. This can be used as a measure while waiting to implement another option (if one exists) to reduce the risk of the vulnerability in the short or long term.

Risk Acceptance

Whenever a vulnerability is not remediated, either indefinitely or for a short period of time, the organization is accepting the associated risk. Segregation of the vulnerable system can occur in this instance. This can occur in cases where a system or application cannot be updated without detrimental effect to the business.

Patches and updates

Patches are often the easiest and most common method of remediation.

Patches are usually the most desirable remediation solution when it comes to vulnerability management. They are typically provided by the vendor of the vulnerable application or system and are meant to eliminate the existing vulnerability.

When to use

  • When adequate testing can be performed on the patch to be implemented.
  • When there is a change window approaching for the affected systems.
  • When there is standardization across the IT assets to allow for easier installation of patches.

When to avoid

  • When the patch cannot be adequately tested.
  • When a patch has been tested, but it caused an unfavorable consequence such as a system or application failure.
  • When there is no near change window in which to install the patches, which is often the case for critical systems.
When to consider other remediation options
  • For critical systems, it can be difficult to implement a patch as they often require the system to be rebooted or go through some downtime. There must be consideration towards whether there is a change window approaching if a patch is to be implemented on a business-critical system.
    • If there is no opportunity to implement the patch, or no approaching change window, it is wise to leverage another remediation option.
  • When patches are not currently available from the vendor or they are in production, other remediation options are needed.
  • Other remediation options can be used in tandem with the patch. For example, if a patch is being deferred until the change window, it would be wise to use alternate remediation options to close the vulnerability.

Compensating controls

Compensating controls can decrease the risk of vulnerabilities that cannot be (immediately) remediated.

  • Compensating controls are measures put in place when direct remediation measures are impractical or non-existent.
  • Similar to the payment card industry’s PCI DSS 1.0 provision of compensating controls, these are meant to meet the intent or rigor of the original requirement; unlike PCI DSS, these measures are to mitigate risk rather than meet compliance.
  • The compensating control should be viewed as only a temporary measure for dealing with a vulnerability, although circumstances may dictate a degree of permanence in the application of the compensating control.
  • Examples where compensating controls may be needed are:
    • The software vendor is developing an update or patch to address a vulnerability.
    • Through your testing process, a patch will adversely affect the performance or operation of the target system and be detrimental to the business.
    • A critical application will only run on a legacy operating system, the latter of which is no longer supported by the vendor.
    • A legacy application is no longer being supported but is critical to your operations. A replacement, if one exists, will take time to implement.
Examples of compensating controls
  • Segregating a vulnerable server or application on the network, physically or logically.
  • Hardening the operating system or application.
  • Restricting user logins to the system or application.
  • Implementing access controls on the network route to the system.
  • Instituting application whitelisting.

Configuration changes

Configuration changes involve making changes directly to the application or system in which there is a vulnerability. This can vary from disabling or removing the vulnerable element or, in the case of applications built in-house, changing the coding of the application itself. These are commonly used in network vulnerabilities such as open ports.

When to use

  • A patch is not available.
  • The vulnerable element can be significantly changed, or even disabled, without significantly disrupting the business.
  • The application is built in-house, as the vulnerability must be closed internally.
  • There is adequate testing to ensure that the configuration change does not affect the business.
  • A configuration change in your network or system can affect numerous endpoints or systems, reducing endpoint patching or use of defense-in-depth controls.

When to avoid

  • When a suitable patch is available.
  • When the vulnerability is on a business-critical element with no nearby change window or it cannot be disabled.
  • When there is no opportunity in which to perform testing to ensure that there are no unintended consequences.
When to consider other remediation options
  • Configuration changes require careful documentation as changes are occurring to the system and applications. If there is a need to perform a back-out process and return to the original configuration, this can be extremely difficult without clear documentation of what occurred.
  • If business systems are too critical or important to the regular business function to perform any changes, it is necessary to consider other options.

Info-Tech Insight

Remember your existing processes: configuration changes may need to be approved and orchestrated through your organization’s configuration and change management processes.

Case Study

Remediation options do not have to be used separately. Use the Shellshock 2014 case as an example.

INDUSTRY: All
SOURCE: Public Domain
Challenge

Bashdoor, more commonly known as Shellshock, was announced on September 24, 2014.

This bug involved the Bash shell, which normally executes user commands, but this vulnerability meant that malicious attackers could exploit it.

This was rated a 10/10 by CVSS – the highest possible score.

Within hours of the announcement, hackers began to exploit this vulnerability across many organizations.

Solution

Organizations had to react quickly and multiple remediation options were identified:

  • Configuration changes – Companies were recommended to use other shells instead of the Bash shell.
  • Defense-in-depth controls – Using HTTP server logs, it could be possible to identify if the vulnerability had been exploited.
  • Patches – Many vendors released patches to close this vulnerability including Debian, Ubuntu, and Red Hat.
Results

Companies began to protect themselves against these vulnerabilities.

While many organizations installed patches as quickly as possible, some also wished to test the patch and leveraged defense-in-depth controls in the interim.

However, even today, many still have the Shellshock vulnerability and exploits continue to occur.

Accept the risk and do nothing

By choosing not to remediate vulnerabilities, you must accept the associated risk. This should be your very last option.

Every time that a vulnerability is not remediated, it continues to pose a risk to the organization. While it may seem that every vulnerability needs to be remediated, this is simply not possible due to limited resources. Further, it can take away resources from other security initiatives as opposed to low-priority vulnerabilities that are extremely unlikely to be exploited.

Common criteria for vulnerabilities that are not remediated:
  • Affected systems are of extremely low criticality.
  • Affected systems are deemed too critical to take offline to perform adequate remediation.
  • Low urgency is assigned to those vulnerabilities.
  • Cost and time required for the remediation are too high.
  • No adequate solutions exist – the vendor has not released a patch, there are weak defense-in-depth controls, and it is not possible to perform a configuration change.

Risk acceptance is not uncommon…

  • With an ever-increasing number of vulnerabilities, organizations are struggling to keep up and often, intentionally or unintentionally, accept the risk associated.
  • In the end, non-remediation means full acceptance of the risk and any consequences.

Enterprise risk management
Arrow pointing up.
Risk acceptance of vulnerabilities

While these are common criteria, they must be aligned to the enterprise risk management framework and approved by management.

Don’t forget the variables that were assessed in Phase 2. This includes the risk from potential lateral movement or if there is an existing exploit.

Risk considerations

When determining if risk acceptance is appropriate, consider the cost of not mitigating vulnerabilities.

Don’t accept the risk because it seems easy. Consider the financial impact of leaving vulnerabilities open.

With risk acceptance, it is important to review the financial impact of a security incident resulting from that vulnerability. There is always the possibility of exploitation for vulnerabilities. A simple metric taken from NIST SP800-40 to use for this is:

Cost not to mitigate = W * T * R

Where (W) is the number of work stations, (T) is the time spent fixing systems or lost in productivity, and (R) is the hourly rate of the time spent.

As an example provided by NIST SP800-40 Version 2.0, Creating a Patch and Vulnerability Management Program:

“For an organization where there are 1,000 computers to be fixed, each taking an average of 8 hours of down time (4 hours for one worker to rebuild a system, plus 4 hours the computer owner is without a computer to do work) at a rate of $70/hour for wages and benefits:

1,000 computers * 8 hours * $70/hour = $560,000”

Info-Tech Insight

Always consider the financial impact that can occur from an exploited vulnerability that was not remediated.

3.1.1 Develop risk and remediation action

90 minutes

Input: List of remediation options

Output: List of remediation options sorted into “when to use” and “when to avoid” lists

Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

Participants: IT Security Manager, IT Infrastructure Manager, IT Operations Manager, Corporate Risk Officer, CISO

It is important to define and document your organization-specific criteria for when a remediation option is appropriate and inappropriate.

  1. List each remediation option on a flip chart and create two headings: “When to use” and “When to avoid.”
  2. Each person will list “when to use” criteria on a green sticky note and “when to avoid” criteria on a red one for each option; these will be placed on the appropriate flip chart.
  3. Discuss as a group which criteria are appropriate and which should be removed.
  4. Move on to the next remediation option when completed.
    • Ensure to include when there are remediation options that will be connected. For example, the risk may be accepted until the next available change window, or a defense-in-depth control is used before a patch can be fully installed.
  5. Once the criteria has been established, document this in the Vulnerability Management SOP Template.
When to use:
  • When adequate testing can be performed on the patch to be implemented.
  • When there is a change window approaching, especially for critical systems.
  • When there is standardization across the IT assets to allow for easier installation of patches.
When to avoid:
  • When the patch cannot be adequately tested.
  • When a patch has been tested, but it has caused an unfavorable consequence such as a system or application failure.
  • When there is no near change window in which to install the patches.
(Example from the Vulnerability Management SOP Template for Patches.)

Download the Vulnerability Management SOP Template

Step 3.2

Scheduling and executing remediation

Activities

None for this section.

This step will walk you through the following activities:

Although there are no specific activities for this section, it will walk you through your existing processes configuration and change management to ensure that you are leveraging those activities in your vulnerability remediation actions.

This step involves the following participants:

  • IT Security Manager
  • SecOps team members
  • ITOps team members, including tiers 1, 2, and 3
  • CISO
  • CIO

Outcomes of this step

Gained understanding of how IT operations processes configuration and change management can be leveraged for the vulnerability remediation process. Don’t reinvent the wheel!

Remediate vulnerabilities
Step 3.1Step 3.2Step 3.3

Implementing the remediation

Vulnerability management converges with your IT operations functions.
  • Once a remediation strategy has been formulated, you can leverage your release and change management processes to orchestrate the testing, version tracking, scheduling, approval, and implementation activities.
  • Each of these processes should exist in your environment in some form. Leveraging these will engage the IT operations team to carry out their tasks in the remediation process.
  • There can be a partial or full handoff to these processes, however, the owner of the vulnerability management program is responsible for verifying the application of the remediation measure and that the overall risk has been reduced.
  • Although full blueprints exist that cover each of these processes in great detail, the following slides provide an overview of each of these IT operations processes and how they intersect with vulnerability management.
Stock image of a person on a laptop overlaid by an icon with gears indicating settings.

Release Management

Control the quality of deployments and releases of software updates.

  • The release management process exists to ensure that new software releases (such as patches and updates) are properly tested and documented with version control prior to their implementation into the production environment.
  • The process should map out the logistics of the deployment process to ensure that it is consistent and controlled.
  • Testing is an important part of release management and the urgency of a vulnerability remediation operation can expedite this process to ensure minimal delays. Once testing has been completed successfully, the update is then “promoted” to production-ready status and submitted into the change management process.
  • Often a separate release team may not exist, however, release management still occurs.

For guidance on implementing or improving your release management process, refer to Info-Tech’s Stabilize Release and Deployment Management blueprint or speak to one of our experts.

Info-Tech Insight

Many organizations don’t have a separate release team. Rather, whomever is doing the deployment will submit a change request and the testing details are vetted through the organization’s change management process.

For guidance on the change management process review our Optimize Change Management blueprint.

Change Management

Leverage change control, interruption management, approval, and scheduling.
  • Change management likely exists in some shape or form in your organization. There is usually someone or a committee, such as a change advisory board (CAB), that gives approval for a change.
  • Leveraging the change management process will ensure that your vulnerability remediation has undergone the proper review and approval before implementation. There will usually be business sign-off as part of a change management approval process.
  • Communication will also be integrated in the change management process, so the change manager will ensure that appropriate, timely communications are sent to the proper key stakeholders.
  • The change management process will link to release management and configuration management processes if they exist.

For further guidance on implementing or improving your change management process, refer to Info-Tech’s Optimize Change Management blueprint or speak to one of our experts.

“With no controls in place, IT gets the blame for embarrassing outages. Too much control, and IT is seen as a roadblock to innovation.” (VP IT, Federal Credit Union)

Post-implementation activities

Vulnerability remediation isn’t a “set it and forget it” activity.
  • Once vulnerability remediation has occurred, it is imperative that the results are reported back to the vulnerability management program manager. This ensures that the loop is closed and the tracking of the remediation activity is done properly.
    • Organizations that are subject to audit by external entities will understand the importance of such documentation.
  • The results of post-implementation review from the change management process will be of great interest, particularly if there was any deviation from the planned activities.
  • Although change execution will usually undergo some form of testing during the maintenance window, there is always the possibility that something has broken as a result of the software update. Be quick to respond to these types of incidents!
    • One example of an issue that is near impossible to test during a maintenance window is one that manifests only when the system or software comes under load. This is what makes for busy Monday mornings after a weekend change window.
A scan with your vulnerability management software after remediation can be a way to verify that the overall risk has been reduced, if remediation was done by way of patching/updates.

Info-Tech Insight

After every change completion, whether due to vulnerability remediation or not, it is a good idea to ensure that your infrastructure team increases its monitoring diligence and that your service desk is ready for any sudden influx of end-user calls.

Step 3.3

Continuous improvement

Activities

None for this section.

This step will walk you through the following activities:

Although this section has no activities, it will review the process by which you may continually improve vulnerability management.

This step involves the following participants:

  • IT Security Manager
  • SecOps team members
  • ITOps team members, including tiers 1, 2, and 3
  • CISO
  • CIO

Outcomes of this step

An understanding of the importance of ongoing improvements to the vulnerability management program.

Remediate vulnerabilities
Step 3.1Step 3.2Step 3.3

Drive continuous improvement

  • Also known as “Continual Improvement” within the ITIL best practice framework.
  • Your vulnerability management program will not be perfect on first launch. In fact, due to the ever-changing nature of vulnerabilities and the technology designed to detect and combat vulnerabilities, the processes within your vulnerability management program will need to be tweaked from time to time.
  • Continuous improvement is a sustained, proactive approach to process improvement. The practice allows for all process participants to observe and suggest incremental improvements that can help improve the overall process.
  • In many cases, continuous improvement can be triggered by changes in the environment. This makes perfect sense for vulnerability management process improvement as a change in the environment will require vulnerability scanning to ensure that such changes have not introduced new vulnerabilities into the environment, increasing your risk surface.
  • One key method to tracking continuous improvement is through the effective use of metrics, covered in Section 4.1 of this blueprint.
“The success rate for continual improvement efforts is less than 60 percent. A major – if not the biggest – factor affecting the deployment of long-term continual improvement initiatives today is the fundamental change taking place in the way companies manage and execute work.” (Industry analyst at a consulting firm, 2014)

Continuous Improvement

Continuously re-evaluate the vulnerability management process.

As your systems and assets change, your vulnerability management program may need updates in two ways.

When new assets and systems are introduced:

  • When new systems and assets are introduced, it is important for organizations to recognize how these can affect vulnerability management.
  • It will be necessary to identify the business criticality of the new assets and systems and the sensitivity of the data that can be found on them.
  • Without doing so, these will be considered rogue systems or assets – there is no clear process for assigning urgencies.
  • This will only cause problems as actions may be taken that are not aligned with the organization’s risk management framework.

Effective systems and asset management are needed to track this. Review Info-Tech’s Implement Systems Management to Improve Availability and Visibility blueprint for more help.

Document any changes to the vulnerability management program in the Vulnerability Management SOP Template.

When defense-in-depth capabilities are modified:

  • As you build an effective security program, more controls will be added that can be used to protect the organization.
  • These should be documented and evaluated based on ability to mitigate against vulnerabilities.
  • The defense-in-depth model that was previously established should be updated to include the new capabilities that can be used.
  • Defense-in-depth models are continually evolving as the security landscape evolves, and organizations must be ready for this.

To assist in building a defense-in-depth model, review Build an Information Security Strategy.

Implement Risk-Based Vulnerability Management

Phase 4

Measure and formalize

Phase 1

1.1 What is vulnerability management?
1.2 Define scope and roles
1.3 Cloud considerations for vulnerability management
1.4 Vulnerability detection

Phase 2

2.1 Triage vulnerabilities
2.2 Determine high-level business criticality
2.3 Consider current security posture
2.4 Risk assessment of vulnerabilities

Phase 3

3.1 Assessing remediation options
3.2 Scheduling and executing remediation
3.3 Continuous improvement

Phase 4

4.1 Metrics, KPIs & CSFs
4.2 Vulnerability management policy
4.3 Select and implement a scanning tool
4.4 Penetration testing

This phase will walk you through the following activities:

  • You will determine what ought to be measured to track the success of your vulnerability management program.
  • If you lack a scanning tool this phase will help you determine tool selection.
  • Lastly, penetration testing is a good next step to consider once you have your vulnerability management program well underway.

This phase involves the following participants:

  • IT Security Manager
  • SecOps team members
  • Procurement representatives
  • CISO
  • CIO

Step 4.1

Metrics, Key Performance Indicators (KPIs), and Critical Success Factors (CSFs)

Activities
  • 4.1.1 Measure your program with metrics, KPIs, and CSFs

This step will walk you through the following activities:

After a review of the differences between raw metrics, key performance indicators (KPI), and critical success factors (CSF), compile a list of what metrics you will be tracking, why, and the business goals for each.

This step involves the following participants:

  • IT Security Manager
  • SecOps team members
  • CISO
  • CIO

Outcomes of this step

Outline of metrics you can configure your vulnerability scanning tool to report on.

Measure and formalize
Step 4.1Step 4.2Step 4.3Step 4.4

You can’t manage what you can’t measure

Metrics provides visibility.

  • Management consultant Peter Drucker introduced the concept of metrics tied to key performance indicators (KPIs), and the concept holds true: without metrics, you lack the visibility to manage or improve a process.
  • Metrics aren’t just a collection of statistics, they have to be meaningful, they have to tell the story, and most importantly, they have to answer the “so what?” question. What is the significance of a metric – do they illustrate a trend or an anomaly? What actions should be carried out when a metric hits a certain threshold?
  • It would be prudent to track several metrics that can be combined to tell the full story. For example, tracking the number of critical vulnerabilities alone does not give a sense of the overall risk to the organization, nor does it offer any information on how quickly they have been remediated or what amount of effort was invested.
Stock image of measuring tape.

Metrics, KPIs, and CSFs

Tracking the right information and making the information relevant.
  • There is often confusion between raw metrics, key performance indicators, and critical success factors.
  • Raw metrics are what is trackable from your systems and processes as a set of measurements without any context. Raw metrics in themselves are useful in telling the story of “what are we doing?”
  • KPIs are the specific metric or combination of metrics that help you track or gauge performance. KPIs tell the story of “how are we doing?” or “how well are we doing?”
  • CSFs are the specific KPIs that track the activities that are absolutely critical to accomplish for the business or business unit to be successful.
The activity tracker on your wrist is a wealth of metrics, KPIs, and CSFs.

If you wear an activity tracker, you are likely already familiar with the differences between metrics, key performance indicators, and critical success factors:

  • The raw metrics are your heart rate, step count, hours of sleep, caloric intake, etc.
  • KPIs are the individual goals that you have set: maintain a heart rate within the appropriate range for your age/activity level, achieve a step count goal per day, get x hours of sleep per night, consume a calorie range of y per day, etc.
  • CSFs are your overall goal: increase your cardiovascular capacity, lose weight, feel more energetic, etc.

Your security systems can be similarly measured and tracked – transfer this skill!

Tracking relevant information

Tell the story in the numbers.

Below are a number of suggested metrics to track, and why.

Business Goal

Critical Success Factor

Key Performance Indicator

Metric to track

Minimize overall risk exposureReduction of overall risk due to vulnerabilitiesDecrease in vulnerabilitiesTrack the number of vulnerabilities year after year.
Appropriate allocation of time and resourcesProper prioritization of vulnerability mitigation activitiesDecrease of critical and high vulnerabilitiesTrack the number of high-urgency vulnerabilities.
Consistent timely remediation of threats to the businessMinimize risk when vulnerabilities are detectedRemediate vulnerabilities more quicklyMean time to detect: track the average time between the identification to remediation.
Track effectiveness of scanning toolMinimize the ratio, indicating that the tool sees everythingRatio between known assets and what the scanner tracksScanner coverage compared to known assets in the organization.
Having effective tools to track and addressAccuracy of the scanning toolDifference or ratio between reported vulnerabilities and verified onesNumber of critical or high vulnerabilities verified, between the scanning tool’s criticality rating and actual criticality.
Reduction of exceptions to ensure minimal exposureVisibility into persistent vulnerabilities and risk mitigation measuresNumber of exceptions grantedNumber of vulnerabilities in which little or no remediation action was taken.

4.1.1 Measure your program with metrics, KPIs, and CSFs

60 minutes

Input: List of metrics current being measured by the vulnerability management tool

Output: List of relevant metrics to track, and the KPIs, CSFs, and business goals related to the metric

Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

Participants: IT Security Manager, IT operations management, CISO

Metrics can offer a way to view how the organization is dealing with vulnerabilities and if there is improvement.

  1. Determine the high-level vulnerability management goals for the organization.
  2. Even with a formal process in place, the organization should be considering ways it can improve.
  3. Determine metrics that can help quantify those goals and how they can be measured.
  4. Metrics should always be easy to measure. If it’s a complex process to find the information required, it means that it is not a metric that should be used.
  5. Document your list of metrics in the Vulnerability Management SOP Template.

Download the Vulnerability Management SOP Template

Step 4.2

Vulnerability Management Policy

Activities
  • 4.2.1 Update the vulnerability management program policy

This step will walk you through the following activities:

If you have a vulnerability management policy, this activity may help augment it. Otherwise, if you don’t have one, this would be a great starting point.

This step involves the following participants:

  • IT Security Manager
  • CISO
  • CIO
  • Human resources representative

Outcomes of this step

An inaugural policy covering vulnerability management

Measure and formalize
Step 4.1Step 4.2Step 4.3Step 4.4

Vulnerability Management Program Policy

Policies provide governance and enforcement of processes.
  • Policies offer formal guidance on the “rules” of a program, describing its purpose, scope, detailed program description, and consequences of non-compliance. Often they will have a employee sign-off acknowledging understanding.
  • In many organizations, policies are endorsed by senior executives, which gives the policy its “teeth” across the company. The human resources department will always have input due to the implications of the non-compliance aspect.
  • Policies are written to ensure an outcome of consistent expected behavior and are often written to protect the company from liability.
  • Policies should be easy to understand and unambiguous, reflect the current state, and be enforceable. Enforceability can come in the form of audit, technology, or any other means of determining compliance and enforcing behavior.
Stock image of a judge's gavel.

4.2.1 Update the vulnerability management policy

60 minutes

Input: Vulnerability Management SOP, HR guidance on policy creation and approval

Output: Completed Vulnerability Management Policy

Materials: Vulnerability Management SOP, Vulnerability Management Policy Template

Participants: IT Security Manager, IT operations management, CISO, Human resources representative

After having built your entire process in this project, formalize it into a vulnerability management policy. This will set the standards and expectations for vulnerability management in the organization, while the process will be around the specific actions that need to be taken around vulnerability management.

This is separate and distinct from the Vulnerability Management SOP Template, which is a process and procedure document.
  1. Review Info-Tech’s Vulnerability Management Policy and customize it to your organization’s specifications.
  2. Use your Vulnerability Management SOP as a resource when specifying some of the details within the policy.
Sample of Info-Tech's Vulnerability Management Policy Template

Download the Vulnerability Management Policy Template

Step 4.3

Select and implement a scanning tool

Activities
  • 4.3.1 Create an RFP for vulnerability scanning tools

This step will walk you through the following activities:

If you need to select a new vulnerability scanning tool, or replace your existing one, this activity will help set up a request for proposal (RFP).

This step involves the following participants:

  • IT Security Manager
  • SecOps team members
  • CISO

Outcomes of this step

The provisions needed for you to create and deploy an RFP for a vulnerability management tool.

Measure and formalize
Step 4.1Step 4.2Step 4.3Step 4.4

Vulnerability management and penetration testing

Similar in nature, yet provide different security functions.

Vulnerability Scanning Tools

Scanning tools focus on the network and operating systems. These tools look for items such as missing patches or open ports. They won’t detect specific application vulnerabilities.

Exploitation Tools

These tools will look to exploit a detected vulnerability to validate it.

Penetration Tests

A penetration test simulates the actions of an external or internal cyber attacker that aims to breach the information security of the organization. (Formal definition of penetration test)

‹————— What’s the difference again? —————›
Vulnerability scanning tools are just one type of tool.When you add an exploitation tool to the mix, you move down the spectrum.Penetration tests will use scanning tools, exploitation tools, and people.

What is the value of each?

  • For vulnerability scans, the person performing the scan provides the value – value comes from the organization itself.
  • For exploitation tools on their own, the value comes from the tool itself being used in a safe environment.
  • For penetration tests, the tester is providing the value. They are the value add.

What’s the implication for me?

Info-Tech Recommends:
  • A combination of vulnerability scanning and penetration testing. This will improve your security posture through systematic risk reduction and improve your security program through the testing of prevention, detection, and response capabilities with unique recommendations being generated.
  • Start with as much vulnerability scanning as possible to identify gaps to fix and then move onto a penetration test to do a more robust and validated assessment.
  • For penetration tests, start with a transparent box test first, then move to an opaque box. Ideally, this is done with different third parties.

Vulnerability scanning software

All organizations can benefit from having one.

Scanning tools will benefit areas beyond just vulnerability management

  • Network security: It improves the accuracy and granularity of your network security technologies such as WAFs, NGFWs, IDPS, and SIEM.
  • Asset management: Vulnerability scanning can identify new or unknown assets and provide current status information on assets.
  • System management: Information from a vulnerability scan supports baselining activities and determination of high-value and high-risk assets.

Vulnerability Detection Use Case

Most organizations use scanners to identify and assess system vulnerabilities and prioritize efforts.

Compliance Use Case

Others will use scanners just for compliance, auditing, or larger GRC reasons.

Asset Discovery Use Case

Many organizations will use scanners to perform active host and application identification.

Scanning Tool Market Trends

Vulnerability scanning tools have expanded value from conventional checking for vulnerabilities to supporting configuration checking, asset discovery, inventory management, patch management, SSL certificate validation, and malware detection.

Expect to see network and system vulnerability scanners develop larger vulnerability management functions and develop exploitation tool functionality. This will become a table stakes option enabling organizations to provide higher levels of validation of detected vulnerabilities. Some tools already possess these capabilities:

  • Core Impact is an exploitation tool with vulnerability scanning aspects.
  • Metasploit is an exploitation tool with some new vulnerability scanning aspects.
  • Nessus is mainly a vulnerability scanning tool but has some exploitation aspects.

Device proliferation (BYOD, IoT, etc.) is increasing the need for stronger vulnerability management and scanners. This is driving the need for numerous device types and platform support and the development of baseline and configuration norms to support system management.

Increased regulatory or compliance controls are also stipulating the need for vulnerability scanning, especially by a trusted third party.

Organizations are outsourcing security functions or moving to cloud-based deployment options for any security technology they can. Expect to see massive growth of vulnerability scanning as a service.

Vulnerability scanning market

There are several technology types or functional differentiators that divide the market up.

Vulnerability Exploitation Tools

  • These will actually test defences and better emulate real life than just scanning. These tools include packet manipulation tools (such as hping) and password cracking tools (such as John the Ripper or Cain and Abel).
  • These tools will provide much more granular information on your network, operations systems, and applications.
  • The main limitation of these tools is how to use them. If you do not have development or test environments that mimic your real production environments to run the exploit tools, these tools may not be appropriate. It may work if you can find some downtime on production systems, but only in very specific and careful instances.
  • Lower maturity security programs usually just do network and application vulnerability scanning. Higher maturity programs will also use penetration testing, application testing, and vulnerability exploitation tools.
  • Network vulnerability scanning tools should always be used. Once you identify any servers or ports running web applications, then you run a web application vulnerability scanner.
  • Exploitation tools and application testing tools are used in more specific use cases that are often related to more-demanding security programs.

Scanning Tool Market Trends

  • These are considered baseline tools and are near commoditization.
  • Vulnerability scanning tools are not granular enough to detect application-level vulnerabilities (thus the need for application scanners and testing tools) and they don’t validate the exploitability of the vulnerability (thus the need for exploit tools).

Web Application Scanning Tools

These tools perform dynamic application security testing (DAST) and static application security testing (SAST).

Application Scanning and Testing Tools

  • These perform a detailed scan against an application to detect any problematic or malicious code and try to break the application using known vulnerabilities.
  • These tools will identify if something is vulnerable to an exploit but won’t actually run the exploit.
  • These tools are evaluated based on their ability to detect application-specific issues and validate them.

Vulnerability scanning tool features

Evaluate vulnerability scanning tools on specific features or functions that are the best differentiators.

Differentiator

Description

Deployment OptionsDo you want a traditional on-premises, cloud-based, or managed service?
Vulnerability Database CoverageScanners use a library of known vulnerabilities to test for. Evaluate based on the amount of exploits/vulnerabilities the tool can scan for.
Scanning MethodEvaluate if you want agent-based, authenticated active, unauthenticated active, passive, or some combination of those scanning methods.
IntegrationWhat is the breadth of other security and non-security technologies the tool can integrate with?
RemediationHow detailed are the recommended remediation actions? The more granular, the better.

Differentiator

Description

PrioritizationDoes the tool evaluate vulnerabilities based on commonly accepted methods or through a custom-designed prioritization methodology?
Platform SupportWhat is the breadth of environment, application, and device support in the tool? Consider your need for virtual support, cloud support, device support, and application-specific support. Also consider how often new scanning modules are supported (e.g. how quickly Windows 10 was supported).
PricingAs with many security controls that have been around for a long time and are commonly used, pricing becomes a main consideration, especially when there are so many open-source options available.

Common areas people mistake as tool differentiators:

  • Accuracy – Scanning tools are evaluated more on efficiency than effectiveness. Evaluate on the ability to detect, remediate, and manage vulnerabilities rather than real vulnerability detection and the number of false positives. To reduce false positives, you need to use exploitation tools.
  • Performance – Scanning tools have such a small footprint in an environment and the actual scanning itself is such a small impact that evaluation on performance doesn’t matter.

For more information on vulnerability scanning tools and how they rate, review the Vulnerability Management category on SoftwareReviews.

Vulnerability scanning deployment options

Understand the different deployment options to identify which is best for your security program.

Option

Description

Pros

Cons

Use Cases

On-PremisesEither an on-premises appliance or an on-premises virtualized machine that performs external and internal scanning.
  • Small resource need, so limited network impact.
  • Strong internal scanning.
  • Easier integration with other technologies.
  • Network footprint and resource usage.
  • Maintenance and support costs.
  • Most common deployment option.
  • Appropriate if you have cloud concerns or strong internal network scanning, or if you require strong integration with other systems.
CloudEither hosted on a public cloud infrastructure or hosted by a third party and offered “as a service.”
  • Small network footprint.
  • On-demand scanning as needed.
  • Optimal external scanning capabilities.
  • Can only do edge-related scanning unless authenticated or agent based.
  • No internal network scanning with passive or unauthenticated active scanning methods.
  • Very limited network resources.
  • Compliance obligations that dictate external vulnerability scanning.
ManagedA third party is contracted to manage and maintain your vulnerability scanner so you can dedicate resources elsewhere.
  • Expert management of environment scanning, optimizing tool usage.
  • Most scanning work time is report customization and tuning and remediation efforts; thus, managed doesn’t provide sizable resource alleviation.
  • Third party has and owns the vulnerability information.
  • Limited staff resources or expertise to maintain and manage scanner.

Vulnerability scanning methods

Understand the different scanning methods to identify which tool best supports your needs.

Method

Description

Pros

Cons

Use Cases

Agent-Based ScanningLocally installed software gives the information needed to evaluate the security posture of a device.
  • Provides information that can’t be discovered remotely such as installed applications that aren’t running at a given time.
  • Device processing, memory, and network bandwidth impact.
  • Asset without an agent is not scanned.
  • Need for continuous scanning.
  • Organization has strong asset management
Authenticated Active ScanningTool uses authenticated credentials to log in to a device or application to perform scanning.
  • Provides information that can’t be discovered remotely such as installed applications that aren’t running at a given time.
  • Best accuracy for vulnerability detection across a network.
  • Aggregation and centralization of authenticated credentials creates a major risk.
  • All use cases.
Unauthenticated Active ScanningScanning of devices without any authentication.
  • Emulates realistic scan by an attacker.
  • Provides limited scope of scanning.
  • Some compliance use cases.
  • Perform after either agent or authenticated scanning.
Passive ScanningScanning of network traffic.
  • Lowest resource impact.
  • Not enough information can be provided for true prioritization and remediation.
  • Augmenting scanning technique to agent or authenticated scanning.

IP Management and IPv6

IP management and the ability to manage IPv6 is a new area for scanning tool evaluation.

Scanning on IPv4

Scanning tools create databases of systems and devices with IP addresses.
Info-Tech Recommends:

  • It is easier to do discovery by directing the scanner at a set IP address or range of IP addresses; thus, it’s useful to organize your database by IPs.
  • Do discovery by phases: Start with internet-facing systems. Your perimeter usually is well-defined by IP addresses and system owners and is most open to attack.
  • Stipulate a list of your known IP addresses through the DHCP registration and perform a scan on that.
  • Depending on your IP address space, another option is to scan your entire IP address space.

Current Problem With IP Addresses

IP addresses are becoming no longer manageable or even owned by organizations. They are often provided by ISPs or other third parties.

Even if it is your range, chances are you don't do static IP ranges today.

Info-Tech Recommends:

  • Agent-based scanning or MAC address-based scanning
  • Use your DHCP for scanning

Scanning on IPv6

First, you need to know if your organization is moving to IPv6. IPv6 is not strategically routed yet for most organizations.

If you are moving to IPv6, Info-Tech recommends the following:

  • Because you cannot point a scanner at an IPv6 IP range, any scanning tool needs to have a strategy around how to handle IPv6 and properly scan based on IP ranges.
  • You need to know IPv4 to IPv6 translations.
  • Evaluate vulnerability scanning tools on whether any IPv6 features are on par with IPv4 features.

If you are already on IPv6, Info-Tech recommends the following:

  • If you are on an IPv6 native network, it is nearly impossible to scan the network. You have to always scan your known addresses from your DHCP.

4.3.1 Create an RFP for vulnerability scanning tools

2 hours

Input: List of key feature requirements for the new tool, List of intersect points with current software, Network topology and layout of servers and applications

Output: Completed RFP document that can be distributed to vendor proponents

Materials: Whiteboard/flip charts, Vulnerability Scanning Tool RFP Template

Participants: IT Security Manager, IT operations managers, CISO, Procurement department representative

Use a request for proposal (RFP) template to convey your desired scanning tool requirements to vendors and outline the proposal and procurement steps set by your organization.

  1. Determine what kind of requirements will be needed for your scanning tool RFP, based on people, process, and technology requirements.
  2. Consider items such as the desired capabilities and the scope of the scanning.
  3. Conduct interviews with relevant stakeholders to determine the exact requirements needed.
  4. Use Info-Tech’s Vulnerability Scanning Tool RFP Template. It lists many requirements but can be customized to your organization’s specific needs.

Download the Vulnerability Scanning Tool RFP Template

4.3.1 Create an RFP for vulnerability scanning tools (continued)

Things to Consider:
  • Ensure there is adequate resource dedication to support and maintenance for vulnerability scanning.
  • Consider if you will benefit from an RFP. If there is a more appropriate option for your need and your organization, consider that instead.
  • If you don’t know the product you want, then perform an RFI.
  • In the RFP, you need to express your driving needs for the tool so the vendor can best understand your use case.
  • Identify who should participate in the RFP creation and evaluation. Make sure they have time available and it does not conflict with other items.
  • Determine if you want to send it to a select few or if you want to send it to a lot of vendors.
  • Determine a response date so you can know who is soliciting your business.
  • You need to have a process to handle questions from vendors.
Info-Tech RFP Table of Contents:
  1. Statement of Work
  2. General Information
  3. Proposal Preparation Instructions
  4. Scope of Work, Specifications, and Requirements
  5. Vendor Qualifications and References
  6. Budget and Estimated Pricing
  7. Vendor Certification

Download the Vulnerability Scanning Tool RFP Template

Step 4.4

Penetration testing

Activities
  • 4.1.1 Create an RFP for penetration tests

This step will walk you through the following activities:

We will review penetration testing, its distinction from vulnerability management, and why you may want to engage a penetration testing service.

We provide a request for proposal (RFP) template that we can review if this is an area of interest.

This step involves the following participants:

  • IT Security Manager
  • SecOps team members
  • CISO
  • CIO

Outcomes of this step

An understanding of penetration testing, and guidance on how to get started if there is interest to do so.

Measure and formalize
Step 4.1Step 4.2Step 4.3Step 4.4

Penetration testing

Penetration tests are critical parts of any strong security program.

Penetration testing will emulate the methods an attacker would use in the real world to circumvent your security controls and gain access to systems and data.

Penetration testing is much more than just running a scanner or other automated tools and then generating a report. Penetration testing performs critical exploit validation to create certainty around your vulnerability.

The primary objective of a penetration test is to identify and validate security weaknesses in an organization’s security systems.

Reasons to Test:

  • Assess current security control effectiveness
  • Develop an action plan of items
  • Build a business case for a better security program
  • Increased security budget through vulnerability validation
  • Third-party, unbiased validation
  • Adhere to compliance or regulatory requirements
  • Raise security awareness
  • Demonstrate how an attacker can escalate privileges
  • Effective way to test incident response

Regulatory Considerations:

  • There is a lot of regulatory wording saying that organizations can’t get a system that is managed, integrated, and supported by one vendor and then have it tested by the same vendor.
  • There is the need for separate third-party testing.
  • Penetration testing is required for PCI, cloud providers, and federal entities.

How and where is the value being generated?

Penetration testing is a service provided by trained and tested professionals with years of experience. The person behind the test is the most important part of the test. The person is able to emulate a real-life attacker better than any computer. It is just a vulnerability scan if you use tools or executables alone.

“A penetration test is an audit with validation.” (Joel Shapiro, Vice President Sales, Digital Boundary Group)

Start by considering the spectrum of penetration tests

Network Penetration Tests

Conventional testing of network defences.

Testing vectors include:

  • Perimeter infrastructure
  • Wireless, WEP/WPA cracking
  • Cloud penetration testing
  • Telephony systems or VoIP
Types of tests:
  • Denial-of-service testing
  • Out-of-band attacks
  • War dialing
  • Wireless network testing/war driving
  • Spoofing
  • Trojan attacks
  • Brute force attacks
  • Watering hole attacks
  • Honeypots
  • Cloud-penetration testing
Application Penetration Tests

Core business functions are now being provided through web applications, either to external customers or to internal end users.

Types: Web apps, non-web apps, mobile apps

Application penetration and security testing encompasses:

  • Code review – analyzing the application code for sensitive information of vulnerabilities in the code.
  • Authorization testing – testing systems responsible for user session management to see if unauthorized access can be permitted.
  • Authentication process for user testing.
  • Functionality testing – test the application functionality itself.
  • Website pen testing – active analysis of weaknesses or vulnerabilities.
  • Encryption testing – testing things like randomness or key strength.
  • User-session integrity testing.
Human-Centric Testing
  • Penetration testing is developing a people aspect as opposed to just being technology focused.
  • End users and their susceptibility to social engineering attacks (spear phishing, phone calls, physical site testing, etc.) is now a common area to test.
  • Social engineering penetration testing is not only about identifying your human vulnerabilities, but also about proactively training your end users. As well as discovering and fixing potential vulnerabilities, social engineering penetration testing will help to raise security awareness within an organization.

Info-Tech Insight

Your pen test should use multiple methods. Demonstrating weakness in one area is good but easy to identify. When you blend techniques, you get better success at breaching and it becomes more life-like. Think about prevention, detection, and response testing to provide full insight into your security defenses.

Penetration testing types

Evaluate four variables to determine which type of penetration test is most appropriate for your organization.

Evaluate these dimensions to determine relevant penetration testing.

Network, Application, or Human

Evaluate your need to perform different types of penetration testing.

Some level of network and application testing is most likely appropriate.

The more common decision point is to consider to what degree your organization requires human-centric penetration testing.

External or Internal

External: Attacking an organization’s perimeter and internet-facing systems. For these, you generally provide some level of information to the tester. The test will begin with publicly available information gathering followed by some kind of network scanning or probing against externally visible servers or devices (DNS server, email server, web server, firewall, etc.)

Internal: Carried out within the organization’s network. This emulates an attack originating from an internal point (disgruntled employee, authorized user, etc.). The idea is to see what could happen if the perimeter is breached.

Transparent, Semi-Transparent, or Opaque Box

Opaque Box: The penetration tester is not provided any information. This emulates a real-life attack. Test team uses publicly available information (corporate website, DNS, USENET, etc.) to start the test. These tests are more time consuming and expensive. They often result in exploitation of the easiest vulnerability.
Use cases: emulating a real-life attack; testing detection and response capabilities; limited network segmentation.

Transparent Box: Tester is provided full disclosure of information. The tester will have access to everything they need: building floor plans, data flow designs, network topology, etc. This represents what a credentialed and knowledgeable insider would do.
Use cases: full assessment of security controls; testing of attacker traversal capabilities.

Aggressiveness of the Test

Not Aggressive: Very slow and careful penetration testing. Usually spread out in terms of packets being sent and number of calls to individuals. It attempts to not set off any alarm bells.

Aggressive: A full DoS attack or something similar. These would be DoS attacks that take down systems or full SQL injection attacks all at once versus small injections over time. Testing options cover anything including physical tests, network tests, social engineering, and data extraction and exfiltration. This is more costly and time consuming.

Assessing Aggressiveness: How aggressive the test should be is based on the threats you are concerned with. Assess who you are concerned with: random individuals on the internet, state-sponsored attacks, criminals, hacktivists, etc. Who you are concerned with will determine the appropriate aggressiveness of the test.

Penetration testing scope

Establish the scope of your penetration test before engaging vendors.

Determining the scope of what is being tested is the most important part of a penetration test. Organizations need to be as specific as possible so the vendor can actually respond or ask questions.

Organizations need to define boundaries, objectives, and key success factors.

For scope:
  • If you go too narrow, the realism of the test suffers.
  • If you go too broad, it is more costly and there’s a possible increase in false positives.
  • Balance scope vs. budget.
Boundaries to scope before a test:
  • IP addresses
  • URLs
  • Applications
  • Who is in scope for social engineering
  • Physical access from roof to dumpsters defined
  • Scope prioritized for high-value assets
Objectives and key success factors to scope:
  • When is the test complete? Is it at the point of validated exploitation?
  • Are you looking for as many holes as possible, or are you looking for how many ways each hole can be exploited?

What would be out of scope?

  • Are there systems, IP addresses, or other things you want out of scope? These are things you don’t explicitly want any penetration tester to touch.
  • Are there third-party connections to your environment that you don’t want to be tested? These are instances such as cloud providers, supply chain connections, and various services.
  • Are there things that would be awkward to test? For example, determine if you include high-level people in a social engineering test. Do you conduct social engineering for the CEO? If you get their credentials, it could be an awkward moment.

Ways to break up a penetration test:

  • Location – This is the most common way to break up a penetration test.
  • Division – Self-contained business units are often done as separate tests so you can see how each unit does.
  • IT systems – For example, you put certain security controls in a firewall and want to test its effectiveness.
  • Applications – For example, you are launching a new website or a new portal and you want to test it.

Penetration testing appropriateness

Determine your penetration testing appropriateness.

Usual instances to conduct a penetration test:
  • Setting up a new physical office. Penetration testing will not only test security capabilities but also resource availability and map out network flows.
  • New infrastructure hardware implemented. All new infrastructure needs to be tested.
  • Changes or upgrades to existing infrastructure. Need for testing varies depending on the size of the change.
  • New application deployment. Need to test before being pushed to production environments.
  • Changes or upgrades to existing applications. When fundamental functional changes occur, perform testing:
    • Before upgrades or patching
    • After upgrades or patching
  • Periodic testing. It is a best practice to periodically test your security control effectiveness. Consider at least an annual test.

Specific timing considerations: Testing should be completed during non-production times of day. Testing should be completed after a backup has been performed.

Assess your threats to determine your appropriate test type:

Penetration testing is about what threats you are concerned about. Understand your risk profile, risk tolerance level, and specific threats to see how relevant penetration tests are.

  • Are external attackers concerning to you? Are you distressed about how an attacker can use brute force to enter your network? If so, focus on ingress points, such as FWs, routers, and DMZ.
  • Is social engineering a concern for you (i.e. phone-based or email-based)? Then you are concerned about a credentialed hacker.
  • Is it an insider threat, a disgruntled employee, etc.? This also includes an internal system that is under command and control (C&C).

ANALYST PERSPECTIVE: Do a test only after you take a first pass.
If you have not done some level of vulnerability assessment on your own (performing a scan, checking third-party sources, etc.) don’t waste your money on a penetration test. Only perform a penetration test after you have done a first pass and identified and remediated all the low-hanging fruit.

4.4.1 Create an RFP for penetration tests

2 hours

Input: List of criteria and scope for the penetration test, Systems and application information if white box

Output: Completed RFP document that can be distributed to vendor proponents

Materials: Whiteboard/flip charts, Penetration Test RFP Template

Participants: IT Security Manager, IT operations managers, CISO, Procurement department representative

Use an RFP template to convey your desired penetration test requirements to vendors and outline the proposal and procurement steps set by your organization.

  1. Determine what kind of requirements will be needed for your penetration test RFP based on people, process, and technology requirements.
    • Consider items such as your technology environment and the scope of the penetration tests.
  2. Conduct an interview with relevant stakeholders to determine the exact requirements needed.
  3. Use Info-Tech’s Penetration Test RFP Template, which lists many requirements but can be customized to your organization’s specific needs.

Download the Penetration Test RFP Template

4.4.1 Create an RFP for penetration tests (continued)

Steps of a penetration test:
  1. Determine scope
  2. Gather targeted intelligence
  3. Review exploit attempts, such as access and escalation
  4. Test the collection of sensitive data
  5. Run reporting
Info-Tech RFP Table of Contents:
  1. Statement of Work
  2. General Information
  3. Proposal Preparation Instructions
  4. Scope of Work, Specifications, and Requirements
  5. Vendor Qualifications and References
  6. Budget and Estimated Pricing
  7. Vendor Certification

Download the Penetration Test RFP Template

Penetration testing considerations – service providers

Consider what type of penetration testing service provider is best for your organization

Professional Service Providers

Professional Services Firms. These firms will often provide a myriad of professional services across auditing, financial, and consulting services. If they offer security-related consulting services, they will most likely offer some level of penetration testing.

Security Service Firms. These are dedicated security consulting or advisory firms that will offer a wide spectrum of security-related services. Penetration testing may be one aspect of larger security assessments and strategy development services.

Dedicated Penetration Testing Firms. These are service providers that will often offer the full gamut of penetration testing services.

Integrators

Managed Security Service Providers. These providers will offer penetration testing. For example, Dell SecureWorks offers numerous services including penetration testing. For organizations like this, you need to be skeptical of ulterior motives. For example, expect recommendations around outsourcing from Dell SecureWorks.

Regional or Small Integrators. These are service providers that provide security services of some kind. For example, they would help in the implementation of a firewall and offer penetration testing services as well.

Info-Tech Recommends:

  • Always be conscientious of who is conducting the testing and what else they offer. Even if you get another party to test rather than your technology provider, they will try to obtain you as a client. Remember that for larger technology vendors, security testing is a small revenue stream for them and it’s a way to find technology clients. They may offer penetration testing for free to obtain other business.
  • Most of the penetration testers were systems administrators (for network testing) or application developers (for application testing) at some point before becoming penetration testers. Remember this when evaluating providers and evaluating remediation recommendations.
  • Evaluate what kind of open-source tools, commercial tools, and proprietary tools are being used. In general, you don’t want to rely on an open-source scanner. For open source, they will have more outdated vulnerability databases, system identification can also be limited compared to commercial, and reporting is often lacking.
  • Above all else, ensure your testers are legally capable, experienced, and abide by non-disclosure agreements.

Penetration testing best practices – communications

Communication With Service Provider

  • During testing there should be designated points of contact between the service provider and the client.
  • There needs to be secure channels for communication of information between the tester and the client both during the test and for any results.
  • Results should always be explained to the client by the tester, regardless of the content or audience.
  • There should be a formal debrief with the results report.
Immediate reporting of issues
  • Before any testing commences, immediate reporting conditions need to be defined. These are instances when you would want immediate notification of something occurring.
  • Stipulate certain systems or data types that if broken into or compromised, you would want to be notified right away.
  • Example:
    • If you are conducting social engineering, require notification for all account credentials that are compromised. Once credentials are compromised, it destroys all accountability for those credentials and the actions associated with those credentials by any user.
    • Require immediate reporting of specific high-critical systems that are compromised or if access is even found.
    • Require immediate reporting when regulated data is discovered or compromised in any way.

Communication With Internal Staff

Do you tell your internal staff that this is happening?

This is sometimes called a “double blind test” when you don’t let your IT team know of the test occurring.

Pros to notifying:
  • This tests the organization’s security monitoring, incident detection, and response capabilities.
  • Letting the team know they are going to see some activity will make sure they don’t get too worried about it.
  • There may be systems you can’t jeopardize but still need to test so notification beforehand is essential (e.g. you wouldn’t allow ERP testing with notification).
Cons:
  • It does not give you a real-life example of how you respond if something happens.
  • Potential element of disrespect to IT people.

Penetration testing best practices – results and remediation

What to expect from penetration test results report:

A final results report will state all findings including what was done by the testers, what vulnerabilities or exploitations were detected, how they were compromised, the related risk, and related remediation recommendations.

Expect four major sections:
  • Introduction. An overview of the penetration test methodology including rating methodology of vulnerabilities.
  • Executive Summary. A management-level description of the test, often including a summary of any recommendations.
  • Technical Review. An overview of each item that was looked at and touched. This area breaks down what was done, how it was done, what was found, and any related remediation recommendations. Expect graphs and visuals in this section.
  • Detailed Findings. An in-depth breakdown of all testing methods used and results. Each vulnerability will be explained regarding how it was detected, what the risk is, and what the remediation recommendation is.
Two areas that will vary by service provider:

Prioritization

  • Most providers will boast their unique prioritization methodology.
  • A high, medium, and low rating scale based on some combination of variables (e.g. ease of exploitation, breadth of hole, information accessed resulting in further exploitation).
  • The prioritization won’t take into account asset value or criticality.
  • Keep in mind the penetration test is not an input into ultimate vulnerability prioritization, but it can help determine your urgency.

Remediation

  • Remediation recommendations will vary across providers.
  • Generally, fairly generic recommendations are provided (e.g. remove your old telnet and input up-to-date SSH).
  • Most of the time, it is along the lines of “we found a hole; close the hole.”

Summary of Accomplishment

Problem Solved

At the conclusion of this blueprint, you will have created a full vulnerability management program that will allow you to take a risk-based approach to vulnerability remediation.

Assessing a vulnerability’s risk will enable you to properly determine the true urgency of a vulnerability within the context of your organization; this ensures you are not just blindly following what the tool is reporting.

The risk-based approach will allow you to prioritize your discovered vulnerabilities and take immediate action on critical and high vulnerabilities while allowing your standard remediation cycle to address the medium to low vulnerabilities.

With your program defined and developed, you now need to configure your vulnerability scanning tool or acquire one if you don’t already have a tool in place.

Lastly, while vulnerability management will help address your systems and applications, how do you know if you are secure from external malicious actors? Penetration testing will offer visibility, allowing you to plug those holes and attain an environment with a smaller risk surface.

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

Contact your account representative for more information.

workshops@infotech.com 1-888-670-8889

Additional Support

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

Photo of Jimmy Tom.

Contact your account representative for more information.

workshops@infotech.com 1-888-670-8889

To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

Sample of the Implement Vulnerability Management storyboard.
Review of the Implement Vulnerability Management storyboard
Sample of the Vulnerability Mitigation SOP template.
Build your vulnerability management SOP

Contributors

Contributors from 2016 version of this project:

  • Morey Haber, Vice President of Technology, BeyondTrust
  • Richard Barretto, Manager, Information Privacy and Security, Cimpress
  • Joel Shapiro, Vice President Sales, Digital Boundary Group

Contributors from current version of this project:

  • 2 anonymous contributors from the manufacturing sector
  • 1 anonymous contributor from a US government agency
  • 2 anonymous contributors from the financial sector
  • 1 anonymous contributor from the medical technology industry
  • 2 anonymous contributors from higher education
  • 1 anonymous contributor from a Canadian government agency
  • 7 anonymous others; information gathered from advisory calls

Bibliography

Arya. “COVID-19 Impact: Vulnerability Management Solution Market | Strategic Industry Evolutionary Analysis Focus on Leading Key Players and Revenue Growth Analysis by Forecast To 2028 – FireMon, Digital Shadows, AlienVault.” Bulletin Line, 6 Aug. 2020. Accessed 6 Aug. 2020.

Campagna, Rich. “The Lean, Mean Vulnerability Management Machine.” Security Boulevard, 31 Mar. 2020. Accessed 15 Aug. 2020.

Constantin, Lucian. “What are vulnerability scanners and how do they work?” CSO Online, 10 Apr. 2020. Accessed 1 Sept. 2020.

“CVE security vulnerabilities published in 2019.” CVE Details. Accessed 22 Sept. 2020.

Garden, Paul, et al. “2019 Year End Report – Vulnerability QuickView.” Risk Based Security, 2020. Accessed 22 Sept. 2020.

Keary, Eoin. “2019 Vulnerability Statistics Report.” Edgescan, Feb. 2019. Accessed 22 Sept. 2020.

Lefkowitz, Josh. ““Risk-Based Vulnerability Management is a Must for Security & Compliance.” SecurityWeek, 1 July 2019. Accessed 1 Nov. 2020.

Mell, Peter, Tiffany Bergeron, and David Henning. “Creating a Patch and Vulnerability Management Program.” Creating a Patch and Vulnerability Management Program. NIST, Nov. 2005. Web.

“National Vulnerability Database.” NIST. Accessed 18 Oct. 2020.

“OpenVAS – Open Vulnerability Assessment Scanner.” OpenVAS. Accessed 14 Sept. 2020.

“OVAL.” OVAL. Accessed 21 Oct. 2020.

Paganini, Pierluigi. “Exploiting and Verifying Shellshock: CVE-2014-6271.” INFOSEC, 27 Sept. 2014. Web.

Pritha. “Top 10 Metrics for your Vulnerability Management Program.” CISO Platform, 28 Nov. 2019. Accessed 25 Oct. 2020.

“Risk-Based Vulnerability Management: Understanding Vulnerability Risk With Threat Context And Business Impact.” Tenable. Accessed 21 Oct. 2020.

Stone, Mark. “Shellshock In-Depth: Why This Old Vulnerability Won’t Go Away.” SecurityIntelligence, 6 Aug. 2020. Web.

“The Role of Threat Intelligence in Vulnerability Management.” NOPSEC, 18 Sept. 2014. Accessed 18 Aug. 2020.

“Top 15 Paid and Free Vulnerability Scanner Tools in 2020.” DNSstuff, 6 Jan. 2020. Accessed 15 Sept. 2020.

Truta, Filip. “60% of Breaches in 2019 Involved Unpatched Vulnerabilities.” Security Boulevard, 31 Oct. 2019. Accessed 2 Nov. 2020.

“Vulnerability Management Program.” Core Security. Accessed 15 Sept. 2020.

“What is Risk-Based Vulnerability Management?” Balbix. Accessed 15 Sept. 2020.

White, Monica. “The Cost Savings of Effective Vulnerability Management (Part 1).” Kenna Security, 23 April 2020. Accessed 20 Sept. 2020.

Wilczek, Marc. “Average Cost of a Data Breach in 2020: $3.86M.” Dark Reading, 24 Aug. 2020. Accessed 5 Nov 2020.

Manage Requirements in an Agile Environment

  • Buy Link or Shortcode: {j2store}522|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Requirements & Design
  • Parent Category Link: /requirements-and-design

The process of navigating from waterfall to Agile can be incredibly challenging. Even more problematic; how do you operate your requirements management practices once there? There traditionally isn’t a role for a business analyst, the traditional keeper of requirements. It isn’t like switching on a light.

You likely find yourself struggling to deliver high quality solutions and requirements in Agile. This is a challenge for many organizations, regardless of how long they’ve leveraged Agile.

But you aren’t here for assurances. You’re here for answers and help.

Our Advice

Critical Insight

Agile and requirements management are complementary, not competitors.

Impact and Result

Info-Tech’s advice? Why choose? Why have to pick between traditional waterfall and Agile delivery? If Agile without analysis is a recipe for disaster, Agile with analysis is the solution. How can you leverage the Info-Tech approach to align your Agile and requirements management efforts into a powerful combination?

Manage Requirements in an Agile Environment is your guide.

Use the contents and exercises of this blueprint to gain a shared understanding of the two disciplines, to find your balance in your approach, to define your thresholds, and ultimately, to prepare for new ways of working.

Manage Requirements in an Agile Environment Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Manage Requirements in an Agile Environment Blueprint – Agile and Requirements Management are complementary, not competitors

Provides support and guidance for organizations struggling with their requirements management practices in Agile environments.

  • Manage Requirements in an Agile Environment Storyboard

2. Agile Requirements Playbook – A practical playbook for aligning your teams, and articulating the guidelines for managing your requirements in Agile.

The Agile Requirements Playbook becomes THE artifact for your Agile requirements practices. Great for onboarding, reviewing progress, and ensuring a shared understanding of your ways of working.

  • Agile Requirements Playbook

3. Documentation Calculator – A tool for determining the right level of documentation for your organization, and whether you’re spending too much, or even not enough, on Agile Requirements documentation.

The Documentation Calculator can inform your documentation decison making, ensuring you're investing just the right amount of time, money, and effort.

  • Documentation Calculator

4. Agile Requirements Workbook – Supporting tools and templates in advancing your Agile Requirements practice, to be used in conjunction with the Agile Requirements Blueprint, and the Playbook.

This workbook is designed to capture the results of your exercises in the Manage Requirements in an Agile Environment Storyboard. Each worksheet corresponds to an exercise in the storyboard. This is a tool for you, so customize the content and layout to best suit your product. The workbook is also a living artifact that should be updated periodically as the needs of your team and organization change.

  • Agile Requirements Workbook

5. Agile Requirements Assessment – Establishes your current Agile requirements maturity, defines your target maturity, and supports planning to get there.

The Agile Requirements Assessment is a great tool for determining your current capabilities and maturity in Agile and Business Analysis. You can also articulate your target state, which enables the identification of capability gaps, the creation of improvement goals, and a roadmap for maturing your Agile Requirements practice.

  • Agile Requirements Assessment

Infographic

Workshop: Manage Requirements in an Agile Environment

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Framing Agile and Business Analysis

The Purpose

Sets the context for the organization, to ensure a shared understanding of the benefits of both Agile and business analysis/requirements management.

Key Benefits Achieved

Have a shared definition of Agile and business analysis / requirements.

Understand the current state of Agile and business analysis in your organization.

Activities

1.1 Define what Agile and business analysis mean in your organization.

1.2 Agile requirements assessment.

Outputs

Alignment on Agile and business analysis / requirements in your organization.

A current and target state assessment of Agile and business analysis in your organization.

2 Tailoring Your Approach

The Purpose

Confirm you’re going the right way for effective solution delivery.

Key Benefits Achieved

Confirm the appropriate delivery methodology.

Activities

2.1 Confirm your selected methodology.

Outputs

Confidence in your selected project delivery methodology.

3 Defining Your Requirements Thresholds

The Purpose

Provides the guardrails for your Agile requirements practice, to define a high-level process, roles and responsibilities, governance and decision-making, and how to deal with change.

Key Benefits Achieved

Clearly defined interactions between the BA and their partners

Define a plan for management and governance at the project team level

Activities

3.1 Define your agile requirements process.

3.2 Define your agile requirements RACI.

3.3 Define your governance.

3.4 Define your change and backlog refinement plan.

Outputs

Agile requirements process.

Agile requirements RACI.

A governance and documentation plan.

A change and backlog refinement approach.

4 Planning Your Next Steps

The Purpose

Provides the action plan to achieve your target state maturity

Key Benefits Achieved

Recognize and prepare for the new ways of working for communication, stakeholder engagement, within the team, and across the organization.

Establish a roadmap for next steps to mature your Agile requirements practice.

Activities

4.1 Define your stakeholder communication plan.

4.2 Identify your capability gaps.

4.3 Plan your agile requirements roadmap.

Outputs

A stakeholder communication plan.

A list of capability gaps to achieve your desired target state.

A prioritized roadmap to achieve the target state.

5 Agile Requirements Techniques (Optional)

The Purpose

To provide practical guidance on technique usage, which can enable an improved experience with technical elements of the blueprint.

Key Benefits Achieved

An opportunity to learn new tools to support your Agile requirements practice.

Activities

5.1 Managing requirements' traceability.

5.2 Creating and managing user stories.

5.3 Managing your requirements backlog.

5.4 Maintaining a requirements library.

Outputs

Support and advice for leveraging a given tool or technique.

Support and advice for leveraging a given tool or technique.

Support and advice for leveraging a given tool or technique.

Support and advice for leveraging a given tool or technique.

Further reading

Manage Requirements in an Agile Environment

Agile and requirements management are complementary, not competitors

Analyst's Perspective

The temptation when moving to Agile is to deemphasize good requirements practices in favor of perceived speed. If you're not delivering on the needs of the business then you have failed, regardless of how fast you've gone.

Delivery in Agile doesn't mean you stop needing solid business analysis. In fact, it's even more critical, to ensure your products and projects are adding value. With the rise of Agile, the role of the business analyst has been misunderstood.

As a result, we often throw out the analysis with the bathwater, thinking we'll be just fine without analysis, documentation, and deliberate action, as the speed and dexterity of Agile is enough.

Consequently, what we get is wasted time, money, and effort, with solutions that fail to deliver value, or need to be re-worked to get it right.

The best organizations find balance between these two forces, to align, and gain the benefits of both Agile and business analysis, working in tandem to manage requirements that bring solutions that are "just right".

This is a picture of Vincent Mirabelli

Vincent Mirabelli
Principal Research Director, Applications Delivery and Management
Info-Tech Research Group

EXECUTIVE BRIEF

Executive Summary

Your Challenge

The process of navigating from waterfall to Agile can be incredibly challenging. And even more problematic; how do you operate your requirements management practices once there? Since there traditionally isn't a role for a business analyst; the traditional keeper of requirements. it isn't like switching on a light.

You likely find yourself struggling to deliver high quality solutions and requirements in Agile. This is a challenge for many organizations, regardless of how long they've leveraged Agile.

But you aren't here for assurances. You're here for answers and help.

Common Obstacles

many organizations and teams face is that there are so busy doing Agile that they fail to be Agile.

Agile was supposed to be the saving grace of project delivery but is misguided in taking the short-term view of "going quickly" at the expense of important elements, such as team formation and interaction, stakeholder engagement and communication, the timing and sequencing of analysis work, decision-making, documentation, and dealing with change.

The idea that good requirements just happen because you have user stories is wrong. So, requirements remain superficial, as you "can iterate later"…but sometimes later never comes, or doesn't come fast enough.

Organizations need to be very deliberate when aligning their Agile and requirements management practices. The work is the same. How the work is done is what changes.

Info-Tech's Approach

Infotech's advice? Why choose? Why have to pick between traditional waterfall and Agile delivery? If Agile without analysis is a recipe for disaster, Agile with analysis is the solution. And how can you leverage the Info-Tech approach to align your Agile and requirements management efforts into a powerful combination?

Manage Requirements in an Agile Environment is your guide.

Use the contents and exercises of this blueprint to gain a shared understanding of the two disciplines, to find your balance in your approach, to define your thresholds, and ultimately, to prepare for new ways of working.

Info-Tech Insight

Agile and requirements management are complementary, not competitors.

The temptation when moving to Agile is to deemphasize good requirements practices in favor of perceived speed. If you're not delivering on the needs of the business, then you have failed, regardless of how fast you've gone.

Insight summary

Overarching insight

Agile and requirements management are complementary, not competitors.

The temptation when moving to Agile is to deemphasize good requirements practices in favor of perceived speed. If you're not delivering on the needs of the business, then you have failed, regardless of how fast you've gone

Phase 1 insight

  • The purpose of requirements in waterfall is for approval. The purpose in Agile is for knowledge management, as Agile has no memory.
  • When it comes to the Agile manifesto, "over" does not mean "instead of".
  • In Agile, the what of business analysis does doesn't change. What does change is the how and when that work happens.

Phase 2 insight

  • Understand your uncertainties; it's a great way to decide what level of Agile (if any) is needed.
  • Finding your "Goldilocks" zone will take time. Be patient.

Phase 3 insight

  • Right-size your governance, based on team dynamics and project complexity. A good referee knows when to step in, and when to let the game flow.
  • Agile creates a social contract amongst the team, and with their leaders and organization.
  • Documentation needs to be valuable. Do what is acceptable and necessary to move work to future steps. Not documenting also comes with a cost, but one you pay in the future. And that bill will come due, with interest (aka, technical debt, operational inefficiencies, etc.).
  • A lack of acceptable documentation makes it more difficult to have agility. You're constantly revalidating your current state (processes, practices and structure) and re-arguing decisions already made. This slows you down more than maintaining documentation ever would.

Phase 4 insight

  • Making Agile predictable is hard, because people are not predictable; people are prone to chaos.

There have been many challenges with waterfall delivery

It turns out waterfall is not that great at reducing risk and ensuring value delivery after all

  • Lack of flexibility
  • Difficulty in measuring progress
  • Difficulties with scope creep
  • Limited stakeholder involvement
  • Long feedback loops

48%
Had project deadlines more than double

85%
Exceeded their original budget by at least 20%

25%
At least doubled their original budget

This is an image of the waterfall project results

Source: PPM Express.

Agile was meant to address the shortcomings of waterfall

The wait for solutions was too long for our business partners. The idea of investing significant time, money, and resources upfront, building an exhaustive and complete vision of the desired state, and then waiting months or even years to get that solution, became unpalatable for them. And rightfully so. Once we cast a light on the pains, it became difficult to stay with the status quo. Given that organizations evolve at a rapid pace, what was a pain at the beginning of an initiative may not be so even 6 months later.

Agile became the answer.

Since its' first appearance nearly 20 years ago, Agile has become the methodology of choice for a many of organizations. According to the 15th Annual State of Agile report, Agile adoption within software development teams increased from 37% in 2020 to 86% in 2021.

Adopting Agile led to challenges with requirements

Requirements analysis, design maturity, and management are critical for a successful Agile transformation.

"One of the largest sources of failure we have seen on large projects is an immature Agile implementation in the context of poorly defined requirements."
– "Large Scale IT Projects – From Nightmare to Value Creation"

"Requirements maturity is more important to project outcomes than methodology."
– "Business Analysis Benchmark: Full Report"

"Mature Agile practices spend 28% of their time on analysis and design."
– "Quantitative Analysis of Agile Methods Study (2017): Twelve Major Findings"

"There exists a Requirements Premium… organizations using poor practices spent 62% more on similarly sized projects than organizations using the best requirements practices."
– "The Business Case for Agile Business Analysis" - Requirements Engineering Magazine

Strong stakeholder satisfaction with requirements results in higher satisfaction in other areas

This is an image of a bar graph comparing the percentage of respondents with high stakeholder satisfaction, to the percentage of respondents with low stakeholder satisfaction for four different categories.  these include: Availability of IT Capacity to Complete Projects; Overall IT Projects; IT Projects Meet Business Needs; Overall IT Satisfaction

N= 324 small organizations from Info-Tech Research Group's CIO Business Vision diagnostic.

Note: High satisfaction was classified as organizations with a score greater or equal to eight and low satisfaction was every organization that scored below eight on the same questions.

Info-Tech's Agile requirements framework

This is an image of Info-Tech's Agile requirements framework.  The three main categories are: Sprint N(-1); Sprint N; Sprint N(+1)

Agile requirements are a balancing act

Collaboration

Many subject matter experts are necessary to create accurate requirements, but their time is limited too.

Communication

Stakeholders should be kept informed throughout the requirements gathering process, but you need to get the right information to the right people.

Documentation

Recording, organizing, and presenting requirements are essential, but excessive documentation will slow time to delivery.

Control

Establishing control points in your requirements gathering process can help confirm, verify, and approve requirements accurately, but stage gates limit delivery.

What changes for the business analyst?

In Agile, the what of business analysis does not change.

What does change is the how and when that work happens.

Business analysts need to focus on six key elements when managing requirements in Agile.

  • Team formation and interaction
  • Stakeholder engagement and communication
  • The timing and sequencing of their work
  • Decision-making
  • Documentation
  • Dealing with change

Where does the business analysis function fit on an Agile team?

Team formation is key, as Agile is a team sport

A business analyst in an Agile team typically interacts with several different roles, including:

  • The product owner,
  • The Sponsor or Executive
  • The development team,
  • Other stakeholders such as customers, end-users, and subject matter experts
  • The Design team,
  • Security,
  • Testing,
  • Deployment.

This is an image the roles who typically interact with a Business Analyst.

How we do our requirements work will change

  • Team formation and interaction
  • Stakeholder engagement and communication
  • The timing and sequencing of their work
  • Decision-making
  • Documentation
  • Dealing with change

As a result, you'll need to focus on;

  • Emphasizing flexibility
  • Enabling continuous delivery
  • Enhancing collaboration and communication
  • Developing a user-centered approach

Get stakeholders on board with Agile requirements

  1. Stakeholder feedback and management support are key components of a successful Agile Requirements.
  2. Stakeholders can see a project's progression and provide critical feedback about its success at critical milestones.
  3. Management helps teams succeed by trusting them to complete projects with business value at top of mind and by removing impediments that are inhibiting their productivity.
  4. Agile will bring a new mindset and significant numbers of people, process, and technology changes that stakeholders and management may not be accustomed to. Working through these issues in requirements management enables a smoother rollout.
  5. Management will play a key role in ensuring long-term Agile requirements success and ultimately rolling it out to the rest of the organization.
  6. The value of leadership involvement has not changed even though responsibilities will. The day-to-day involvement in projects will change but continual feedback will ultimately dictate the success or failure of a project.

Measuring your success

Tracking metrics and measuring your progress

As you implement the actions from this Blueprint, you should see measurable improvements in;

  • Team and stakeholder satisfaction
  • Requirements quality
  • Documentation cost

Without sacrificing time to delivery

Metric Description and motivation
Team satisfaction (%) Expect team satisfaction to increase as a result of clearer role delineation and value contribution.
Stakeholder satisfaction (%) Expect Stakeholder satisfaction to similarly increase, as requirements quality increases, bringing increased value
Requirements rework Measures the quality of requirements from your Agile Projects. Expect that the Requirements Rework will decrease, in terms of volume/frequency.
Cost of documentation Quantifies the cost of documentation, including Elicitation, Analysis, Validation, Presentation, and Management
Time to delivery Balancing Metric. We don't want improvements in other at the expense of time to delivery

Info-Tech's methodology for Agile requirements

1. Framing Agile and Business Analysis

2. Tailoring Your Approach

3. Defining Your Requirements Thresholds

4. Planning Your Next Steps

Phase Activities

1.1 Understand the benefits and limitations of Agile and business analysis

1.2 Align Agile and business analysis within your organization

2.1 Decide the best-fit approach for delivery

2.2 Manage your requirements backlog

3.1 Define project roles and responsibilities

3.2 Define your level of acceptable documentation

3.3 Manage requirements as an asset

3.4 Define your requirements change management plan

4.1 Preparing new ways of working

4.2 Develop a roadmap for next steps

Phase Outcomes

Recognize the benefits and detriments of both Agile and BA.

Understand the current state of Agile and business analysis in your organization.

Confirm the appropriate delivery methodology.

Manage your requirements backlog.

Connect the business need to user story.

Clearly defined interactions between the BA and their partners.

Define a plan for management and governance at the project team level.

Documentation and tactics that are right-sized for the need.

Recognize and prepare for the new ways of working for communication, stakeholder engagement, within the team, and across the organization.

Establish a roadmap for next steps to mature your Agile requirements practice.

Blueprint tools and templates

Key deliverable:

This is a screenshot from the Agile Requirements Playbook

Agile Requirements Playbook

A practical playbook for aligning your teams and articulating the guidelines for managing your requirements in Agile

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

This is a screenshot from the Documentation Calculator

Documentation Calculator

A tool to help you answer the question: What is the right level of Agile requirements documentation for my organization?

This is a screenshot from the Agile Requirements Assessment

Agile Requirements Assessment

Establishes your current maturity level, defines your target state, and supports planning to get there.

This is a screenshot from the Agile Requirements Workbook

Agile Requirements Workbook

Supporting tools and templates in advancing your Agile requirements practice, to be used with the Agile Requirements Blueprint and Playbook.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation

"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

Workshop

"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

Consulting

"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Day 1 Day 2 Day 3 Day 4 Day 5
1. Framing Agile and Business Analysis / 2. Tailoring Your Approach 3. Defining Your Requirements
Thresholds
3. Defining Your Requirements Thresholds / 4. Planning Your Next Steps (OPTIONAL) Agile Requirements Techniques (a la carte) Next Steps and Wrap-Up (Offsite)

Activities

What does Agile mean in your organization? What do requirements mean in your organization?

Agile Requirements Assessment

Confirm your selected methodology

Define your Agile requirements process

Define your Agile requirements RACI (Optional)

Define your Agile requirements governance

Defining your change management plan

Define your

communication plan

Capability gap list

Planning your Agile requirements roadmap

Managing requirements traceability

Creating and managing user stories

Managing your requirements backlog

Maintaining a requirements library

Develop Agile Requirements Playbook

Complete in-progress deliverables from previous four days.

Set up review time for workshop deliverables and next steps

Outcomes

Shared definition of Agile and business analysis / requirements

Understand the current state of Agile and business analysis in your organization

Agile requirements process

Agile requirements RACI (Optional)

Defined Agile requirements governance and documentation plan

Change and backlog refinement plan

Stakeholder communication plan

Action plan and roadmap for maturing your Agile requirements practice

Practical knowledge and practice about various tactics and techniques in support of your Agile requirements efforts

Completed Agile Requirements Playbook

Guided Implementation

Phase 1 Phase 2 Phase 3 Phase 4

Call #1: Scope objectives, and your specific challenges.

Call #4: Define your approach to project delivery.

Call #6: Define your Agile requirements process.

Call #9: Identify gaps from current to target state maturity.

Call #2: Assess current maturity.

Call #5: Managing your requirements backlog.

Call #7: Define roles and responsibilities.

Call #10: Pprioritize next steps to mature your Agile requirements practice.

Call #3: Identify target-state capabilities.

Call #8: Define your change and backlog refinement approach.

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 10 calls over the course of 4 to 6 months.

Framing Agile and Business Analysis

Phase 1

Framing Agile and Business Analysis

Phase 1Phase 2Phase 3Phase 4

1.1 Understand the benefits and limitations of Agile and business analysis

1.2 Align Agile and business analysis within your organization

2.1 Confirm the best-fit approach for delivery

2.2 manage your requirements backlog

3.1 Define project roles and responsibilities

3.2 define your level of acceptable documentation

3.3 Manage requirements as an asset

3.4 Define your requirements change management plan

4.1 Preparing new ways of working

4.2 Develop a roadmap for next steps

This phase will walk you through the following activities:

  • EXERCISE: What do Agile and requirements mean in your organization?
  • ASSESSMENT: Agile requirements assessment
  • KEY DELIVERABLE: Agile Requirements Playbook

This phase involves the following participants:

  • Business analyst and project team
  • Stakeholders
  • Sponsor/Executive

Managing Requirements in an Agile Environment

Step 1.1

Understand the benefits and limitations of Agile and business analysis

Activities

1.1.1 Define what Agile and business analysis mean in your organization

This step involves the following participants:

  • Business analyst and project team
  • Sponsor/Executive

Outcomes of this step

  • Recognize the benefits and detriments of both Agile and business analysis

Framing Agile and Business Analysis

There have been many challenges with waterfall delivery

It turns out waterfall is not that great at reducing risk and ensuring value delivery after all

  • Lack of flexibility
  • Difficulty in measuring progress
  • Difficulties with scope creep
  • Limited stakeholder involvement
  • Long feedback loops

48%
Had project deadlines more than double

85%
Exceeded their original budget by at least 20%

25%
At least doubled their original budget

This is an image of the Waterfall Project Results

Source: PPM Express.

Business analysis had a clear home in waterfall

Business analysts had historically been aligned to specific lines of business, in support of their partners in their respective domains. Somewhere along the way, the function was moved to IT. Conceptually this made sense, in that it allowed BAs to provide technical solutions to complex business problems. This had the unintended result of lost domain knowledge, and connection to the business.

It all starts with the business. IT enables business goals. The closer you can get to the business, the better.

Business analysts were the main drivers of helping to define the business requirements, or needs, and then decompose those into solution requirements, to develop the best option to solve those problems, or address those needs. And the case for good analysis was clear. The later a poor requirement was caught, the more expensive it was to fix. And if requirements were poor, there was no way to know until much later in the project lifecycle, when the cost to correct them was exponentially higher, to the tune of 10-100x the initial cost.

This is an image of a graph showing the cost multiplier for Formulating Requirements, Architecture Design, Development, Testing and, Operations

Adapted from PPM Express. "Why Projects Fail: Business Analysis is the Key".

Agile was meant to address the shortcomings of waterfall

The wait for solutions was too long for our business partners. The idea of investing significant time, money, and resources upfront, building an exhaustive and complete vision of the desired state, and then waiting months or even years to get that solution became unpalatable for them. And rightfully so. Once we cast a light on the pains, it became difficult to stand pat in the current state. And besides, organizations evolve at a rapid pace. What was a pain at the beginning of an initiative may not be so even six months later.

Agile became the answer.

Since its first appearance nearly 20 years ago, Agile has become the methodology of choice for a huge swathe of organizations. According to the 15th Annual State of Agile report, Agile adoption within software development teams increased from 37% in 2020 to 86% in 2021.

To say that's significant is an understatement.

The four core values of Agile helped shift focus

According to the Agile manifesto, "We value. . ."

This is an image of what is valued according to the Agile Manifesto.

"…while there is value in the items on the right, we value the items on the left more."

Source: Agilemanifesto, 2001

Agile has made significant inroads in IT and beyond

94% of respondents report using Agile practices in their organization

according to Digital.AI's "The 15th State of Agile Report"

That same report notes a steady expansion of Agile outside of IT, as other areas of the organization seek to benefit from increased agility and responsiveness, including Human Resources, Finance and Marketing.

While it addressed some problems…

This is an image of the Waterfall Project Results, compared to Agile Product Results.

"Agile projects are 37% faster to market than [the] industry average"

(Requirements Engineering Magazine, 2017)

  • Business requirements documents are massive and unreadable
  • Waterfall erects barriers and bottlenecks between the business and the development team
  • It's hard to define the solution at the outset of a project
  • There's a long turnaround between requirements work and solution delivery
  • Locking in requirements dictates an often-inflexible solution. And the costs to make changes tend to add up.

…Implementing Agile led to other challenges

This is an image of a series of thought bubbles, each containing a unique challenge resulting from implementing Agile.

Adopting Agile led to challenges with requirements

Requirements analysis, design maturity, and management are critical for a successful Agile transformation.

"One of the largest sources of failure we have seen on large projects is an immature Agile implementation in the context of poorly defined requirements."
– BCG, 2015

"Requirements maturity is more important to project outcomes than methodology."
– IAG Consulting, 2009.

"Mature Agile practices spend 28% of their time on analysis and design."
– InfoQ, 2017."

"There exists a Requirements Premium… organizations using poor practices spent 62% more on similarly sized projects than organizations using the best requirements practices."
– Requirements Engineering Magazine, 2017

Strong stakeholder satisfaction with requirements results in higher satisfaction in other areas

This is an image of a bar graph comparing the percentage of respondents with high stakeholder satisfaction, to the percentage of respondents with low stakeholder satisfaction for four different categories.  these include: Availability of IT Capacity to Complete Projects; Overall IT Projects; IT Projects Meet Business Needs; Overall IT Satisfaction

N= 324 small organizations from Info-Tech Research Group's CIO Business Vision diagnostic.

Note: High satisfaction was classified as organizations with a score greater or equal to eight and low satisfaction was every organization that scored below eight on the same questions.

Agile is being misinterpreted as an opportunity to bypass planning and analysis activities

Agile is a highly effective tool.

This isn't about discarding Agile. It is being used for things completely outside of what was originally intended. When developing products or code, it is in its element. However, outside of that realm, its being used to bypass business analysis activities, which help define the true customer and business need.

Business analysts were forced to adapt and shift focus. Overnight they morphed into product owners, or no longer had a place on the team. Requirements and analysis took a backseat.

The result?

Increased rework, decreased stakeholder satisfaction, and a lot of wasted money and effort.

"Too often, the process of two-week sprints becomes the thing, and the team never gets the time and space to step back and obsess over what is truly needed to delight customers."
Harvard Business Review, 9 April 2021.

Info-Tech Insight

Requirements in Agile are the same, but the purpose of requirements changes.

  • The purpose of requirements in waterfall is for stakeholder approval.
  • The purpose of requirements in Agile is knowledge management; to maintain a record of the current state.

Many have misinterpreted the spirit of Agile and waterfall

The stated principles of waterfall say nothing of how work is to be linear.

This is an image of a comparison between using Agile and Being Prescriptive.This is an image of Royce's 5 principles for success.

Source: Royce, Dr. Winston W., 1970.

For more on Agile methodology, check out Info-Tech's Agile Research Centre

How did the pendulum swing so far?

Shorter cycles of work made requirements management more difficult. But the answer isn't to stop doing it.

Organizations went from engaging business stakeholders up front, and then not until solution delivery, to forcing those partners to give up their resources to the project. From taking years to deliver a massive solution (which may or may not even still fit the need) to delivering in rapid cycles called sprints.

This tug-of-war is costing organizations significant time, money, and effort.

Your approach to requirements management needs to be centered. We can start to make that shift by better aligning our Agile and business analysis practices. Outside of the product space, Agile needs to be combined with other disciplines (Harvard Business Review, 2021) to be effective.

Agility is important. Though it is not a replacement for approach or strategy (RCG Global Services, 2022). In Agile, team constraints are leveraged because of time. There is a failure to develop new capabilities to address the business needs Harvard Business Review, 2021).

Agility needs analysis.

Agile requirements are a balancing act

Collaboration

Many subject matter experts are necessary to create accurate requirements, but their time is limited too.

Communication

Stakeholders should be kept informed throughout the requirements gathering process, but you need to get the right information to the right people.

Documentation

Recording, organizing, and presenting requirements are essential, but excessive documentation will slow time to delivery.

Control

Establishing control points in your requirements gathering process can help confirm, verify, and approve requirements accurately, but stage gates limit delivery.

Start by defining what the terms mean in your organization

We do this because there isn't even agreement by the experts on what the terms "Agile" and "business analysis" mean, so let's establish a definition within the context of your organization.

1.1.1 What do Agile and business analysis mean in your organization?

Estimated time: 30 Minutes

  1. Explore the motivations behind the need for aligning Agile with business analysis. Are there any current challenges related to outputs, outcomes, quality? How can the team and organization align the two more effectively for the purposes of requirements management?
  2. Gather the appropriate stakeholders to discuss their definition of the terms "Agile" and "business analysis" It can be related to their experience, practice, or things they've read or heard.
  3. Brainstorm and document all shared thoughts and perspectives.
  4. Synthesize those thoughts and perspectives into a shared definition of each term, of a sentence or two.
  5. Revisit this definition as needed, and as your Agile requirements efforts evolve.

Input

  • Challenges and experiences/perspectives related to Agile and business requirements

Output

  • A shared definition of Agile and business analysis, to help guide alignment on Agile requirements management

Materials

  • Agile Requirements Workbook

Participants

  • Business Analyst(s)
  • Project Team
  • Sponsor/Executive
  • Relevant Stakeholders

Build your Agile Requirements Playbook

Keep the outcomes of this blueprint in a single document

Share at the beginning of a new project, as part of team member onboarding, and revisit as your practice matures.

This is a series of three screenshots from the Agile Requirements Playbook.

Your Agile Requirements Playbook will include

  • Your shared definition of Agile and business analysis for your organization
  • The Agile Requirements Maturity Assessment
  • A Methodology Selection Matrix
  • Agile requirements RACI
  • A defined Agile requirements process
  • Documentation Calculator
  • Your Requirements Repository Information
  • Capability Gap List (from current to target state)
  • Target State Improvement Roadmap and Action Plan

Step 1.2

Align Agile and Business Analysis Within Your Organization

Activities

1.2.1 Assess your Agile requirements maturity

This step involves the following participants:

  • Business Analyst and Project Team
  • Stakeholders
  • Sponsor/Executive

Outcomes of this step

  • Complete the Agile Requirements Maturity Assessment to establish your current and target states

Framing Agile and Business Analysis

Consider the question: "Why Agile?"

What is the driving force behind that decision?

There are many reasons to leverage the power of Agile within your organization, and specifically as part of your requirements management efforts. And it shouldn't just be to improve productivity. That's only one aspect.
Begin by asking, "Why Agile?" Are you looking to improve:

  • Time to market
  • Team engagement
  • Product quality
  • Customer satisfaction
  • Stakeholder engagement
  • Employee satisfaction
  • Consistency in delivery of value
  • Predictably of your releases

Or a combination of the above?

Info-Tech Insight

Project delivery methodologies aren't either/or. You don't have to be 100% waterfall or 100% Agile. Select the right approach for your project, product, or service.

In the end, your business partners don't want projects delivered faster, they want value faster!

For more on understanding Agile, check out the Implement Agile Practices That Work Blueprint

Responses to a 2019 KPMG survey:

13% said that their top management fully supports Agile transformation.

76% of organizations did not agree that their organization supports Agile culture.

62% of top management believe Agile has no implications for them.

What changes for the business analyst?

Business analysts need to focus on six key elements when managing requirements in Agile.

  • Team formation and interaction
  • Stakeholder engagement and communication
  • The timing and sequencing of their work
  • Decision-making
  • Documentation
  • Dealing with change

In Agile, the what of business analysis does not change.

What does change is the how and when that work happens.

1.2.1 Assess your Agile requirements maturity

This is a series of screenshots from the Agile Requirements Maturity Assessment.

1.2.1 Assess your Agile requirements maturity

Estimated time: 30 Minutes

    1. Using the Agile Requirements Maturity Assessment, gather all appropriate stakeholders, and discuss and score the current state of your practice. Scoring can be done by:
      1. Consensus: Generally better with a smaller group, where the group agrees the score and documents the result
      2. Average: Have everyone score individually, and aggregate the results into an average, which is then entered.
      3. Weighted Average: As above, but weight the individual scores by individual or line of business to get a weighted average.
    2. When current state is complete, revisit to establish target state (or hold as a separate session) using the same scoring approach as in current state.
      1. Recognize that there is a cost to maturity, so don't default to the highest score by default.
      2. Resist the urge at this early stage to generate ideas to navigate from current to target state. We will re-visit this exercise in Phase 4, once we've defined other pieces of our process and practice.

Input

  • Participant knowledge and experience

Output

  • A current and target state assessment of your Agile requirements practice

Materials

  • Agile Requirements Maturity Assessment

Participants

  • Business Analyst(s)
  • Project Team
  • Sponsor/Executive
  • Relevant Stakeholders

Tailoring Your Approach

Phase 2

Phase 1Phase 2Phase 3Phase 4

1.1 Understand the benefits and limitations of Agile and business analysis

1.2 Align Agile and business analysis within your organization

2.1 Confirm the best-fit approach for delivery

2.2 manage your requirements backlog

3.1 Define project roles and responsibilities

3.2 define your level of acceptable documentation

3.3 Manage requirements as an asset

3.4 Define your requirements change management plan

4.1 Preparing new ways of working

4.2 Develop a roadmap for next steps

This phase will walk you through the following activities:

  • Selecting the appropriate delivery methodology
  • Managing your requirements backlog
  • Tracing from business need to user story

This phase involves the following participants:

  • Business Analyst(s)
  • Project Team
  • Sponsor/Executive
  • Relevant Stakeholders

Managing Requirements in an Agile Environment

Step 2.1

Confirm the Best-fit Approach for Delivery

Activities

2.1.1 Confirm your methodology

This step involves the following participants:

  • Business Analyst(s)
  • Project Team
  • Sponsor/Executive
  • Relevant Stakeholders

Outcomes of this step

  • A review of potential delivery methodologies to select the appropriate, best-fit approach to your projects

Confirming you're using the best approach doesn't have be tricky

Selecting the right approach (or confirming you're on the right track) is easier when you assess two key inputs to your project; your level of certainty about the solution, and the level of complexity among the different variables and inputs to your project, such as team experience and training, the number of impacted stakeholders or context. lines of business, and the organizational

Solution certainty refers to the level of understanding of the problem and the solution at the start of the project. In projects with high solution certainty, the requirements and solutions are well defined, and the project scope is clear. In contrast, projects with low solution certainty have vague or changing requirements, and the solutions are not well understood.

Project complexity refers to the level of complexity of the project, including the number of stakeholders, the number of deliverables, and the level of technical complexity. In projects with high complexity, there are many stakeholders with different priorities, many deliverables, and high technical complexity. In contrast, projects with low complexity have fewer stakeholders, fewer deliverables, and lower technical complexity.

"Agile is a fantastic approach when you have no clue how you're going to solve a problem"

  • Ryan Folster, Consulting Services Manager, Business Analysis, Dimension Data

Use Info-Tech's methodology selection matrix

Waterfall methodology is best suited for projects with high solution certainty and high complexity. This is because the waterfall model follows a linear and sequential approach, where each phase of the project is completed before moving on to the next. This makes it ideal for projects where the requirements and solutions are well-defined, and the project scope is clear.

On the other hand, Agile methodology is best suited for projects with low solution certainty. Agile follows an iterative and incremental approach, where the requirements and solutions are detailed and refined throughout the project. This makes it ideal for projects where the requirements and solutions are vague or changing.

Note that there are other models that exist for determining which path to take, should this approach not fit within your organization.

Use info-tech's-methodology-selection-matrix

This is an image of Info-Tech’s methodology selection matrix

Adapted from The Chaos Report, 2015 (The Standish Group)

Download the Agile Requirements Workbook

2.1.1 Confirm your methodology

Estimated time: 30 Minutes

  1. Using the Agile Requirements Workbook, find the tab labelled "Methodology Assessment" and answer the questions to establish your complexity and certainty scores, where;

1 = Strongly disagree
2 = Disagree
3 = Neutral
4 = Agree
5 = Strongly agree.

  1. In the same workbook, plot the results in the grid on the tab labelled "Methodology Matrix".
  2. Projects falling into Green are good fits for Agile. Yellow are viable. And Red may not be a great fit for Agile.
  3. Note: Ultimately, the choice of methodology is yours. Recognize there may be additional challenges when a project is too complex, or uncertainty is high.

Input

  • Current project complexity and solution certainty

Output

  • A clear choice of delivery methodology

Materials

  • Agile Requirements Workbook

Participants

  • Business Analyst(s)
  • Project Team
  • Sponsor/Executive
  • Relevant Stakeholders

Step 2.2

Manage Your Requirements Backlog

Activities

2.2.1 Create your user stories

This step involves the following participants:

  • Business Analyst(s)
  • Project Team
  • Sponsor/Executive
  • Relevant Stakeholders

Outcomes of this step

  • Understand how to convert requirements into user stories, which populate the Requirements Backlog.

Tailoring Your Approach

There is a hierarchy to requirements

This is a pyramid, with the base being: Solution Requirements; The middle being: Stakeholder Requirements; and the Apex being: Business Requirements.
  • Higher-level statements of the goals, objectives, or needs of the enterprise.
  • Business requirements focus on the needs of the organization, and not the stakeholders within it.

Defines

Intended benefits and outcomes

  • Statements of the needs of a particular stakeholder or class of stakeholders, and how that stakeholder will interact with a solution.

Why it is needed, and by who

  • Describes the characteristics of a solution that meets business requirements and stakeholder requirements. Functional describes the behavior and information that the solution will manage. They describe capabilities the system will be able to perform in terms of behaviors or operations. Non-functional represents constraints on the ultimate solution and tends to be less negotiable.

What is needed, and how its going to be achieved

Connect the dots with a traceability matrix

Business requirements describe what a company needs in order to achieve its goals and objectives. Solution requirements describe how those needs will be met. User stories are a way to express the functionality that a solution will provide from the perspective of an end user.

A traceability matrix helps clearly connect and maintain your requirements.

To connect business requirements to solution requirements, you can start by identifying the specific needs that the business has and then determining how those needs can be met through technology or other solutions; or what the solution needs to do to meet the business need. So, if the business requirement is to increase online sales, a solution requirement might include implementing a shopping cart feature on your company website.

Once you have identified the solution requirements, you can then use those to create user stories. A user story describes a specific piece of functionality that the solution will provide from the perspective of a user.

For example, "As a customer, I want to be able to add items to my shopping cart so that I can purchase them." This user story is directly tied to the solution requirement of implementing a shopping cart feature.

Tracing from User Story back up to Business Requirement is essential in ensuring your solutions support your organization's strategic vison and objectives.

This is an image of a traceability matrix for Business Requirements.

Download the Info-Tech Requirements Traceability Matrix

Improve the quality of your solution requirements

A solution requirement is a statement that clearly outlines the functional capability that the business needs from a system or application.

There are several attributes to look for in requirements:

Verifiable

Unambiguous

Complete

Consistent

Achievable

Traceable

Unitary

Agnostic

Stated in a way that can be easily tested

Free of subjective terms and can only be interpreted in one way

Contains all relevant information

Does not conflict with other requirements

Possible to accomplish with budgetary and technological constraints

Trackable from inception through to testing

Addresses only one thing and cannot be decomposed into multiple requirements

Doesn't pre-suppose a specific vendor or product

For more on developing high quality requirements, check out the Improve Requirements Gathering Blueprint

Prioritize your requirements

When everything is a priority, nothing is a priority.

Prioritization is the process of ranking each requirement based on its importance to project success. Each requirement should be assigned a priority level. The delivery team will use these priority levels to ensure efforts are targeted toward the proper requirements as well as to plan features available on each release. Use the MoSCoW Model of Prioritization to effectively order your requirements.

The MoSCoW Model of Prioritization

This is an image of The MoSCoW Model of Prioritization

The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994

(Source: ProductPlan).

Base your prioritization on the right set of criteria

Criteria Description
Regulatory and legal compliance These requirements will be considered mandatory.
Policy compliance Unless an internal policy can be altered or an exception can be made, these requirements will be considered mandatory.
Business value significance Give a higher priority to high-value requirements.
Business risk Any requirement with the potential to jeopardize the entire project should be given a high priority and implemented early.
Likelihood of success Especially in proof-of-concept projects, it is recommended that requirements have good odds.
Implementation complexity Give a higher priority to low implementation difficulty requirements.
Alignment with strategy Give a higher priority to requirements that enable the corporate strategy.
Urgency Prioritize requirements based on time sensitivity.
Dependencies A requirement on its own may be low priority, but if it supports a high-priority requirement, then its priority must match it.

Info-Tech Insight

It is easier to prioritize requirements if they have already been collapsed, resolved, and rewritten. There is no point in prioritizing every requirement that is elicited up front when some of them will eventually be eliminated.

Manage solution requirements in a Product backlog

What is a backlog?

Agile teams are familiar with the use of a Sprint Backlog, but in Requirements Management, a Product Backlog is a more appropriate choice.

A product backlog and a Sprint backlog are similar in that they are both lists of items that need to be completed in order to deliver a product or project, but there are some key differences between the two.

A product backlog is a list of all the features, user stories, and requirements that are needed for a product or project. It is typically created and maintained by the business analyst or product owner and is used to prioritize and guide the development of the product.

A Sprint backlog, on the other hand, is a list of items specifically for an upcoming sprint, which is an iteration of work in Scrum. The Sprint backlog is created by the development team and is used to plan and guide the work that will be done during the sprint. The items in the Sprint backlog are typically taken from the product backlog and are prioritized based on their importance and readiness.

For more on building effective product backlogs, visit Deliver on Your Digital Product Vision

A backlog stores and organizes requirements at various stages

Your backlog must give you a holistic understanding of demand for change in the product.

A well-formed backlog can be thought of as a DEEP backlog

Detailed appropriately: Requirements are broken down and refined as necessary

Emergent: The backlog grows and evolves over time as requirements are added and removed.

Estimated: The effort to deliver a requirement is estimated at each tier.

Prioritized: A requirement's value and priority are determined at each tier.

This is an image of an inverted funnel, with the top being labeled: Ideas; The middle being labeled: Qualified; and the bottom being labeled: Ready.

Adapted from Essential Scrum

Ensure requests and requirements are ready for development

Clearly define what it means for a requirement, change, or maintenance request to be ready for development.

This will help ensure the value and scope of each functionality and change are clear and well understood by both developers and stakeholders before the start of the sprint. The definition of ready should be two-fold: ready for the backlog, and ready for coding.

  1. Create a checklist that indicates when a requirement or request is ready for the development backlog. Consider the following questions:
    1. Is the requirement or request in the correct format?
    2. Does the desired functionality or change have significant business value?
    3. Can the requirement or request be reasonably completed within defined release timelines under the current context?
    4. Does the development team agree with the budget and points estimates?
    5. Is there an understanding of what the requirement or request means from the stakeholder or user perspective?
  2. Create a checklist that indicates when a requirement or request is ready for development. Consider the following questions:
    1. Have the requirements and requests been prioritized in the backlog?
    2. Has the team sufficiently collaborated on how the desired functionality or change can be completed?
    3. Do the tasks in each requirement or request contain sufficient detail and direction to begin development?
    4. Can the requirement or request be broken down into smaller pieces?

Converting solution requirements into user stories

Define the user

Who will be interacting with the product or feature being developed? This will help to focus the user story on the user's needs and goals.

Create the story

Create the user story using the following template: "As a [user], I want [feature] so that [benefit]."
This helps articulate the user's need and the value that the requirement will provide.

Decompose

User stories are typically too large to be implemented in a single sprint, so they should be broken down into smaller, more manageable tasks.

Prioritize

User stories are typically too large to be implemented in a single sprint, so they should be broken down into smaller, more manageable tasks.

2.2.1 Create your user stories

Estimated time: 60 Minutes

  1. Gather the project team and relevant stakeholders. Have access to your current list of solution requirements.
  2. Leverage the approach on previous slide "Converting Solution Requirements into User Stories" to generate a collection of user stories.

NOTE: There is not a 1:1 relationship between requirements and user stories.
It is possible that a single requirement will have multiple user stories, and similarly, that a single user story will apply to multiple solution requirements.

Input

  • Requirements
  • Use Case Template

Output

  • A collection of user stories

Materials

  • Current Requirements

Participants

  • Business Analyst(s)
  • Project Team
  • Relevant Stakeholders

Use the INVEST model to create good user stories

At this point your requirements should be high-level stories. The goal is to refine your backlog items, so they are . . .

A vertical image of the Acronym: INVEST, taken from the first letter of each bolded word in the column to the right of the image.

Independent: Ideally your user stories can be built in any order (i.e. independent from each other). This allows you to prioritize based on value and not get caught up in sequencing and prerequisites.
Negotiable: As per the Agile principle, collaboration over contracts. Your user stories are meant to facilitate collaboration between the developer and the business. Therefore, they should be built to allow negotiation between all parties.
Valuable: A user story needs to state the value so it can be effectively prioritized, but also so developers know what they are building.
Estimable: As opposed to higher-level approximation given to epics, user stories need more accuracy in their estimates in order to, again, be effectively prioritized, but also so teams can know what can fit into a sprint or release plans.
Small: User stories should be small enough for a number of them to fit into a sprint. However, team size and velocity will impact how many can be completed. A general guideline is that your teams should be able to deliver multiple stories in a sprint.
Testable: Your stories need to be testable, which means they must have defined acceptance criteria and any related test cases as defined in your product quality standards.
Source: Agile For All

Defining Your Requirements Thresholds

Phase 3

Defining Your Requirements Thresholds

Phase 1Phase 2Phase 3Phase 4

1.1 Understand the benefits and limitations of Agile and business analysis

1.2 Align Agile and business analysis within your organization

2.1 Confirm the best-fit approach for delivery

2.2 manage your requirements backlog

3.1 Define project roles and responsibilities

3.2 define your level of acceptable documentation

3.3 Manage requirements as an asset

3.4 Define your requirements change management plan

4.1 Preparing new ways of working

4.2 Develop a roadmap for next steps

This phase will walk you through the following activities:

  • Assigning roles and responsibilities optional (Tool: RACI)
  • Define your Agile requirements process
  • Calculate the cost of your documentation (Tool: Documentation Calculator)
  • Define your backlog refinement plan

This phase involves the following participants:

  • Business Analyst(s)
  • Project Team
  • Sponsor/Executive
  • Relevant Stakeholders

Managing Requirements in an Agile Environment

Step 3.1

Define Project Roles and Responsibilities

Activities

3.1.1 Define your Agile requirements RACI (optional)

3.1.2 Define your Agile requirements process

Defining Your Requirements Thresholds

This step involves the following participants:

  • Business Analyst(s)
  • Project Team
  • Sponsor/Executive
  • Relevant Stakeholders

Outcomes of this step

  • A defined register of roles and responsibilities, along with a defined process for how Agile requirements work is to be done.

Defining Your Requirements Thresholds

Where does the BA function fit on an Agile team?

Team formation is key, as Agile is a team sport

A business analyst in an Agile team typically interacts with several different roles, including the product owner, development team, and many other stakeholders throughout the organization.

This is an image the roles who typically interact with a Business Analyst.

  • The product owner, to set the priorities and direction of the project, and to gather requirements and ensure they are being met. Often, but not always, the BA and product owner are the same individual.
  • The development team, to provide clear and concise requirements that they can use to build and test the product.
  • Other stakeholders, such as customers, end-users, and subject matter experts to gather their requirements, feedback and validate the solution.
    • Design, to ensure that the product meets user needs. They may provide feedback and ensure that the design is aligned with requirements.
    • Security, to ensure that the solution meets all necessary security requirements and to identify potential risks and appropriate use of controls.
    • Testing, to ensure that the solution is thoroughly tested before it is deployed. They may create test cases or user scenarios that validate that everything is working as intended.
    • Deployment, to ensure that the necessary preparations have been made, including testing, security, and user acceptance.

Additionally, during the sprint retrospectives, the team will review their performance and find ways to improve for the next sprint. As a team member, the business analyst helps to identify areas where the team could improve how they are working with requirements and understand how the team can improve communication with stakeholders.

3.1.1 (Optional) Define Your Agile Requirements RACI

Estimated Time: 60 Minutes

  1. Identify the project deliverables: The first step is to understand the project deliverables and the tasks that are required to complete them. This will help you to identify the different roles and responsibilities that need to be assigned.
  2. Define the roles and responsibilities: Identify the different roles that will be involved in the project and their associated responsibilities. These roles may include project manager, product owner, development team, stakeholders, and any other relevant parties.
  3. Assign RACI roles: Assign a RACI role to each of the identified tasks. The RACI roles are:
    1. Responsible: the person or team who is responsible for completing the task
    2. Accountable: the person who is accountable for the task being completed on time and to the required standard
    3. Consulted: the people or teams who need to be consulted to ensure the task is completed successfully
    4. Informed: the people or teams who need to be informed of the task's progress and outcome
  4. Create the RACI chart: Use the information gathered in the previous steps to create a matrix or chart that shows the tasks, the roles, and the RACI roles assigned to each task.
  5. Review and refine: Review the RACI chart with the project team and stakeholders to ensure that it accurately reflects the roles and responsibilities of everyone involved. Make any necessary revisions and ensure that all parties understand their roles and responsibilities.
  6. Communicate and implement: Communicate the RACI chart to all relevant parties and ensure that it is used as a reference throughout the project. This will help to ensure that everyone understands their role and that tasks are completed on time and to the required standard.

Input

  • A list of required tasks and activities
  • A list of stakeholders

Output

  • A list of defined roles and responsibilities for your project

Materials

  • Agile Requirements Workbook

Participants

  • Business Analyst(s)
  • Project Team
  • Sponsor/Executive
  • Relevant Stakeholders

A Case Study in Team Formation

Industry: Anonymous Organization in the Energy sector
Source: Interview

Challenge

Agile teams were struggling to deliver within a defined sprint, as there were consistent delays in requirements meeting the definition of ready for development. As such, sprints were often delayed, or key requirements were descoped and deferred to a future sprint.

During a given two-week sprint cycle, the business analyst assigned to the team would be working along multiple horizons, completing elicitation, analysis, and validation, while concurrently supporting the sprint and dealing with stakeholder changes.

Solution

As a part of addressing this ongoing pain, a pilot program was run to add a second business analyst to the team.

The intent was, as one is engaged preparing requirements through elicitation, analysis, and validation for a future sprint, the second is supporting the current sprint cycle, and gaining insights from stakeholders to refine the requirements backlog.

Essentially, these two were leap-frogging each other in time. At all times, one BA was focused on the present, and one on the future.

Result

A happier team, more satisfied stakeholders, and consistent delivery of features and functions by the Agile teams. The pilot team outperformed all other Agile teams in the organization, and the "2 BA" approach was made the new standard.

Understanding the Agile requirements process

Shorter cycles make effective requirements management more necessary, not less

Short development cycles can make requirements management more difficult because they often result in a higher rate of change to the requirements. In a shorter timeframe, there is less time to gather and verify requirements, leading to a higher likelihood of poor or incomplete requirements. Additionally, there may be more pressure to make decisions quickly, which can lead to less thorough analysis and validation of requirements. This can make it more challenging to ensure that the final solution meets the needs of the stakeholders.
When planning your requirements cycles, it's important to consider;

  • Your sprint logistics (how long?)
  • Your release plan (at the end of every sprint, monthly, quarterly?)
  • How the backlog will be managed (as tickets, on a visual medium, such as a Kanban board?)
  • How will you manage communication?
  • How will you monitor progress?
  • How will future sprint planning happen?

Info-Tech's Agile requirements framework

Sprint N(-1)

Sprint N

Sprint N(+1)

An image of Sprint N(-1) An image of Sprint N An image of Sprint N(+1)

Changes from waterfall to Agile

Gathering and documenting requirements: Requirements are discovered and refined throughout the project, rather than being gathered and documented up front. This can be difficult for business analysts who are used to working in a waterfall environment where all requirements are gathered and documented before development begins.
Prioritization of requirements: Requirements are prioritized based on their value to the customer and the team's ability to deliver them. This can be difficult for business analysts who are used to prioritizing requirements based on the client's needs or their own understanding of what is important.

Defining acceptance criteria: Acceptance criteria are defined for each user story to ensure that the team understands what needs to be delivered. Business analysts need to understand how to write effective acceptance criteria and how to use them to ensure that the team delivers what the customer needs.
Supporting Testing and QA: The business analyst plays a role in ensuring that testing (and test cases) are completed and of proper quality, as defined in the requirements.

Managing changing requirements: It is expected that requirements will change throughout the project. Business analysts need to be able to adapt quickly to changing requirements and ensure that the team is aware of the changes and how they will impact the project.
Collaboration with stakeholders: Requirements are gathered from a variety of stakeholders, including customers, users, and team members. Business analysts need to be able to work effectively with all stakeholders to gather and refine requirements and ensure that the team is building the right product.

3.1.2 Define your Agile requirements process

Estimated time: 60 Minutes

  1. Gather all relevant stakeholders to discuss and define your process for requirements management.
  2. Have a team member facilitate the session to define the process. The sample in the Agile Requirements Workbook can be used optionally as a starting point. You can also use any existing processes and procedures as a baseline.
  3. Gain agreement on the process from all involved stakeholders.
  4. Revisit the process periodically to review its performance and make adjustments as needed.

NOTE: The process is intended to be at a high enough level to leave space and flexibility for team members to adapt and adjust, but at a sufficient depth that everyone understands the process and workflows. In other words, the process will be both flexible and rigid, and the two are not mutually exclusive.

Input

  • Project team and RACI
  • Existing Process (if available)

Output

  • A process for Agile requirements that is flexible yet rigid

Materials

  • Agile Requirements Workbook

Participants

  • Business Analyst(s)
  • Project Team
  • Sponsor/Executive
  • Relevant Stakeholders

Establish the right level of governance and decision-making

Establishing the right level of governance and decision making is important in Agile requirements because there is a cost to decision making, as time plays an important factor. Even the failure to decide can have significant impacts.

Good governance and decision-making practices can help to minimize risks, ensure that requirements are well understood and managed, and that project progress is tracked and reported effectively.

In Agile environments, this often involves establishing clear roles and responsibilities, implementing effective communication and collaboration practices, and ensuring that decision-making processes are efficient and effective.

Good requirements management practices can help to ensure that projects are aligned with organizational goals and strategy, that stakeholders' needs are understood and addressed, and that deliverables are of high quality and meet the needs of the business.

By ensuring that governance and decision-making is effective, organizations can improve the chances of project success, and deliver value to the business. Risks and costs can be mitigated by staying small and nimble.

Check out Make Your IT Governance Adaptable

Develop an adaptive governance process

A pyramid, with the number 4 at the apex, and the number 1 at the base.  In order from base-apex, the following titles are found to the right of the pyramid: Ad-Hoc governance; Controlled Governance; Agile Governance; Embedded/Automated governance.

Maturing governance is a journey

Organizations should look to progress in their governance stages. Ad-hoc and controlled governance tends to be slow, expensive, and a poor fit for modern practices.

The goal as you progress through your stages is to delegate governance and empower teams to make optimal decisions in real-time, knowing that they are aligned with the understood best interests of the organization.

Automate governance for optimal velocity, while mitigating risks and driving value.

This puts your organization in the best position to be adaptive and able to react effectively to volatility and uncertainty.

A graph charting Trust and empowerment on the x-axis, and Progress Integration on the Y axis.

Five key principles for building an adaptive governance framework

Delegate and empower

Decision making must be delegated down within the organization, and all resources must be empowered and supported to make effective decisions.

Define outcomes

Outcomes and goals must be clearly articulated and understood across the organization to ensure decisions are in line and stay within reasonable boundaries.

Make risk- informed decisions

Integrated risk information must be available with sufficient data to support decision making and design approaches at all levels of the organization.

Embed / automate

Governance standards and activities need to be embedded in processes and practices. Optimal governance reduces its manual footprint while remaining viable. This also allows for more dynamic adaptation.

Establish standards and behavior

Standards and policies need to be defined as the foundation for embedding governance practices organizationally. These guardrails will create boundaries to reinforce delegated decision making.

Sufficient decision-making power should be given to your Agile teams

Push the decision-making process down to your pilot teams.

  • Bring your business stakeholders and subject matter experts together to identify the potential high-level risks.
  • Bring your business stakeholders and subject matter experts together to identify the potential high-level risks.
  • Discuss with the business the level of risk they are willing to accept.
  • Define the level of authority project teams have in making critical decisions.

"Push the decision making down as far as possible, down to the point where sprint teams completely coordinate all the integration, development, and design. What I push up the management chain is risk taking. [Management] decides what level of risk they are willing to take and [they] demonstrate that by the amount of decision making you push down."
– Senior Manager, Canadian P&C Insurance Company, Info-Tech Interview

Step 3.2

Define Your Level of Acceptable Documentation

Activities

3.2.1 Calculate the cost of documentation

This step involves the following participants:

  • Business Analyst(s)
  • Project Team
  • Relevant Stakeholders

Outcomes of this step

  • Quantified cost of documentation produced for your Agile project.

Defining Your Requirements Thresholds

Right-size Your Documentation

Why do we need it, and what purpose does it serve?

Before creating any documentation, consider why; why are you creating documentation, and what purpose is it expected to serve?
Is it:

  • … to gain approval?
  • … to facilitate decision-making?
  • .. to allow the team to think through a challenge or compare solution options?

Next, consider what level of documentation would be acceptable and 'enough' for your stakeholders. Recognize that 'enough' will depend on your stakeholder's personal definition and perspective.
There may also be considerations for maintaining documentation for the purposes of compliance, and auditability in some contexts and industries.
The point is not to eliminate all documentation, but rather, to question why we're producing it, so that we can create just enough to deliver value.

"What does the next person need to do their work well, to gain or create a shared understanding?"
- Filip Hendrickx, Innovating BA and Founder, altershape

Documentation comes at a cost

We need to quantify the cost of documentation, against the expected benefit

All things take time, and that would imply that all things have an inherent cost. We often don't think in these terms, as it's just the work we do, and costs are only associated with activities requiring additional capital expenditure. Documentation of requirements can come at a cost in terms of time and resources. Creating and maintaining detailed documentation requires effort from project team members, which could be spent on other aspects of the project such as development or testing. Additionally, there may be costs associated with storing and distributing the documentation.

When creating documentation, we are making a decision. There is an opportunity cost of investing time to create, and concurrently, not working on other activities. Documentation of requirements can come at a cost in terms of time and resources. Creating and maintaining detailed documentation requires effort from project team members, which could be spent on other aspects of the project such as development or testing. Additionally, there may be costs associated with storing and distributing the documentation.

In order to make better informed decisions about the types, quantity and even quality of the documentation we are producing, we need to capture that data. To ensure we are receiving good value for our documentation, we should compare the expected costs to the expected benefits of a sprint or project.

3.2.1 Calculate the cost of documentation

Estimated time: as needed

  1. Use this tool to quantify the cost of creating and maintaining current state documentation for your Agile requirements team. It provides an indication, via the Documentation Cost Index, of when your project is documenting excessively, relative to the expected benefits of the sprint or project.
  2. In Step 1, enter the hourly rate for the person (or persons) completing the business analysis function for your Agile team. NB: This does not have to be a person with the title of business analyst. If there are multiple people fulfilling this role, enter the average rate (if their rates are same or similar) or a weighted average (if there is a significant range in the hourly rate)
  3. In Step 2, enter the expected benefit (in $) for the sprint or project.
  4. In Step 3, enter the total number of hours spent on each task/activity during the sprint or project. Use blank spaces as needed to add tasks and activities not listed.
  5. In Step 4, you'll find the Documentation Cost Index, which compares your total documentation cost to the expected benefits. The cell will show green when the value is < 0.8, yellow between 0.8 and 1, and red when >1.
  6. Use the information to plan future sprints and documentation needs, identify opportunities for improvement in your requirements practice, and find balance in "just enough" documentation.

Input

  • Project team and RACI
  • Existing Process (if available)

Output

  • A process for Agile requirements that is flexible yet rigid

Materials

  • Agile Requirements Workbook

Participants

  • Business Analyst(s)
  • Project Team
  • Sponsor/Executive
  • Relevant Stakeholders

Lack of documentation also comes at a cost

Lack of documentation can bring costs to Agile projects in a few different ways.

  • Onboarding new team members
  • Improving efficiency
  • Knowledge management
  • Auditing and compliance
  • Project visibility
  • Maintaining code

Info-Tech Insight

Re-using deliverables (documentation, process, product, etc.) is important in maintaining the velocity of work. If you find yourself constantly recreating your current state documentation at the start of a project, it's hard to deliver with agility.

Step 3.3

Manage Requirements as an Asset

Activities

3.3.1 Discuss your current perspectives on requirements as assets

This step involves the following participants:

  • Business Analyst(s)
  • Project Team
  • Relevant Stakeholders

Outcomes of this step

  • Awareness of the value in, and tactics for enabling effective management of requirements as assets

Defining Your Requirements Thresholds

What do we mean by "assets"?

And when do requirements become assets?

In order to delivery with agility, you need to maximize the re-usability of artifacts. These artifacts could take the form of current state documentation, user stories, test cases, and yes, even requirements for re-use.
Think of it like a library for understanding where your organization is today. Understanding the people, processes, and technology, in one convenient location. These artifacts become assets when we choose to retain them, rather than discard them at the end of a project, when we think they'll no longer be needed.
And just like finding a single book in a vast library, we need to ensure our assets can be found when we need them. And this means making them searchable.
We can do this by establishing criteria for requirements and artifact reuse;

  • What business need and benefit is it aligned to?
  • What metadata needs to be attached, related to source, status, subject, author, permissions, type, etc.?
  • Where will it be stored for ease of retrieval?

Info-Tech Insight

When writing requirements for products or services, write them for the need first, and not simply for what is changing.

The benefits of managing requirements as assets

Retention of knowledge in a knowledge base that allows the team to retain current business requirements, process documentation, business rules, and any other relevant information.
A clearly defined scope to reduce stakeholder, business, and compliance conflicts.
Impact analysis of changes to the current organizational assets.

Source: Requirement Engineering Magazine, 2017.

A case study in creating an asset repository

Industry: Anonymous Organization in the Government sector
Source: Interview

Challenge

A large government organization faced a challenge with managing requirements, processes, and project artifacts with any consistency.

Historically, their documentation was lacking, with multiple versions existing in email sent folders and manila folders no one could find. Confirming the current state at any given time meant the heavy lift of re-documenting and validating, so that effort was avoided for an excessive period.

Then there was a request for audit and compliance, to review their existing documentation practices. With nothing concrete to show, drastic recommendations were made to ensure this practice would end.

Solution

A small but effective team was created to compile and (if not available) document all existing project and product documentation, including processes, requirements, artifacts, business cases, etc.

A single repository was built and demonstrated to key stakeholders to ensure it would satisfy the needs of the audit and compliance group.

Result

A single source of truth for the organization, which was;

  • Accessible (view access to the entire organization).
  • Transparent (anyone could see and understand the process and requirements as intended).
  • A baseline for continuous improvement, as it was clear what the one defined "best way" was.
  • Current, where no one retained current documentation outside of this library.

3.3.1 Discuss your current perspectives on requirements as assets

Estimated time: 30 Minutes

  1. Gather all relevant stakeholder to share perspectives on the use of requirements as assets, historically in the organization.
  2. Have a team member facilitate the session. It is optional to document the findings.
  3. After looking at the historical use of requirements as assets, discuss the potential uses, benefits, and drawbacks of managing as assets in the target state.

Input

  • Participant knowledge and experience

Output

  • A shared perspective and history on requirements as assets

Materials

  • A method for data capture (optional)

Participants

  • Business Analyst(s)
  • Project Team
  • Sponsor/Executive
  • Relevant Stakeholders

Apply changes to baseline documentation

Baseline + Release Changes = New Baseline

  • Start from baseline documentation dramatically to reduce cost and risk
  • Treat all scope as changes to baseline requirements
  • Sum of changes in the release scope
  • Sum of changes and original baseline becomes the new baseline
  • May take additional time and effort to maintain accurate baseline

What is the right tool?

While an Excel spreadsheet is great to start off, its limitations will become apparent as your product delivery process becomes more complex. Look at these solutions to continue your journey in managing your Agile requirements:

Step 3.4

Define Your Requirements Change Management Plan

Activities

3.4.1 Triage your requirements

This step involves the following participants:

  • Business Analyst(s)
  • Project Team
  • Relevant Stakeholders

Outcomes of this step

  • An approach for determining the appropriate level of governance over changes to requirements.

Expect and embrace change

In Agile development, change is expected and embraced. Instead of trying to rigidly follow a plan that may become outdated, Agile teams focus on regularly reassessing their priorities and adapting their plans accordingly. This means that the requirements can change often, and it's important for the team to have a process in place for managing these changes.

A common approach to managing change in Agile is to use a technique called "backlog refinement." Where previously we populated our backlog with requirements to get them ready for development and deployment, this involves regularly reviewing and updating the list of work to be done. The team will prioritize the items on the evolving backlog, and the prioritized items will be worked on during the next sprint. This allows the team to quickly respond to changes in requirements and stay focused on the most important work.

Another key aspect of managing change in Agile is effective communication. The team should have regular meetings, such as daily stand-up meetings or weekly sprint planning meetings, to discuss any changes in requirements and ensure that everyone is on the same page.

Best practices in change and backlog refinement

Communicate

Clearly communicate your change process, criteria, and any techniques, tools, and templates that are part of your approach.

Understand impacts/risks

Maintain consistent control and communication and ensure that an impact assessment is completed. This is key to managing risks.

Leverage tools

Leverage tools when you have them available. This could be a Requirements Management system, a defect/change log, or even by turning on "track changes" in your documents.

Cross-reference

For every change, define the source of the change, the reason for the change, key dates for decisions, and any supporting documentation.

Communicate the reason, and stay on message throughout the change

Leaders of successful change spend considerable time developing a powerful change message: a compelling narrative that articulates the desired end state and makes the change concrete and meaningful to staff. They create the change vision with staff to build ownership and commitment.

  • The change message should:
  • Explain why the change is needed.
  • Summarize the things that will stay the same.
  • Highlight the things that will be left behind.
  • Emphasize the things that are being changed.
  • Explain how the change will be implemented.
  • Address how the change will affect the various roles in the organization.
  • Discuss staff's role in making the change successful.

The five elements of communicating the reason for the change:

An image of a cycle, including the five elements for communicating the reason for change.  these include: What will the role be for each department and individual?; What is the change?; Why are we doing it?; How are we going to go about it?; How long will it take us?

How to make the management of changes more effective

Key decisions and considerations

How will changes to requirements be codified?
How will intake happen?

  • What is the submission process?
  • Who has approval to submit?
  • What information is needed to submit a request?

How will potential changes be triaged and evaluated?

  • What criteria will be used to assess the impact and urgency of the potential change?
  • How will you treat material and non-material changes?

What is the review and approval process?

  • How will acceptance or rejection status be communicated to the submitter?

3.4.1 Triage Your requirements

An image of an inverted triangle, with the top being labeled: No Material Impact, the middle being labeled: Material impact; and the bottom being labeled: Governance Impact.  To the right of the image, are text boxes elaborating on each heading.

If there's no material impact, update and move on

An image of an inverted triangle, with the top being labeled: No Material Impact, the middle being labeled: Material impact; and the bottom being labeled: Governance Impact. To the right of the image, is a cycle including the following terms: Validate change; Update requirements; Track change (log); Package and communicate

Material changes require oversight and approval

An image of an inverted triangle, with the top being labeled: No Material Impact, the middle being labeled: Material impact; and the bottom being labeled: Governance Impact. To the right of the image, is a cycle including the following terms: Define impact; Revise; Change control needed?; Implement change.

Planning Your Next Steps

Phase 4

Planning Your Next Steps

Phase 1Phase 2Phase 3Phase 4

1.1 Understand the benefits and limitations of Agile and business analysis

1.2 Align Agile and business analysis within your organization

2.1 Confirm the best-fit approach for delivery

2.2 manage your requirements backlog

3.1 Define project roles and responsibilities

3.2 define your level of acceptable documentation

3.3 Manage requirements as an asset

3.4 Define your requirements change management plan

4.1 Preparing new ways of working

4.2 Develop a roadmap for next steps

This phase will walk you through the following activities:

  • Completing Your Agile Requirements Playbook
  • EXERCISE: Capability Gap List

This phase involves the following participants:

  • Business Analyst(s)
  • Project Team
  • Sponsor/Executive
  • Relevant Stakeholders

Managing Requirements in an Agile Environment

Step 4.1

Preparing New Ways of Working

Activities

4.1.1 Define your communication plan

Planning Your Next Steps

This step involves the following participants:

  • Business Analyst(s)
  • Project Team
  • Sponsor/Executive
  • Relevant Stakeholders

Outcomes of this step

  • Recognize the changes required on the team and within the broader organization, to bring stakeholders on board.

How we do requirements work will change

  • Team formation and interaction
  • Stakeholder engagement and communication
  • The timing and sequencing of their work
  • Decision-making
  • Documentation
  • Dealing with change

As a result, you'll need to focus on;

Emphasizing flexibility: In Agile organizations, there is a greater emphasis on flexibility and the ability to adapt to change. This means that requirements may evolve over time and may not be fully defined at the beginning of the project.
Enabling continuous delivery: Agile organizations often use continuous delivery methods, which means that new features and functionality are delivered to users on a regular basis. This requires a more iterative approach to requirements management, as new requirements may be identified and prioritized during the delivery process.
Enhancing collaboration and communication: Agile organizations place a greater emphasis on collaboration and communication between team members, stakeholders, and customers.
Developing a user-centered approach: Agile organizations often take a user-centered approach to requirements gathering, which means that the needs and goals of the end-user are prioritized.

Change within the team, and in the broader organization

How to build an effective blend Agile and requirements management

Within the team

  • Meetings should happen as needed
  • Handoffs should be clear and concise
  • Interactions should add value
  • Stand-ups should similarly add value, and shouldn't be for status updates

Within the organization

  • PMO inclusion, to ensure alignment across the organization
  • Business/Operating areas, to recognize what they are committing to for time, resources, etc.
  • Finance, for how your project or product is funded
  • Governance and oversight, to ensure velocity is maintained

"Whether in an Agile environment or not, collaboration and relationships are still required and important…how you collaborate, communicate, and how you build relationships are key."
- Paula Bell, CEO, Paula A. Bell Consulting

Get stakeholders on board with Agile requirements

  1. Stakeholder feedback and management support are key components of successful Agile requirements.
  2. Stakeholders can see a project's progression and provide critical feedback about its success at critical milestones.
  3. Management helps teams succeed by trusting them to complete projects with business value at top of mind and by removing impediments that are inhibiting their productivity.
  4. Agile will bring a new mindset and significant amounts of people, process, and technology changes that stakeholders and management may not be accustomed to. Working through these issues in requirements management enables a smoother rollout.
  5. Management will play a key role in ensuring long-term Agile requirements success and ultimately rolling it out to the rest of the organization.
  6. The value of leadership involvement has not changed even though responsibilities will. The day-to-day involvement in projects will change but continual feedback will ultimately dictate the success or failure of a project.

4.1.1 Define your communication plan

Estimated time: 60 Minutes

    1. Gather all relevant stakeholder to create a communication plan for project or product stakeholders.
    2. Have a team member facilitate the session.
    3. Identify
    4. ;
      1. Each stakeholder
      2. The nature of information they are interested in
      3. The channel or medium best to communicate with them
      4. The frequency of communication
    5. (Optional) Consider validating the results with the stakeholders, if not present.
    6. Document the results in the Agile Requirements Workbook and include in Agile Requirements Playbook.
    7. Revisit as needed, whether at the beginning of a new initiative, or over time, to ensure the content is still valid.

Input

  • Participant knowledge and experience

Output

  • A plan for communicating with stakeholders

Materials

  • Agile Requirements Workbook

Participants

  • Business Analyst(s)
  • Project Team

Step 4.2

Develop a Roadmap for Next Steps

Activities

4.2.1 Develop your Agile requirements action plan

4.2.2 Prioritize with now, next, later

This step involves the following participants:

  • Business Analyst(s)
  • Project Team
  • Sponsor/Executive
  • Relevant Stakeholders

Outcomes of this step

  • A comprehensive and prioritized list of opportunities and improvements to be made to mature the Agile requirements practice.

Planning Your Next Steps

Identify opportunities to improve and close gaps

Maturing at multiple levels

With a mindset of continuous improvement, there is always some way we can get better.

As you mature your Agile requirements practice, recognize that those gaps for improvement can come from multiple levels, from the organizational down to the individual.

Each level will bring challenges and opportunities.

The organization

  • Organizational culture
  • Organizational behavior
  • Political will
  • Unsupportive stakeholders

The team

  • Current ways of working
  • Team standards, norms and values

The individual

  • Practitioner skills
  • Practitioner experience
  • Level of training received

Make sure your organization is ready to transition to Agile requirements management

A cycle is depicted, with the following Terms: Learning; Automation; Integrated teams; Metrics and governance; Culture.

Learning:

Agile is a radical change in how people work
and think. Structured, facilitated learning is required throughout the transformation to
help leaders and practitioners go from

doing Agile to being Agile.

Automation:

While Agile is tool-agnostic at its roots, Agile work management tools and DevOps inspired SDLC tools that have become a key part of Agile practices.

Integrated Teams:


While temporary project teams can get some benefits from Agile, standing, self-organizing teams that cross business, delivery, and operations are essential to gain the full benefits of Agile.

Metrics and Governance:

Successful Agile implementations
require the disciplined use

of delivery and operations
metrics that support governance focused on developing better teams.

Culture:

Agile teams believe that value is best created by standing, self-organizing cross-functional teams who deliver sustainably in frequent,
short increments supported by leaders
who coach them through challenges.

Info-Tech Insight

Agile gaps may only have a short-term, perceived benefit. For example, coding without a team mindset can allow for maximum speed to market for a seasoned developer. Post-deployment maintenance initiatives, however, often lock the single developer as no one else understands the rationale for the decisions that were made.

4.2.1 Develop your Agile requirements action plan

Estimated time: 60 Minutes

  1. Gather all relevant stakeholder to create a road map and action plan for requirements management.
  2. Have a team member facilitate the session using the results of the Agile Requirements Maturity Assessment.
  3. Identify gaps from current to future state and brainstorm possible actions that can be taken to address those gaps. Resist the urge to analyze or discuss the feasibility of each idea at this stage. The intent is idea generation.
  4. When the group has exhausted all ideas, the facilitator should group like ideas together, with support from participants. Discuss any ideas that are unclear or ambiguous.
  5. Document the results in the Agile Requirements Workbook.

Note: the feasibility and timing of the ideas will happen in the following "Now, Next, Later" exercise.

Prioritize your roadmap

Taking steps to mature your Agile requirements practice.

An image of the Now; Next; Later technique.

The "Now, Next, Later" technique is a method for prioritizing and planning improvements or tasks. This involves breaking down a list of tasks or improvements into three categories:

  • "Now" tasks are those that must be completed immediately. These tasks are usually urgent or critical, and they must be completed to keep the project or organization running smoothly.
  • "Next" tasks are those that should be completed soon. These tasks are not as critical as "now" tasks, but they are still important and should be tackled relatively soon.
  • "Later" tasks are those that can be completed later. These tasks are less critical and can be deferred without causing major problems.

By using this technique, you can prioritize and plan the most important tasks first, while also allowing for flexibility and the ability to adjust plans as necessary.
This process also helps you get a clear picture on what needs to be done first and what can be done later. This way you can work on the most important things first, and keep track of what you need to do next, for keeping the development/improvement process smooth and efficient.

Monitor your progress

Monitoring progress is important in achieving your target state. Be deliberate with your actions, to continue to mature your Agile requirements practice.

As you navigate toward your target state, continue to monitor your progress, your successes, and your challenges. As your Agile requirements practice matures, you should see improvements in the stated metrics below.

Establish a cadence to review these metrics, as well as how you are progressing on your roadmap, against the plan.

This is not about adding work, but rather, about ensuring you're heading in the right direction; finding the balance in your Agile requirements practice.

Metric
Team satisfaction (%) Expect team satisfaction to increase as a result of clearer role delineation and value contribution.
Stakeholder satisfaction (%) Expect stakeholder satisfaction to similarly increase, as requirements quality increases, bringing increased value.
Requirements rework Measures the quality of requirements from your Agile projects. Expect that the requirements rework will decrease, in terms of volume/frequency.
Cost of documentation Quantifies the cost of documentation, including elicitation, analysis, validation, presentation, and management.
Time to delivery Balancing metric. We don't want improvements in other at the expense of time to delivery.

Appendix

Research Contributors and Experts

This is a picture of Emal Bariali

Emal Bariali
Business Architect & Business Analyst
Bariali Consulting

Emal Bariali is a Senior Business Analyst and Business Architect with 17 years of experience, executing nearly 20 projects. He has experience in both waterfall and Agile methodologies and has delivered solutions in a variety of forms, including custom builds and turnkey projects. He holds a Master's degree in Information Systems from the University of Toronto, a Bachelor's degree in Information Technology from York University, and a post-diploma in Software & Database Development from Seneca College.

This is a picture of Paula Bell

Paula Bell
Paula A. Bell Consulting, LLC

Paula Bell is the CEO of Paula A Bell Consulting, LLC. She is a Business Analyst, Leadership and Career Development coach, consultant, speaker, and author with 21+ years of experience in corporate America in project roles including business analyst, requirements manager, business initiatives manager, business process quality manager, technical writer, project manager, developer, test lead, and implementation lead. Paula has experience in a variety of industries including media, courts, manufacturing, and financial. Paula has led multiple highly-visible multi-million-dollar technology and business projects to create solutions to transform businesses as either a consultant, senior business analyst, or manager.

Currently she is Director of Operations for Bridging the Gap, where she oversees the entire operation and their main flagship certification program.

This is a picture of Ryan Folster

Ryan Folster
Consulting Services Manager, Business Analysis
Dimension Data

Ryan Folster is a Business Analyst Lead and Product Professional from Johannesburg, South Africa. His strong focus on innovation and his involvement in the business analysis community have seen Ryan develop professionally from a small company, serving a small number of users, to large multi-national organizations. Having merged into business analysis through the business domain, Ryan has developed a firm grounding and provides context to the methodologies applied to clients and projects he is working on. Ryan has gained exposure to the Human Resources, Asset Management, and Financial Services sectors, working on projects that span from Enterprise Line of Business Software to BI and Compliance.

Ryan is also heavily involved in the local chapter of IIBA®; having previously served as the chapter president, he currently serves as a non-executive board member. Ryan is passionate about the role a Business Analyst plays within an organization and is a firm believer that the role will develop further in the future and become a crucial aspect of any successful business.

This is a picture of Filip Hendrickx

Filip Hendrickx
Innovating BA, Visiting Professor @ VUB
altershape

Filip loves bridging business analysis and innovation and mixes both in his work as speaker, trainer, coach, and consultant.

As co-founder of the BA & Beyond Conference and IIBA Brussels Chapter president, Filip helps support the BA profession and grow the BA community in and around Belgium. For these activities, Filip received the 2022 IIBA® EMEA Region Volunteer of the Year Award.

Together with Ian Richards, Filip is the author ofBrainy Glue, a business novel on business analysis, innovation and change. Filip is also co-author of the BCS book Digital Product Management and Cycles, a book, method and toolkit enabling faster innovation.

This is a picture of Fabricio Laguna

Fabricio Laguna
Professional Speaker, Consultant, and Trainer
TheBrazilianBA.com

Fabrício Laguna, aka The Brazilian BA, is the main reference on business analysis in Brazil. Author and producer of videos, articles, classes, lectures, and playful content, he can explain complex things in a simple and easy-to-understand way. IIBA Brazil Chapter president between 2012-2022. CBAP, AAC, CPOA, PMP, MBA. Consultant and instructor for more than 25 years working with business analysis, methodology, solution development, systems analysis, project management, business architecture, and systems architecture. His online courses are approved by students from 65 countries.

This is a picture of Ryland Leyton

Ryland Leyton
Business Analyst and Agile Coach
Independent Consultant

Ryland Leyton, CBAP, PMP, CSM, is an avid Agile advocate and coach, business analyst, author, speaker, and educator. He has worked in the technology sector since 1998, starting off with database and web programming, gradually moving through project management and finding his passion in the BA and Agile fields. He has been a core team member of the IIBA Extension to the BABOK and the IIBA Agile Analysis Certification. Ryland has written popular books on agility, business analysis, and career. He can be reached at www.RylandLeyton.com.

This is a picture of Steve Jones

Steve Jones
Supervisor, Market Support Business Analysis
ISO New England

Steve is a passionate analyst and BA manager with more than 20 years of experience in improving processes, services and software, working across all areas of software development lifecycle, business change and business analysis. He rejoices in solving complex business problems and increasing process reproducibility and compliance through the application of business analysis tools and techniques.

Steve is currently serving as VP of Education for IIBA Hartford. He is a CBAP, certified SAFe Product Owner/Product Manager, Six Sigma Green Belt, and holds an MS in Information Management and Communications.

This is a picture of Angela Wick

Angela Wick
Founder
BA-Squared and BA-Cube

Founder of BA-Squared and BA-Cube.com, Angela is passionate about teaching practical, modern product ownership and BA skills. With over 20 years' experience she takes BA skills to the next level and into the future!
Angela is also a LinkedIn Learning instructor on Agile product ownership and business analysis, an IC-Agile Authorized Trainer, Product Owner and BA highly-rated trainer, highly-rated speaker, sought-after workshop facilitator, and contributor to many industry publications, including:

  • IIBA BABOK v3 Core Team, leading author on the BABOK v3
  • Expert Reviewer, IIBA Agile Extension to the BABOK
  • PMI BA Practice Guide – Expert Reviewer
  • PMI Requirements Management Practice Guide – Expert Reviewer
  • IIBA Competency Model – Lead Author and Team Lead, V1, V2, and V3.

This is a picture of Rachael Wilterdink

Rachael Wilterdink
Principal Consultant
Infotech Enterprises

Rachael Wilterdink is a Principal Consultant with Infotech Enterprises. With over 25 years of IT experience, she holds multiple business analysis and Agile certifications. As a consultant, Rachael has served clients in the financial, retail, manufacturing, healthcare, government, non-profit, and insurance industries. Giving back to the professional community, Ms. Wilterdink served on the boards of her local IIBA® and PMI® chapters. As a passionate public speaker, Rachael presents various topics at conferences and user groups across the country and the world. Rachael is also the author of the popular eBook "40 Agile Transformation Pain Points (and how to avoid or manage them)."

Bibliography

"2021 Business Agility Report: Rising to the Challenge." Business Agility, 2021. Accessed 13 June 2022.
Axure. "The Pitfalls of Agile and How We Got Here". Axure. Accessed 14 November 2022.
Beck, Kent, et al. "Manifesto for Agile Software Development." Agilemanifesto. 2001.
Brock, Jon, et al. "Large-Scale IT Projects: From Nightmare to Value Creation." BCG, 25 May 2015.
Bryar, Colin and Bill Carr. "Have We Taken Agile Too Far?" Harvard Business Review, 9 April 2021. Accessed 11 November, 2022.
Clarke, Thomas. "When Agile Isn't Responsive to Business Goals" RCG Global Services, Accessed 14 November 2022.
Digital.ai "The 15th State of Agile Report". Digital.ai. Accessed 21 November 2022.
Hackshall, Robin. "Product Backlog Refinement." Scrum Alliance. 9 Oct. 2014.
Hartman, Bob. "New to Agile? INVEST in good user stories." Agile For All.
IAG Consulting. "Business Analysis Benchmark: Full Report." IAG Consulting, 2009.
Karlsson, Johan. "Backlog Grooming: Must-Know Tips for High-Value Products." Perforce. 18 May 2018
KPMG. Agile Transformation (2019 Survey on Agility). KPMG. Accessed November 29.
Laguna, Fabricio "REQM guidance matrix: A framework to drive requirements management", Requirements Engineering Magazine. 12 September 2017. Accessed 10 November 2022.
Miller, G. J. (2013). Agile problems, challenges, & failures. Paper presented at PMI® Global Congress 2013—North America, New Orleans, LA. Newtown Square, PA: Project Management Institute.
Product Management: MoSCoW Prioritization." ProductPlan, n.d. Web.
Podeswa, Howard "The Business Case for Agile Business Analysis" Requirements Engineering Magazine. 21 February 2017. Accessed 7 November 2022.
PPM Express. "Why Projects Fail: Business Analysis is the Key". PPM Express. Accessed 16 November 2022.
Reifer, Donald J. "Quantitative Analysis of Agile Methods Study: Twelve Major Findings." InfoQ, 6 February, 2017.
Royce, Dr. Winston W. "Managing the Development of Large Software Systems." Scf.usc.edu. 1970. (royce1970.pdf (usc.edu))
Rubin, Kenneth S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Pearson Education. 2012.
Singer, Michael. "15+ Surprising Agile Statistics: Everything You Need To Know About Agile Management". Enterprise Apps Today. 22 August 2022.
The Standish Group. The Chaos Report, 2015. The Standish Group.

Where do I go next?

Improve Requirements Gathering

Back to basics: great products are built on great requirements.

Make the Case for Product Delivery

Align your organization on the practices to deliver what matters most.

Requirements for Small and Medium Enterprises

Right-size the guidelines of your requirements gathering process.

Implement Agile Practices that Work

Improve collaboration and transparency with the business to minimize project failure.

Create an Agile-Friendly Gating and Governance Model

Use Info-Tech's Agile Gating Framework as a guide to gating your Agile projects following a "trust but verify" approach.

Make Your IT Governance Adaptable

Governance isn't optional, so keep it simple and make it flexible.

Deliver on Your Digital Product Vision

Build a product vision your organization can take from strategy through execution.

Drive Digital Transformation With Platform Strategies

  • Buy Link or Shortcode: {j2store}78|cart{/j2store}
  • member rating overall impact (scale of 10): 8.5/10 Overall Impact
  • member rating average dollars saved: $3,750 Average $ Saved
  • member rating average days saved: 4 Average Days Saved
  • Parent Category Name: IT Strategy
  • Parent Category Link: /it-strategy
  • Enterprise is grappling with the challenges of existing business models and strategies not leading to desired outcomes.
  • Enterprise is struggling to remain competitive.
  • Enterprise wants to understand how to leverage platform strategies and a digital platform.

Our Advice

Critical Insight

To remain competitive enterprises must renew and refresh their business model strategies and design/develop digital platforms – this requires enterprises to:

  • Understand how digital-native enterprises are using platform business models and associated strategies.
  • Understand their core assets and strengths and how these can be leveraged for transformation.
  • Understand the core characteristics and components of a digital platform so that they can design digital platform(s) for their enterprise.
  • Ask if the client’s digital transformation (DX) strategy is aligned with a digital platform enablement strategy.
  • Ask if the enterprise has paid attention to the structure, culture, principles, and practices of platform teams.

Impact and Result

Organizations that implement this project will gain benefits in five ways:

  • Awareness and understanding of various platform strategies.
  • Application of specific platform strategies within the context of the enterprise.
  • Awareness of their existing business mode, core assets, value proposition, and strengths.
  • Alignment between DX themes and platform enablement themes so enterprises can develop roadmaps that gauge successful DX.
  • Design of a digital platform, including characteristics, components, and team characteristics, culture, principles, and practices.

Drive Digital Transformation With Platform Strategies Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should consider the platform business model and a digital platform to remain competitive.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Set goals for your platform business model

Understand the platform business model and strategies and then set your platform business model goals.

  • Drive Digital Transformation With Platform Strategies – Phase 1: Set Goals for Your Platform Business Model
  • Business Platform Playbook

2. Configure digital platform

Define design goals for your digital platform. Align your DX strategy with digital platform capabilities and understand key components of the digital platform.

  • Drive Digital Transformation With Platform Strategies – Phase 2: Configure Your Digital Platform
  • Digital Platform Playbook
[infographic]

Workshop: Drive Digital Transformation With Platform Strategies

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Understand Platform Business Model and Strategies

The Purpose

Understand existing business model, value proposition, and key assets.

Understand platform business model and strategies.

Key Benefits Achieved

Understanding the current assets helps with knowing what can be leveraged in the new business model/transformation.

Understanding the platform strategies can help the enterprise renew/refresh their business model.

Activities

1.1 Document the current business model along with value proposition and key assets (that provide competitive advantage).

1.2 Transformation narrative.

1.3 Platform model canvas.

1.4 Document the platform strategies in the context of the enterprise.

Outputs

Documentation of current business model along with value proposition and key assets (that provide competitive advantage).

Documentation of the selected platform strategies.

2 Planning for Platform Business Model

The Purpose

Understand transformation approaches.

Understand various layers of platforms.

Ask fundamental and evolutionary questions about the platform.

Key Benefits Achieved

Understanding of the transformational model so that the enterprise can realize the differences.

Understanding of the organization’s strengths and weaknesses for a DX.

Extraction of strategic themes to plan and develop a digital platform roadmap.

Activities

2.1 Discuss and document decision about DX approach and next steps.

2.2 Discuss and document high-level strategic themes for platform business model and associated roadmap.

Outputs

Documented decision about DX approach and next steps.

Documented high-level strategic themes for platform business model and associated roadmap.

3 Digital Platform Strategy

The Purpose

Understand the design goals for the digital platform.

Understand gaps between the platform’s capabilities and the DX strategy.

Key Benefits Achieved

Design goals set for the digital platform that are visible to all stakeholders.

Gap analysis performed between enterprise’s digital strategy and platform capabilities; this helps understand the current situation and thus informs strategies and roadmaps.

Activities

3.1 Discuss and document design goals for digital platform.

3.2 Discuss DX themes and platform capabilities – document the gaps.

3.3 Discuss gaps and strategies along with timelines.

Outputs

Documented design goals for digital platform.

Documented DX themes and platform capabilities.

DX themes and platform capabilities map.

4 Digital Platform Design: Key Components

The Purpose

Understanding of key components of a digital platform, including technology and teams.

Key Benefits Achieved

Understanding of the key components of a digital platform and designing the platform.

Understanding of the team structure, culture, and practices needed for successful platform engineering teams.

Activities

4.1 Confirmation and discussion on existing UX/UI and API strategies.

4.2 Understanding of microservices architecture and filling of microservices canvas.

4.3 Real-time stream processing data pipeline and tool map.

4.4 High-level architectural view.

4.5 Discussion on platform engineering teams, including culture, structure, principles, and practices.

Outputs

Filled microservices canvas.

Documented real-time stream processing data pipeline and tool map.

Documented high-level architectural view.

Explore the Secrets of SAP Digital Access Licensing

  • Buy Link or Shortcode: {j2store}143|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Licensing
  • Parent Category Link: /licensing
  • SAP’s licensing rules surrounding use and indirect access are vague, making it extremely difficult to purchase with confidence and remain compliant.
  • SAP has released nine document-type licenses that can be used in digital access licensing scenarios, but this model has its own challenges.
  • Whether you decide to remain “as is” or proactively change licensing over to the document model, either option can be costly and confusing.
  • Indirect static read can be a cause of noncompliance when data is exported but the processing capability of SAP ERP is used in real time.

Our Advice

Critical Insight

  • Examine all indirect access possibilities. Understanding how in-house or third-party applications may be accessing and utilizing the SAP digital core is critical to be able to correctly address issues.
  • Know what’s in your contract. Each customer agreement is different, and older agreements may provide both benefits and challenges when evaluating your SAP license position.
  • Understand the intricacies of document licensing. While it may seem digital access licensing will solve compliance concerns, there are still questions to address and challenges SAP must resolve.

Impact and Result

  • Conduct an internal analysis to examine where digital access licensing may be needed to mitigate risk, as SAP will be speaking with all customers in due course. Indirect access can be a costly audit settlement.
  • Conduct an analysis to remove inactive and duplicate users, as multiple logins may exist and could end up costing the organization license fees when audited.
  • Adopt a cyclical approach to reviewing your SAP licensing and create a reference document to track your software needs, planned licensing, and purchase negotiation points.
  • Learn the SAP way of conducting business, which includes a best-in-class sales structure and unique contracts and license use policies, combined with a hyper-aggressive compliance function. Conducting business with SAP is not a typical vendor experience, and you will need different tools to emerge successfully from a commercial transaction.

Explore the Secrets of SAP Digital Access Licensing Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you need to understand and document your SAP digital access licensing strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Understand, assess, and decide on digital access licensing

Begin your SAP digital access licensing journey by evaluating licensing changes and options, and then make contractual changes to ensure compliance.

  • Explore the Secrets of SAP Digital Access Licensing – Phase 1: Understand, Assess, and Decide on Digital Access Licensing
  • SAP License Summary and Analysis Tool
  • SAP Digital Access Licensing Pricing Tool
[infographic]

Develop a Security Awareness and Training Program That Empowers End Users

  • Buy Link or Shortcode: {j2store}370|cart{/j2store}
  • member rating overall impact (scale of 10): 9.4/10 Overall Impact
  • member rating average dollars saved: $12,075 Average $ Saved
  • member rating average days saved: 11 Average Days Saved
  • Parent Category Name: Security Strategy & Budgeting
  • Parent Category Link: /security-strategy-and-budgeting
  • The fast evolution of the cybersecurity landscape requires security training and awareness programs that are frequently updated and improved.
  • Security and awareness training programs often fail to engage end users. Lack of engagement can lead to low levels of knowledge retention.
  • Irrelevant or outdated training content does not properly prepare your end users to effectively defend the organization against security threats.

Our Advice

Critical Insight

  • One-time, annual training is no longer sufficient for creating an effective security awareness and training program.
  • By presenting security as a personal and individualized issue, you can make this new personal focus a driver for your organizational security awareness and training program.

Impact and Result

  • Create a training program that delivers smaller amounts of information on a more frequent basis to minimize effort, reduce end-user training fatigue, and improve content relevance.
  • Evaluate and improve your security awareness and training program continuously to keep its content up-to-date. Leverage end-user feedback to ensure content remains relevant to those who receive it.

Develop a Security Awareness and Training Program That Empowers End Users Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should develop a security awareness and training program that empowers end users, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Develop your training program

Create or mature a security awareness and training program that is tailored to your organization.

  • Develop a Security Awareness and Training Program That Empowers End Users – Phase 1: Develop Your Training Program
  • Security Awareness and Training Program Development Tool
  • End-User Security Job Description Template
  • Training Materials – Physical Computer Security
  • Training Materials – Cyber Attacks
  • Training Materials – Incident Response
  • Training Materials – Mobile Security
  • Training Materials – Passwords
  • Training Materials – Phishing
  • Training Materials – Social Engineering
  • Training Materials – Web Usage
  • Security Awareness and Training Vendor Evaluation Tool
  • Security Awareness and Training Metrics Tool
  • End-User Security Knowledge Test Template
  • Security Training Campaign Development Tool

2. Design an effective training delivery plan

Explore methods of training delivery and select the most effective solutions.

  • Develop a Security Awareness and Training Program That Empowers End Users – Phase 2: Design an Effective Training Delivery Plan
  • Information Security Awareness and Training Policy
  • Security Awareness and Training Gamification Guide
  • Mock Spear Phishing Email Examples
  • Security Training Email Templates
  • Security Awareness and Training Module Builder and Training Schedule
  • Security Training Campaign Development Tool
  • Security Training Program Manual
  • Security Awareness and Training Feedback Template
  • Security Awareness Month Week 1: Staying in Touch
  • Security Awareness Month Week 2: Sharing Special Moments
  • Security Awareness Month Week 3: Working and Networking
  • Security Awareness Month Week 4: Families and Businesses
[infographic]

Workshop: Develop a Security Awareness and Training Program That Empowers End Users

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Outline the Plan for Long-term Program Improvement

The Purpose

Identify the maturity level of the existing security awareness and training program and set development goals.

Establish program milestones and outline key initiatives for program development.

Identify metrics to measure program effectiveness.

Key Benefits Achieved

Identified the gaps between the current maturity level of the security awareness and training program and future target states.

Activities

1.1 Create a program development plan.

1.2 Investigate and select metrics to measure program effectiveness.

1.3 Execute some low-hanging fruit initiatives for collecting metrics: e.g. create a knowledge test, feedback survey, or gamification guide.

Outputs

Customized development plan for program.

Tool for tracking metrics.

Customized knowledge quiz ready for distribution.

Customized feedback survey for training.

Gamification program outline.

2 Identify and Assess Audience Groups and Security Training Topics

The Purpose

Determine the unique audience groups within your organization and evaluate their risks and vulnerabilities.

Prioritize training topics and audience groups to effectively streamline program development.

Key Benefits Achieved

Created a comprehensive list of unique audience groups and the corresponding security training that each group should receive.

Determined priority ratings for both audience groups and the security topics to be delivered.

Activities

2.1 Identify the unique audience groups within your organization and the threats they face.

2.2 Determine the priority levels of the current security topics.

2.3 Review audience groups and determine which topics need to be delivered to each group.

Outputs

Risk profile for each identified audience group.

Priority scores for all training topics.

List of relevant security topics for each identified audience group.

3 Plan the Training Delivery

The Purpose

Identify all feasible delivery channels for security training within your organization.

Build a vendor evaluation tool and shortlist or harvest materials for in-house content creation.

Key Benefits Achieved

List of all potential delivery mechanisms for security awareness and training.

Built a vendor evaluation tool and discussed a vendor shortlist.

Harvested a collection of free online materials for in-house training development.

Activities

3.1 Discuss potential delivery mechanisms for training, including the purchase and use of a vendor.

3.2 If selecting a vendor, review vendor selection criteria and discuss potential vendor options.

3.3 If creating content in-house, review and select available resources on the web.

Outputs

List of available delivery mechanisms for training.

Vendor assessment tool and shortlist.

Customized security training presentations.

4 Create a Training Schedule for Content Deployment

The Purpose

Create a plan for deploying a pilot program to gather valuable feedback.

Create an ongoing training schedule.

Define the end users’ responsibilities towards security within the organization.

Key Benefits Achieved

Created a plan to deploy a pilot program.

Created a schedule for training deployment.

Defined role of end users in helping protect the organization against security threats.

Activities

4.1 Build training modules.

4.2 Create an ongoing training schedule.

4.3 Define and document your end users’ responsibilities towards their security.

Outputs

Documented modular structure to training content.

Training schedule.

Security job description template.

End-user training policy.

Build an IT Risk Taxonomy

  • Buy Link or Shortcode: {j2store}197|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: IT Governance, Risk & Compliance
  • Parent Category Link: /it-governance-risk-and-compliance
  • Business leaders, driven by the need to make more risk-informed decisions, are putting pressure on IT to provide more timely and consistent risk reporting.
  • IT risk managers need to balance the emerging threat landscape with not losing sight of the risks of today.
  • IT needs to strengthen IT controls and anticipate risks in an age of disruption.

Our Advice

Critical Insight

A common understanding of risks, threats, and opportunities gives organizations the flexibility and agility to adapt to changing business conditions and drive corporate value.

Impact and Result

  • Use this blueprint as a baseline to build a customized IT risk taxonomy suitable for your organization.
  • Learn about the role and drivers of integrated risk management and the benefits it brings to enterprise decision-makers.
  • Discover how to set up your organization up for success by understanding how risk management links to organizational strategy and corporate performance.

Build an IT Risk Taxonomy Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Build an IT Risk Taxonomy – Develop a common approach to managing risks to enable faster, more effective decision making.

Learn how to develop an IT risk taxonomy that will remain relevant over time while providing the granularity and clarity needed to make more effective risk-based decisions.

  • Build an IT Risk Taxonomy – Phases 1-3

2. Build an IT Risk Taxonomy Guideline and Template – A set of tools to customize and design an IT risk taxonomy suitable for your organization.

Leverage these tools as a starting point to develop risk levels and definitions appropriate to your organization. Take a collaborative approach when developing your IT risk taxonomy to gain greater acceptance and understanding of accountability.

  • IT Risk Taxonomy Committee Charter Template
  • Build an IT Risk Taxonomy Guideline
  • Build an IT Risk Taxonomy Definitions
  • Build an IT Risk Taxonomy Design Template

3. IT Risk Taxonomy Workbook – A place to complete activities and document decisions that may need to be communicated.

Use this workbook to document outcomes of activities and brainstorming sessions.

  • Build an IT Risk Taxonomy Workbook

4. IT Risk Register – An internal control tool used to manage IT risks. Risk levels archived in this tool are instrumental to achieving an integrated and holistic view of risks across an organization.

Leverage this tool to document risk levels, risk events, and controls. Smaller organizations can leverage this tool for risk management while larger organizations may find this tool useful to structure and define risks prior to using a risk management software tool.

  • Risk Register Tool

Infographic

Workshop: Build an IT Risk Taxonomy

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Review IT Risk Fundamentals and Governance

The Purpose

Review IT risk fundamentals and governance.

Key Benefits Achieved

Learn how enterprise risk management and IT risk management intersect and the role the IT taxonomy plays in integrated risk management.

Activities

1.1 Discuss risk fundamentals and the benefits of integrated risk.

1.2 Create a cross-functional IT taxonomy working group.

Outputs

IT Risk Taxonomy Committee Charter Template

Build an IT Risk Taxonomy Workbook

2 Identify Level 1 Risk Types

The Purpose

Identify suitable IT level 1 risk types.

Key Benefits Achieved

Level 1 IT risk types are determined and have been tested against ERM level one risk types.

Activities

2.1 Discuss corporate strategy, business risks, macro trends, and organizational opportunities and constraints.

2.2 Establish level 1 risk types.

2.3 Test soundness of IT level 1 types by mapping to ERM level 1 types.

Outputs

Build an IT Risk Taxonomy Workbook

3 Identify Level 2 and Level 3 Risk Types

The Purpose

Define level 2 and level 3 risk types.

Key Benefits Achieved

Level 2 and level 3 risk types have been determined.

Activities

3.1 Establish level 2 risk types.

3.2 Establish level 3 risk types (and level 4 if appropriate for your organization).

3.3 Begin to test by working backward from controls to ensure risk events will aggregate consistently.

Outputs

Build an IT Risk Taxonomy Design Template

Risk Register Tool

4 Monitor, Report, and Respond to IT Risk

The Purpose

Test the robustness of your IT risk taxonomy by populating the risk register with risk events and controls.

Key Benefits Achieved

Your IT risk taxonomy has been tested and your risk register has been updated.

Activities

4.1 Continue to test robustness of taxonomy and iterate if necessary.

4.2 Optional activity: Draft your IT risk appetite statements.

4.3 Discuss communication and continual improvement plan.

Outputs

Build an IT Risk Taxonomy Design Template

Risk Register Tool

Build an IT Risk Taxonomy Workbook

Further reading

Build an IT Risk Taxonomy

If integrated risk is your destination, your IT risk taxonomy is the road to get you there.

Analyst Perspective

Donna Bales.

The pace and uncertainty of the current business environment introduce new and emerging vulnerabilities that can disrupt an organization’s strategy on short notice.

Having a long-term view of risk while navigating the short term requires discipline and a robust and strategic approach to risk management.

Managing emerging risks such as climate risk, the impact of digital disruption on internal technology, and the greater use of third parties will require IT leaders to be more disciplined in how they manage and communicate material risks to the enterprise.

Establishing a hierarchical common language of IT risks through a taxonomy will facilitate true aggregation and integration of risks, enabling more effective decision making. This holistic, disciplined approach to risk management helps to promote a more sustainable risk culture across the organization while adding greater rigor at the IT control level.

Donna Bales
Principal Research Director
Info-Tech Research Group

Executive Summary

Your Challenge

Common Obstacles

Info-Tech’s Approach

IT has several challenges when managing and responding to risk events:

  • Business leaders, driven by the need to make more risk-informed decisions, are putting pressure on IT to provide more timely and consistent risk reporting.
  • Navigating today’s ever-evolving threat landscape is complex. IT risk managers need to balance the emerging threat landscape while not losing sight of the risks of today.
  • IT needs to strengthen IT controls and anticipate risks in an age of disruption.

Many IT organizations encounter obstacles in these areas:

  • Ensuring an integrated, well-coordinated approach to risk management across the organization.
  • Developing an IT risk taxonomy that will remain relevant over time while providing sufficient granularity and definitional clarity.
  • Gaining acceptance and ensuring understanding of accountability. Involving business leaders and a wide variety of risk owners when developing your IT risk taxonomy will lead to greater organizational acceptance.

.

  • Take a collaborative approach when developing your IT risk taxonomy to gain greater acceptance and understanding of accountability.
  • Spend the time to fully analyze your current and future threat landscape when defining your level 1 IT risks and consider the causal impact and complex linkages and intersections.
  • Recognize that the threat landscape will continue to evolve and that your IT risk taxonomy is a living document that must be continually reviewed and strengthened.

Info-Tech Insight

A common understanding of risks, threats, and opportunities gives organizations the flexibility and agility to adapt to changing business conditions and drive corporate value.

Increasing threat landscape

The risk landscape is continually evolving, putting greater pressure on the risk function to work collaboratively throughout the organization to strengthen operational resilience and minimize strategic, financial, and reputational impact.

Financial Impact

Strategic Risk

Reputation Risk

In IBM’s 2021 Cost of a Data Breach Report, the Ponemon Institute found that data security breaches now cost companies $4.24 million per incident on average – the highest cost in the 17-year history of the report.

58% percent of CROs who view inability to manage cyber risks as a top strategic risk.

EY’s 2022 Global Bank Risk Management survey revealed that Chief Risk Officers (CROs) view the inability to manage cyber risk and the inability to manage cloud and data risk as the top strategic risks.

Protiviti’s 2023 Executive Perspectives on Top Risks survey featured operational resilience within its top ten risks. An organization’s failure to be sufficiently resilient or agile in a crisis can significantly impact operations and reputation.

Persistent and emerging threats

Organizations should not underestimate the long-term impact on corporate performance if emerging risks are not fully understood, controlled, and embedded into decision-making.

Talent Risk

Sustainability

Digital Disruption

Protiviti’s 2023 Executive Perspectives on Top Risks survey revealed talent risk as the top risk organizations face, specifically organizations’ ability to attract and retain top talent. Of the 38 risks in the survey, it was the only risk issue rated at a “significant impact” level.

Sustainability is at the top of the risk agenda for many organizations. In EY’s 2022 Global Bank Risk Management survey, environmental, social, and governance (ESG) risks were identified as a risk focus area, with 84% anticipating it to increase in priority over the next three years. Yet Info-Tech’s Tech Trends 2023 report revealed that only 24% of organizations could accurately report on their carbon footprint.

Source: Info-Tech 2023 Tech Trends Report

The risks related to digital disruption are vast and evolving. In the short term, risks surface in compliance and skills shortage, but Protiviti’s 2023 Executive Perspectives survey shows that in the longer term, executives are concerned that the speed of change and market forces may outpace an organization’s ability to compete.

Build an IT risk taxonomy: As technology and digitization continue to advance, risk management practices must also mature. To strengthen operational and financial resiliency, it is essential that organizations move away from a siloed approach to IT risk management wart an integrated approach. Without a common IT risk taxonomy, effective risk assessment and aggregation at the enterprise level is not possible.

Blueprint benefits

IT Benefits

Business Benefits

  • Simple, customizable approach to build an IT risk taxonomy
  • Improved satisfaction with IT for senior leadership and business units
  • Greater ability to respond to evolving threats
  • Improved understanding of IT’s role in enterprise risk management (ERM)
  • Stronger, more reliable internal control framework
  • Reduced operational surprises and failures
  • More dynamic decision making
  • More proactive risk responses
  • Improve transparency and comparability of risks across silos
  • Better financial resilience and confidence in meeting regulatory requirements
  • More relevant risk assurance for key stakeholders

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

IT Risk Taxonomy Committee Charter Template

Create a cross-functional IT risk taxonomy committee.

The image contains a screenshot of the IT risk taxonomy committee charter template.

Build an IT Risk Taxonomy Guideline

Use IT risk taxonomy as a baseline to build your organization’s approach.

The image contains a screenshot of the build an it risk taxonomy guideline.

Build an IT Risk Taxonomy Design Template

Use this template to design and test your taxonomy.

The image contains a screenshot of the build an IT risk taxonomy design template.

Risk Register Tool

Update your risk register with your IT risk taxonomy.

The image contains a screenshot of the risk register tool.

Key deliverable:

Build an IT Risk Taxonomy Workbook

Use the tools and activities in each phase of the blueprint to customize your IT risk taxonomy to suit your organization’s needs.

The image contains a screenshot of the build an IT risk taxonomy workbook.

Benefit from industry-leading best practices

As a part of our research process, we used the COSO, ISO 31000, and COBIT 2019 frameworks. Contextualizing IT risk management within these frameworks ensures that our project-focused approach is grounded in industry-leading best practices for managing IT risk.

COSO’s Enterprise Risk Management —Integrating with Strategy and Performance addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment.

ISO 31000 – Risk Management can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats, and effectively allocate and use resources for risk treatment.

COBIT 2019’s IT functions were used to develop and refine the ten IT risk categories used in our top-down risk identification methodology.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

Phase 1 Phase 2 Phase 3

Call #1: Review risk management fundamentals.

Call #2: Review the role of an IT risk taxonomy in risk management.

Call #3: Establish a cross-functional team.

Calls #4-5: Identify level 1 IT risk types. Test against enterprise risk management.

Call #6: Identify level 2 and level 3 risk types.

Call #7: Align risk events and controls to level 3 risk types and test.

Call #8: Update your risk register and communicate taxonomy internally.

A Guided Implementation (GI) is a series

of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 6 to 8 calls over the course of 3 to 6 months.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Day 1 Day 2 Day 3 Day 4 Day 5

Review IT Risk Fundamentals and Governance

Identify Level 1 IT Risk Types

Identify Level 2 and Level 3 Risk Types

Monitor, Report, and Respond to IT Risk

Next Steps and
Wrap-Up (offsite)

Activities

1.1 Discuss risk fundamentals and the benefits of integrated risk.

1.2 Create a cross-functional IT taxonomy working group.

2.1 Discuss corporate strategy, business risks, macro trends, and organizational opportunities and constraints.

2.2 Establish level 1 risk types.

2.3 Test soundness of IT level 1 types by mapping to ERM level 1 types.

3.1 Establish level 2 risk types.

3.2 Establish level 3 risk types (and level 4 if appropriate for your organization).

3.3 Begin to test by working backward from controls to ensure risk events will aggregate consistently.

4.1 Continue to test robustness of taxonomy and iterate if necessary.

4.2 Optional activity: Draft your IT risk appetite statements.

4.3 Discuss communication and continual improvement plan.

5.1 Complete in-progress deliverables from previous four days.

5.2 Set up review time for workshop deliverables and to discuss next steps.

Deliverables
  1. T Risk Taxonomy Committee Charter Template
  2. Build an IT Risk Taxonomy Workbook
  1. Build an IT Risk Taxonomy Workbook
  1. IT Risk Taxonomy Design Template
  2. Risk Register
  1. IT Risk Taxonomy Design Template
  2. Risk Register
  3. Build an IT Risk Taxonomy Workbook
  1. Workshop Report

Phase 1

Understand Risk Management Fundamentals

Phase 1

Phase 2

Phase 3

  • Governance, Risk, and Compliance
  • Enterprise Risk Management
  • Enterprise Risk Appetite
  • Risk Statements and Scenarios
  • What Is a Risk Taxonomy?
  • Functional Role of an IT Risk Taxonomy
  • Connection to Enterprise Risk Management
  • Establish Committee
  • Steps to Define IT Risk Taxonomy
  • Define Level 1
  • Test Level 1
  • Define Level 2 and 3
  • Test via Your Control Framework

Governance, risk, and compliance (GRC)

Risk management is one component of an organization’s GRC function.

GRC principles are important tools to support enterprise management.

Governance sets the guardrails to ensure that the enterprise is in alignment with standards, regulations, and board decisions. A governance framework will communicate rules and expectations throughout the organization and monitor adherence.

Risk management is how the organization protects and creates enterprise value. It is an integral part of an organization’s processes and enables a structured decision-making approach.

Compliance is the process of adhering to a set of guidelines; these could be external regulations and guidelines or internal corporate policies.

GRC principles are tightly bound and continuous

The image contains a screenshot of a continuous circle that is divided into three parts: risk, compliance, and governance.

Enterprise risk management

Regardless of size or structure, every organization makes strategic and operational decisions that expose it to uncertainties.

Enterprise risk management (ERM) is a strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio (RIMS).

An ERM is program is crucial because it will:

  • Help shape business objectives, drive revenue growth, and execute risk-based decisions.
  • Enable a deeper understanding of risks and assessment of current risk profile.
  • Support forward-looking risk management and more constructive dialogue with the board and regulatory agencies.
  • Provide insight on the robustness and efficacy of risk management processes, tools, and controls.
  • Drive a positive risk culture.

ERM is supported by strategy, effective processes, technology, and people

The image contains a screenshot that demonstrates how ERM is supported by strategy, effective processes, technology, and people.

Risk frameworks

Risk frameworks are leveraged by the industry to “provide a structure and set of definitions to allow enterprises of all types and sizes to understand and better manage their risk environments.” COSO Enterprise Risk Management, 2nd edition

  • Many organizations lean on the Committee of Sponsoring Organizations’ Enterprise Risk Management framework (COSO ERM) and ISO 31000 to view organizational risks from an enterprise perspective.
  • Prior to the introduction of standardized risk frameworks, it was difficult to quantify the impact of a risk event on the entire enterprise, as the risk was viewed in a silo or as an individual risk component.
  • Recently, the National Institute of Science and Technology (NIST) published guidance on developing an enterprise risk management approach. The guidance helps to bridge the gap between best practices in enterprise risk management and processes and control techniques that cybersecurity professionals use to meet regulatory cybersecurity risk requirements.

The image contains a screenshot of NIST ERM approach to strategic risk.

Source: National Institute of Standards and Technology

New NIST guidance (NISTIR 8286) emphasizes the complexity of risk management and the need for the risk management process to be carried out seamlessly across three tiers with the overall objective of continuous improvement.

Enterprise risk appetite

“The amount of risk an organization is willing to take in pursuit of its objectives”

– Robert R. Moeller, COSO ERM Framework Model
  • A primary role of the board and senior management is to balance value creation with effectively management of enterprise risks.
  • As part of this role, the board will approve the enterprise’s risk appetite. Placing this responsibility with the board ensures that the risk appetite is aligned with the company’s strategic objectives.
  • The risk appetite is used throughout the organization to assess and respond to individual risks, acting as a constant to make sure that risks are managed within the organization’s acceptable limits.
  • Each year, or in reaction to a risk trigger, the enterprise risk appetite will be updated and approved by the board.
  • Risk appetite will vary across organizations for several reasons, such as industry, company culture, competitors, the nature of the objectives pursued, and financial strength.

Change or new risks » adjust enterprise risk profile » adjust risk appetite

Risk profile vs. risk appetite

Risk profile is the broad parameters an organization considers in executing its business strategy. Risk appetite is the amount of risk an entity is willing to accept in pursuit of its strategic objectives. The risk appetite can be used to inform the risk profile or vice versa. Your organization’s risk culture informs and is used to communicate both.

Risk Tolerant

Moderate

Risk Averse

  • You have no compliance requirements.
  • You have no sensitive data.
  • Customers do not expect you to have strong security controls.
  • Revenue generation and innovative products take priority and risk is acceptable.
  • The organization does not have remote locations.
  • It is likely that your organization does not operate within the following industries:
    • Finance
    • Healthcare
    • Telecom
    • Government
    • Research
    • Education
  • You have some compliance requirements, such as:
    • HIPAA
    • PIPEDA
  • You have sensitive data and are required to retain records.
  • Customers expect strong security controls.
  • Information security is visible to senior leadership.
  • The organization has some remote locations.
  • Your organization most likely operates within the following industries:
    • Government
    • Research
    • Education
  • You have multiple strict compliance and/or regulatory requirements.
  • You house sensitive data, such as medical records.
  • Customers expect your organization to maintain strong and current security controls.
  • Information security is highly visible to senior management and public investors.
  • The organization has multiple remote locations.
  • Your organization operates within the following industries:
    • Finance
    • Healthcare
    • Telecom

Where the IT risk appetite fits into the risk program

  • Your organization’s strategy and associated risk appetite cascade down to each business department. Overall strategy and risk appetite also set a strategy and risk appetite for each department.
  • Both risk appetite and risk tolerances set boundaries for how much risk an organization is willing or prepared to take. However, while appetite is often broad, tolerance is tactical and focused.
  • Tolerances apply to specific objectives and provide guidance to those executing on a day-to-day basis. They measure the variation around performance expectations that the organization will tolerate.
  • Ideally, they are incorporated into existing governance, risk, and compliance systems and are also considered when evaluated business cases.
  • IT risk appetite statements are based on IT level 1 risk types.

The risk appetite has a risk lens but is also closely linked to corporate performance.

The image contains a screenshot of a diagram that demonstrates how risk appetite has a risk lens, and how it is linked to corporate performance.

Statements of risk

The image contains a screenshot of a diagram of the risk landscape.

Risk Appetite

Risk Tolerance

  • The general amount of risk an organization is willing to accept while pursuing its objectives.
  • Proactive, future view of risks that reflects the desired range of enterprise performance.
  • Reflects the longer-term strategy of what needs to be achieved and the resources available to achieve it, expressed in quantitative criteria.
  • Risk appetites will vary for several reasons, such as the company culture, financial strength, and capabilities.
  • Risk tolerance is the acceptable deviation from the level set by the risk appetite.
  • Risk tolerance is a tactical tool often expressed in quantitative terms.
  • Key risk indicators are often used to align to risk tolerance limits to ensure the organization stays within the set risk boundary.

Risk scenarios

Risk scenarios serve two main purposes: to help decision makers understand how adverse events can affect organizational strategy and objectives and to prepare a framework for risk analysis by clearly defining and decomposing the factors contributing to the frequency and the magnitude of adverse events.

ISACA
  • Organizations’ pervasive use of and dependency on technology has increased the importance of scenario analysis to identify relevant and important risks and the potential impacts of risk events on the organization if the risk event were to occur.
  • Risk scenarios provide “what if” analysis through a structured approach, which can help to define controls and document assumptions.
  • They form a constructive narrative and help to communicate a story by bringing in business context.
  • For the best outcome, have input from business and IT stakeholders. However, in reality, risk scenarios are usually driven by IT through the asset management practice.
  • Once the scenarios are developed, they are used during the risk analysis phase, in which frequency and business impacts are estimated. They are also a useful tool to help the risk team (and IT) communicate and explain risks to various business stakeholders.

Top-down approach – driven by the business by determining the business impact, i.e. what is the impact on my customers, reputation, and bottom line if the system that supports payment processing fails?

Bottom-up approach – driven by IT by identifying critical assets and what harm could happen if they were to fail.

Example risk scenario

Use level 1 IT risks to derive potential scenarios.

Risk Scenario Description

Example: IT Risks

Risk Scenario Title

A brief description of the risk scenario

The enterprise is unable to recruit and retain IT staff

Risk Type

The process or system that is impacted by the risk

  • Service quality
  • Product and service cost

Risk Scenario Category

Deeper insight into how the risk might impact business functions

  • Inadequate capacity to support business needs
  • Talent and skills gap due to inability to retain talent

Risk Statement

Used to communicate the potential adverse outcomes of a particular risk event and can be used to communicate to stakeholders to enable informed decisions

The organization chronically fails to recruit sufficiently skilled IT workers, leading to a loss of efficiency in overall technology operation and an increased security exposure.

Risk Owner

The designated party responsible and accountable for ensuring that the risk is maintained in accordance with enterprise requirements

  • Head of Human Resources
  • Business Process Owner

Risk Oversight

The person (role) who is responsible for risk assessments, monitoring, documenting risk response, and establishing key risk indicators

CRO/COO

Phase 2

Set Your Organization Up for Success

Phase 1

Phase 2

Phase 3

  • Governance, Risk, and Compliance
  • Enterprise Risk Management
  • Enterprise Risk Appetite
  • Risk Statements and Scenarios
  • What Is a Risk Taxonomy?
  • Functional Role of an IT Risk Taxonomy
  • Connection to Enterprise Risk Management
  • Establish Committee
  • Steps to Define IT Risk Taxonomy
  • Define Level 1
  • Test Level 1
  • Define Level 2 and 3
  • Test via Your Control Framework

This phase will walk you through the following activities:

  • How to set up a cross-functional IT risk taxonomy committee

This phase involves the following participants:

  • CIO
  • CISO
  • CRO
  • IT Risk Owners
  • Business Leaders
  • Human Resources

What is a risk taxonomy?

A risk taxonomy provides a common risk view and enables integrated risk

  • A risk taxonomy is the (typically hierarchical) categorization of risk types. It is constructed out of a collection of risk types organized by a classification scheme.
  • Its purpose is to assist with the management of an organization’s risk by arranging risks in a classification scheme.
  • It provides foundational support across the risk management lifecycle in relation to each of the key risks.
  • More material risk categories form the root nodes of the taxonomy, and risk types cascade into more granular manifestations (child nodes).
  • From a risk management perspective, a taxonomy will:
    • Enable more effective risk aggregation and interoperability.
    • Provide the organization with a complete view of risks and how risks might be interconnected or concentrated.
    • Help organizations form a robust control framework.
    • Give risk managers a structure to manage risks proactively.

Typical Tree Structure

The image contains a screenshot of the Typical Tree Structure.

What is integrated risk management?

  • Integrated risk management is the process of ensuring all forms of risk information, including risk related to information and technology, are considered and included in the organization’s risk management strategy.
  • It removes the siloed approach of classifying risks related to specific departments or areas of the organization, recognizing that each risk is a potential threat to the overarching enterprise.
  • By aggregating the different threats or uncertainty that might exist within an organization, integrated risk management enables more informed decisions to be made that align to strategic goals and continue to drive value back to the business.
  • By holistically considering the different risks, the organization can make informed decisions on the best course of action that will reduce any negative impacts associated with the uncertainty and increase the overall value.

The image contains a screenshot of the ERM.

Integrated risk management: A strategic and collaborative way to manage risks across the organization. It is a forward-looking, business-specific outlook with the objective of improving risk visibility and culture.

Drivers and benefits of integrated risk

Drivers for Integrated Risk Management

  • Business shift to digital experiences
  • The breadth and number of risks requiring oversight
  • The need for faster risk analysis and decision making

Benefits of Integrated Risk Management

  • Enables better scenario planning
  • Enables more proactive risk responses
  • Provides more relevant risk assurance to key stakeholders
  • Improves transparency and comparability of risks across organizational silos
  • Supports better financial resilience

Business velocity and complexity are making real-time risk management a business necessity.

If integrated risk is the destination, your taxonomy is your road to get you there

Info-Tech’s Model for Integrated Risk

The image contains a screenshot of Info-Tech's Model for Integrated Risk.

How the risk practices intersect

The risk taxonomy provides a common classification of risks that allows risks to roll up systematically to enterprise risk, enabling more effective risk responses and more informed decision making.

The image contains a screenshot of a diagram that demonstrates how the risk practices intersect.

ERM taxonomy

Relative to the base event types, overall there is an increase in the number of level 1 risk types in risk taxonomies

Oliver Wyman
  • The changing risk profile of organizations and regulatory focus in some industries is pushing organizations to rethink their risk taxonomies.
  • Generally, the expansion of level 1 risk types is due to the increase in risk themes under the operational risk umbrella.
  • Non-financial risks are risks that are not considered to be traditional financial risks, such as operational risk, technology risk, culture, and conduct. Environmental, social, and governance (ESG) risk is often referred to as a non-financial risk, although it can have both financial and non-financial implications.
  • Certain level 1 ERM risks, such as strategic risk, reputational risk, and ESG risk, cover both financial and non-financial risks.

The image contains a screenshot of a diagram of the Traditional ERM Structure.

Operational resilience

  • The concept of operational resiliency was first introduced by European Central Bank (ECB) in 2018 as an attempt to corral supervisory cooperation on operational resiliency in financial services.
  • The necessity for stronger operational resiliency became clear during the early stages of COVID-19 when many organizations were not prepared for disruption, leading to serious concern for the safety and soundness of the financial system.
  • It has gained traction and is now defined in global supervisory guidance. Canada’s prudential regulator, Office of the Superintendent of Financial Institutions (OSFI), defines it as “the ability of a financial institution to deliver its operations, including its critical operations, through disruption.”
  • Practically, its purpose is to knit together several operational risk management categories such as business continuity, security, and third-party risk.
  • The concept has been adopted by information and communication technology (ICT) companies, as technology and cyber risks sit neatly under this risk type.
  • It is now not uncommon to see operational resiliency as a level 1 risk type in a financial institution’s ERM framework.

Operational resilience will often feature in ERM frameworks in organizations that deliver critical services, products, or functions, such as financial services

Operational Resilience.

ERM level 1 risk categories

Although many organizations have expanded their enterprise risk management taxonomies to address new threats, most organizations will have the following level 1 risk types:

ERM Level 1

Definition

Definition Source

Financial

The ability to obtain sufficient and timely funding capacity.

Global Association of Risk Professionals (GARP)

Non-Financial

Non-financial risks are risks that are not considered to be traditional financial risks such as operational risk, technology risk, culture and conduct.

Office of the Superintendent of Financial Institutions (OSFI)

Reputational

Potential negative publicity regarding business practices regardless of validity.

US Federal Reserve

Global Association of Risk Professionals (GARP)

Strategic

Risk of unsuccessful business performance due to internal or external uncertainties, whether the event is event or trend driven. Actions or events that adversely impact an organizations strategies and/or implementation of its strategies.

The Risk Management Society (RIMS)

Sustainability (ESG)

This risk of any negative financial or reputational impact on an organizations stemming from current or prospective impacts of ESG factors on its counterparties or invested assets.

Open Risk Manual

Info-Tech Research Group

Talent and Risk Culture

The widespread behaviors and mindsets that can threaten sound decision-making, prudent risk-taking, and effective risk management and can weaken an institution’s financial and operational resilience.

Info-Tech Research Group

Different models of ERM

Some large organizations will elevate certain operational risks to level 1 organizational risks due to risk materiality.

Every organization will approach its risk management taxonomy differently; the number of level 1 risk types will vary and depend highly on perceived impact.

Some of the reasons why an organization would elevate a risk to a level 1 ERM risk are:

  • The risk has significant impact on the organization's strategy, reputation, or financial performance.
  • The regulator has explicitly called out board oversight within legislation.
  • It is best practice in the organization’s industry or business sector.
  • The organization has structured its operations around a particular risk theme due to its potential negative impact. For example, the organization may have a dedicated department for data privacy.

Level 1

Potential Rationale

Industries

Risk Definition

Advanced Analytics

Use of advanced analytics is considered material

Large Enterprise, Marketing

Risks involved with model risk and emerging risks posed by artificial intelligence/machine learning.

Anti-Money Laundering (AML) and Fraud

Risk is viewed as material

Financial Services, Gaming, Real Estate

The risk of exposure to financial crime and fraud.

Conduct Risk

Sector-specific risk type

Financial Services

The current or prospective risk of losses to an institution arising from inappropriate supply of financial services including cases of willful or negligent misconduct.

Operational Resiliency

Sector-specific risk type

Financial Services, ICT

Organizational risk resulting from an organization’s failure to deliver its operations, including its critical operations, through disruption.

Privacy

Board driven – perceived as material risk to organization

Healthcare, Financial Services

The potential loss of control over personal information.

Information Security

Board driven – regulatory focus

All may consider

The people, processes, and technology involved in protecting data (information) in any form – whether digital or on paper – through its creation, storage, transmission, exchange, and destruction.

Risk and impact

Mapping risks to business outcomes happens within the ERM function and by enterprise fiduciaries.

  • When mapping risk events to enterprise risk types, the relationship is rarely linear. Rather, risk events typically will have multiple impacts on the enterprise, including strategic, reputational, ESG, and financial impacts.
  • As risk information is transmitted from lower levels, it informs the next level, providing the appropriate information to prioritize risk.
  • In the final stage, the enterprise portfolio view will reflect the enterprise impacts according to risk dimensions, such as strategic, operational, reporting, and compliance.

Rolling Up Risks to a Portfolio View

The image contains a screenshot to demonstrate rolling up risks to a portfolio view.

  1. A risk event within IT will roll up to the enterprise via the IT risk register.
  2. The impact of the risk on cash flow and operations will be aggregated and allocated in the enterprise risk register by enterprise fiduciaries (e.g. CFO).
  3. The impacts are translated into full value exposures or modified impact and likelihood assessments.

Common challenges

How to synthesize different objectives between IT risk and enterprise risk

Commingling risk data is a major challenge when developing a risk taxonomy, but one of the underlying reasons is that the enterprise and IT look at risk from different dimensions.

  • The role of the enterprise in risk management is to provide and preserve value, and therefore the enterprise evaluates risk on an adjusted risk-return basis.
  • To do this effectively, the enterprise must break down silos and view risk holistically.
  • ERM is a top-down process of evaluating risks that may impact the entity. As part of the process, ERM must manage risks within the enterprise risk framework and provide reasonable assurances that enterprise objectives will be met.
  • IT risk management focuses on internal controls and sits as a function within the larger enterprise.
  • IT takes a bottom-up approach by applying an ongoing process of risk management and constantly identifying, assessing, prioritizing, and mitigating risks.
  • IT has a central role in risk mitigation and, if functioning well, will continually reduce IT risks, simplifying the role for ERM.

Establish a team

Cross-functional collaboration is key to defining level 1 risk types.

Establish a cross-functional working group.

  • Level 1 IT risk types are the most important to get right because they are the root nodes that all subtypes of risk cascade from.
  • To ensure the root nodes (level 1 risk types) address the risks of your organization, it is vital to have a strong understanding or your organization’s value chain, so your organizational strategy is a key input for defining your IT level 1 risk types.
  • Since the taxonomy provides the method for communicating risks to the people who need to make decisions, a wide understanding and acceptance of the taxonomy is essential. This means that multiple people across your organization should be involved in defining the taxonomy.
  • Form a cross-functional tactical team to collaborate and agree on definitions. The team should include subject matter experts and leaders in key risk and business areas. In terms of governance structure, this committee might sit underneath the enterprise risk council, and members of your IT risk council may also be good candidates for this tactical working group.
  • The committee would be responsible for defining the taxonomy as well as performing regular reviews.
  • The importance of collaboration will become crystal clear as you begin this work, as risks should be connected to only one risk type.

Governance Layer

Role/ Responsibilities

Enterprise

Defines organizational goals. Directs or regulates the performance and behavior of the enterprise, ensuring it has the structure and capabilities to achieve its goals.

Enterprise Risk Council

  • Approve of risk taxonomy

Strategic

Ensures business and IT initiatives, products, and services are aligned to the organization’s goals and strategy and provide expected value. Ensures adherence to key principles.

IT Risk Council

  • Provide input
  • May review taxonomy ahead of going to the enterprise risk council for approval

Tactical

Ensures key activities and planning are in place to execute strategic initiatives.

Subcommittee

  • Define risk types and definitions
  • Establish and maintain taxonomy
  • Recommend changes
  • Advocate and communicate internally

2.1 Establish a cross-functional working group

2-3 hours

  1. Consider your organization’s operating model and current governance framework, specifically any current risk committees.
  2. Consider the members of current committees and your objectives and begin defining:
    1. Committee mandate, goals, and success factors.
    2. Responsibility and membership.
    3. Committee procedures and policies.
  3. Make sure you define how this tactical working group will interact with existing committees.

Download Build an IT Risk Taxonomy Workbook

Input Output
  • Organization chart and operating model
  • Corporate governance framework and existing committee charters
  • Cross-functional working group charter
Materials Participants
  • Whiteboard/flip charts
  • Build an IT Risk Taxonomy Workbook
  • IT Taxonomy Committee Charter
  • CISO
  • Human resources
  • Corporate communications
  • CRO or risk owners
  • Business leaders

Phase 3

Structure Your IT Risk Taxonomy

Phase 1

Phase 2

Phase 3

  • Governance, Risk, and Compliance
  • Enterprise Risk Management
  • Enterprise Risk Appetite
  • Risk Statements and Scenarios
  • What Is a Risk Taxonomy?
  • Functional Role of an IT Risk Taxonomy
  • Connection to Enterprise Risk Management
  • Establish Committee
  • Steps to Define IT Risk Taxonomy
  • Define Level 1
  • Test Level 1
  • Define Level 2 and 3
  • Test via Your Control Framework

This phase will walk you through the following activities:

  • Establish level 1 risk types
  • Test level 1 risk types
  • Define level 2 and level 3 risk types
  • Test the taxonomy via your control framework

This phase involves the following participants:

  • CIO
  • CISO
  • CRO
  • IT Risk Owners
  • Business Leaders
  • Human Resources

Structuring your IT risk taxonomy

Do’s

  • Ensure your organization’s values are embedded into the risk types.
  • Design your taxonomy to be forward looking and risk based.
  • Make level 1 risk types generic so they can be used across the organization.
  • Ensure each risk has its own attributes and belongs to only one risk type.
  • Collaborate on and communicate your taxonomy throughout organization.

Don’ts

  • Don’t develop risk types based on function.
  • Don’t develop your taxonomy in a silo.

A successful risk taxonomy is forward looking and codifies the most frequently used risk language across your organization.

Level 1

Parent risk types aligned to organizational values

Level 2

Subrisks to level 1 risks

Level 3

Further definition

Steps to define your IT risk taxonomy

Step 1

Leverage Info-Tech’s Build an IT Risk Taxonomy Guideline and identify IT level 1 risk types. Consider corporate inputs and macro trends.

Step 2

Test level 1 IT risk types by mapping to your enterprise's ERM level 1 risk types.

Step 3

Draft your level 2 and level 3 risk types. Be mutually exclusive to the extent possible.

Step 4

Work backward – align risk events and controls to the lowest level risk category. In our examples, we align to level 3.

Step 5

Add risk levels to your risk registry.

Step 6

Optional – Add IT risk appetite statements to risk register.

Inputs to use when defining level 1

To help you define your IT risk taxonomy, leverage your organization’s strategy and risk management artifacts, such as outputs from risk assessments, audits, and test results. Also consider macro trends and potential risks unique to your organization.

Step 1 – Define Level 1 Risk Types

Use corporate inputs to help structure your taxonomy

  • Corporate Strategy
  • Risk Assessment
  • Audit
  • Test Results

Consider macro trends that may have an impact on how you manage IT risks

  • Geopolitical Risk
  • Economic Downturn
  • Regulation
  • Competition
  • Climate Risk
  • Industry Disruption

Evaluate from an organizational lens

Ask risk-based questions to help define level 1 IT risks for your organization.

IT Risk Type

Example Questions

Technology

How reliant is our organization on critical assets for business operations?

How resilient is the organization to an unexpected crisis?

How many planned integrations do we have (over the next 24 months)?

Talent Risk

What is our need for specialized skills, like digital, AI, etc.?

Does our culture support change and innovation?

How susceptible is our organization to labor market changes?

Strategy

What is the extent of digital adoption or use of emerging technologies in our organization?

How aligned is IT with strategy/corporate goals?

How much is our business dependent on changing customer preferences?

Data

How much sensitive data does our organization use?

How much data is used and stored aggregately?

How often is data moved? And to what locations?

Third-party

How many third-party suppliers do we have?

How reliant are we on the global supply chain?

What is the maturity level of our third-party suppliers?

Do we have any concentration risk?

Security

How equipped is our organization to manage cyber threats?

How many security incidents occur per year/quarter/day?

Do we have regulatory obligations? Is there risk of enforcement action?

Level 1 IT taxonomy structure

Step 2 – Consider your organization’s strategy and areas where risks may manifest and use this guidance to advance your thinking. Many factors may influence your taxonomy structure, including internal organizational structure, the size of your organization, industry trends and organizational context, etc.

Most IT organizations will include these level 1 risks in their IT risk taxonomy

IT Level 1

Definition

Definition Source

Technology

Risk arising from the inadequacy, disruption, destruction, failure, damage from unauthorized access modifications, or malicious use of information technology assets, people or processes that enable and support business needs, and can result in financial loss and/or reputational damage.

Open Risk Manual

Note how this definition by OSFI includes cyber risk as part of technology risk. Smaller organizations and organizations that do not use large amounts of sensitive information will typically fold cyber risks under technology risks. Not all organizations will take this approach. Some organizations may elevate security risk to level 1.

“Technology risk”, which includes “cyber risk”, refers to the risk arising from the inadequacy, disruption, destruction, failure, damage from unauthorized access, modifications, or malicious use of information technology assets, people or processes that enable and support business needs, and can result in financial loss and/or reputational damage.

Office of the Superintendent of Financial Institutions (OSFI)

Talent

The risk of not having the right knowledge and skills to execute strategy.

Info-Tech Research Group/McLean & Company

Human capital challenges including succession challenges and the ability to attract and retain top talent are considered the most dominant risk to organizations’ ability to meet their value proposition (Protiviti, 2023).

Strategic

Risks that threaten IT’s ability to deliver expected business outcomes.

Info-Tech Research Group

IT’s role as strategic enabler to the business has never been so vital. With the speed of disruptive innovation, IT must be able to monitor alignment, support opportunities, and manage unexpected crises.

Level 1 IT taxonomy structure cont'd

Step 2 – Large and more complex organizations may have more level 1 risk types. Variances in approaches are closely linked to the type of industry and business in which the organization operates as well as how they view and position risks within their organization.

IT Level 1

Definition

Definition Source

Data

Data risk is the exposure to loss of value or reputation caused by issues or limitations to an organization’s ability to acquire, store, transform, move, and use its data assets.

Deloitte

Data risk encompasses the risk of loss value or reputation resulting from inadequate or failed internal processes, people and systems or from external events impacting on data.

Australian Prudential Regulation Authority (APRA) CPG 235 -2013)

Data is increasingly being used for strategic growth initiatives as well as for meeting regulatory requirements. Organizations that use a lot of data or specifically sensitive information will likely have data as a level 1 IT risk type.

Third-Party

The risk adversely impacting the institutions performance by engaging a third party, or their associated downstream and upstream partners or another group entity (intragroup outsourcing) to provide IT systems or related services.

European Banking Association (EBA)

Open Risk Manual uses EBA definition

Third-party risk (supply chain risk) received heightened attention during COVID-19. If your IT organization is heavily reliant on third parties, you may want to consider elevating third-party risk to level 1.

Security

The risk of unauthorized access to IT systems and data from within or outside the institution (e.g., cyber-attacks). An incident is viewed as a series of events that adversely affects the information assets of an organization. The overall narrative of this type of risk event is captured as who, did what, to what (or whom), with what result.

Open Risk Manual

Some organizations and industries are subject to regulatory obligations, which typically means the board has strict oversight and will elevate security risk to a level 1.

Common challenges

Considerations when defining level 1 IT risk types

  • Ultimately, the identification of a level 1 IT risk type will be driven by the potential for and materiality of vulnerabilities that may impede an organization from delivering successful business outcomes.
  • Senior leaders within organizations play a central role in protecting organizations against vulnerabilities and threats.
  • The size and structure of your organization will influence how you manage risk.
  • The following slide shows typical roles and responsibilities for data privacy.
  • Large enterprises and organizations that use a lot of personal identifiable information (PII) data, such as those in healthcare, financial services, and online retail, will typically have data as a level 1 IT risk and data privacy as a level 2 risk type.
  • However, smaller organizations or organizations that do not use a lot of data will typically fold data privacy under either technology risk or security risk.

Deciding placement in taxonomy

Deciding Placement in Taxonomy.

  • In larger enterprises, data risks are managed within a dedicated functional department with its own governance structure. In small organizations, the CIO is typically responsible and accountable for managing data privacy risk.

Global Enterprise

Midmarket

Privacy Requirement

What Is Involved

Accountable

Responsible

Accountable & Responsible

Privacy Legal and Compliance Obligations

  • Ensuring the relevant Accountable roles understand privacy obligations for the jurisdictions operated in.

Privacy Officer (Legal)

Privacy Officer (Legal)

Privacy Policy, Standards, and Governance

  • Defining polices and ensuring they are in place to ensure all privacy obligations are met.
  • Monitoring adherence to those policies and standards.

Chief Risk Officer (Risk)

Head of Risk Function

Data Classification and Security Standards and Best-Practice Capabilities

  • Defining the organization’s data classification and security standards and ensuring they align to the privacy policy.
  • Designing and building the data security standards, processes, roles, and technologies required to ensure all security obligations under the privacy policy can be met.
  • Providing oversight of the effectiveness of data security practices and leading resolution of data security issues/incidents.

Chief Information Security Officer (IT)

Chief Information Security Officer (IT)

Technical Application of Data Classification, Management and Security Standards

  • Ensuring all technology design, implementation, and operational decisions adhere to data classification, data management, and data security standards.

Chief Information Officer (IT)

Chief Data Architect (IT)

Chief Information Officer (IT)

Data Management Standards and Best-Practice Capabilities

  • Defining the organization’s data management standards and ensuring they align to the privacy policy.
  • Designing and building the data management standards, processes, roles, and technologies required to ensure data classification, access, and sharing obligations under the privacy policy can be met.
  • Providing oversight of the effectiveness of data classification, access, and sharing practices and leading resolution of data management issues/incidents.

Chief Data Officer

Where no Head of Data Exists and IT, not the business, is seen as de facto owner of data and data quality

Execution of Data Management

  • Ensuring business processes that involve data classification, sharing, and access related to their data domain align to data management standards (and therefore privacy obligations).

L1 Business Process Owner

L2 Business Process Owner

Common challenges

Defining security risk and where it resides in the taxonomy

  • For risk management to be effective, risk professionals need to speak the same language, but the terms “information security,” “cybersecurity,” and “IT security” are often used interchangeably.
  • Traditionally, cyber risk was folded under technology risk and therefore resided at a lower level of a risk taxonomy. However, due to heightened attention from regulators and boards stemming from the pervasiveness of cyber threats, some organizations are elevating security risks to a level 1 IT risk.
  • Furthermore, regulatory cybersecurity requirements have emphasized control frameworks. As such, many organizations have adopted NIST because it is comprehensive, regularly updated, and easily tailored.
  • While NIST is prescriptive and action oriented, it start with controls and does not easily integrate with traditional ERM frameworks. To address this, NIST has published new guidance focused on an enterprise risk management approach. The guidance helps to bridge the gap between best practices in enterprise risk management and processes and control techniques that cybersecurity professionals use to meet regulatory cybersecurity risk requirements.

Definitional Nuances

“Cybersecurity” describes the technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access.

“IT security” describes a function as well as a method of implementing policies, procedures, and systems to defend the confidentiality, integrity, and availability of any digital information used, transmitted, or stored throughout the organization’s environment.

“Information security” defines the people, processes, and technology involved in protecting data (information) in any form – whether digital or on paper – through its creation, storage, transmission, exchange, and destruction.

3.1 Establish level 1 risk types

2-3 hours

  1. Consider your current and future corporate goals and business initiatives, risk management artifacts, and macro industry trends.
  2. Ask questions to understand risks unique to your organization.
  3. Review Info-Tech’s IT level 1 risk types and identify the risk types that apply to your organization.
  4. Add any risk types that are missing and unique to your organization.
  5. Refine the definitions to suit your organization.
  6. Be mutually exclusive and collectively exhaustive to the extent possible.

Download Build an IT Risk Taxonomy Workbook

InputOutput
  • Organization's strategy
  • Other organizational artifacts if available (operating model, outputs from audits and risk assessments, risk profile, and risk appetite)
  • Build an IT Risk Taxonomy Guideline
  • IT Risk Taxonomy Definitions
  • Level 1 IT risk types customized to your organization
MaterialsParticipants
  • Whiteboard/flip charts
  • Build an IT Risk Taxonomy Workbook
  • CISO
  • Human resources
  • Corporate communications
  • CRO or risk owners
  • Business leaders

3.2 Map IT risk types against ERM level 1 risk types

1-2 hours

  1. Using the output from Activity 3.1, map your IT risk types to your ERM level 1 risk types.
  2. Record in the Build an IT Risk Taxonomy Workbook.

Download Build an IT Risk Taxonomy Workbook

InputOutput
  • IT level 1 risk types customized to your organization
  • ERM level 1 risk types
  • Final level 1 IT risk types
MaterialsParticipants
  • Whiteboard/flip charts
  • Build an IT Risk Taxonomy Workbook
  • CISO
  • Human resources
  • Corporate communications
  • CRO or risk owners
  • Business leaders

Map IT level 1 risk types to ERM

Test your level 1 IT risk types by mapping to your organization’s level 1 risk types.

Step 2 – Map IT level 1 risk types to ERM

The image contains two tables. 1 table is ERM Level 1 Risks, the other table is IT Level 1 Risks.

3.3 Establishing level 2 and 3 risk types

3-4 hours

  1. Using the level 1 IT risk types that you have defined and using Info-Tech’s Risk Taxonomy Guideline, first begin to identify level 2 risk types for each level 1 type.
  2. Be mutually exclusive and collectively exhaustive to the extent possible.
  3. Once satisfied with your level 2 risk types, break them down further to level 3 risk types.

Note: Smaller organizations may only define two risk levels, while larger organizations may define further to level 4.

Download Build an IT Risk Taxonomy Design Template

InputOutput
  • Output from Activity 3.1, Establish level 1 risk types
  • Build an IT Risk Taxonomy Workbook
  • Build an IT Risk Taxonomy Guideline
  • Level 2 and level 3 risk types recorded in Build an IT Risk Taxonomy Design Template
MaterialsParticipants
  • Whiteboard/flip charts
  • Build an IT Risk Taxonomy Workbook
  • CISO
  • Human resources
  • Corporate communications
  • CRO or risk owners
  • Business leaders

Level 2 IT taxonomy structure

Step 3 – Break down your level 1 risk types into subcategories. This is complicated and may take many iterations to reach a consistent and accepted approach. Try to make your definitions intuitive and easy to understand so that they will endure the test of time.

The image contains a screenshot of Level 2 IT taxonomy Structure.

Security vulnerabilities often surface through third parties, but where and how you manage this risk is highly dependent on how you structure your taxonomy. Organizations with a lot of exposure may have a dedicated team and may manage and report security risks under a level 1 third-party risk type.

Level 3 IT taxonomy structure

Step 3 – Break down your level 2 risk types into lower-level subcategories. The number of levels of risk you have will depend on the size of and magnitude of risks within your organization. In our examples, we demonstrate three levels.

The image contains a screenshot of Level 3 IT taxonomy Structure.

Risk taxonomies for smaller organizations may only include two risk levels. However, large enterprises or more complex organizations may extend their taxonomy to level 3 or even 4. This illustration shows just a few examples of level 3 risks.

Test using risk events and controls

Ultimately risk events and controls need to roll up to level 1 risks in a consistent manner. Test the robustness of your taxonomy by working backward.

Step 4 – Work backward to test and align risk events and controls to the lowest level risk category.

  • A key function of IT risk management is to monitor and maintain internal controls.
  • Internal controls help to reduce the level of inherent risk to acceptable levels, known as residual risk.
  • As risks evolve, new controls may be needed to upgrade protection for tech infrastructure and strengthen connections between critical assets and third-party suppliers.

Example – Third Party Risk

Third Party Risk example.

3.4 Test your IT taxonomy

2-3 hours

  1. Leveraging the output from Activities 3.1 to 3.3 and your IT Risk Taxonomy Design Template, begin to test the robustness of the taxonomy by working backward from controls to level 1 IT risks.
  2. The lineage should show clearly that the control will mitigate the impact of a realized risk event. Refine the control or move the control to another level 1 risk type if the control will not sufficiently reduce the impact of a realized risk event.
  3. Once satisfied, update your risk register or your risk management software tool.

Download Build an IT Risk Taxonomy Design Template

InputOutput
  • Output from Activities 3.1 to 3.3
  • IT risk taxonomy documented in the IT Risk Taxonomy Design Template
MaterialsParticipants
  • Whiteboard/flip charts
  • IT risk register
  • Build an IT Risk Taxonomy Workbook
  • CISO
  • Human resources
  • Corporate communications
  • CRO or risk owners
  • Business leaders

Update risk register

Step 5 – Once you are satisfied with your risk categories, update your risk registry with your IT risk taxonomy.

Use Info-Tech’s Risk Register Tool or populate your internal risk software tool.

Risk Register.

Download Info-Tech’s Risk Register Tool

Augment the risk event list using COBIT 2019 processes (Optional)

Other industry-leading frameworks provide alternative ways of conceptualizing the functions and responsibilities of IT and may help you uncover additional risk events.

  1. Managed IT Management Framework
  2. Managed Strategy
  3. Managed Enterprise Architecture
  4. Managed Innovation
  5. Managed Portfolio
  6. Managed Budget and Costs
  7. Managed Human Resources
  8. Managed Relationships
  9. Managed Service Agreements
  10. Managed Vendors
  11. Managed Quality
  12. Managed Risk
  13. Managed Security
  14. Managed Data
  15. Managed Programs
  16. Managed Requirements Definition
  17. Managed Solutions Identification and Build
  18. Managed Availability and Capacity
  19. Managed Organizational Change Enablement
  20. Managed IT Changes
  21. Managed IT Change Acceptance and Transitioning
  22. Managed Knowledge
  23. Managed Assets
  24. Managed Configuration
  25. Managed Projects
  26. Managed Operations
  27. Managed Service Requests and Incidents
  28. Managed Problems
  29. Managed Continuity
  30. Managed Security Services
  31. Managed Business Process Controls
  32. Managed Performance and Conformance Monitoring
  33. Managed System of Internal Control
  34. Managed Compliance with External Requirements
  35. Managed Assurance
  36. Ensured Governance Framework Setting and Maintenance
  37. Ensured Benefits Delivery
  38. Ensured Risk Optimization
  39. Ensured Resource Optimization
  40. Ensured Stakeholder Engagement

Example IT risk appetite

When developing your risk appetite statements, ensure they are aligned to your organization’s risk appetite and success can be measured.

Example IT Risk Appetite Statement

Risk Type

Technology Risk

IT should establish a risk appetite statement for each level 1 IT risk type.

Appetite Statement

Our organization’s number-one priority is to provide high-quality trusted service to our customers. To meet this objective, critical systems must be highly performant and well protected from potential threats. To meet this objective, the following expectations have been established:

  • No appetite for unauthorized access to systems and confidential data.
  • Low appetite for service downtime.
    • Service availability objective of 99.9%.
    • Near real-time recovery of critical services – ideally within 30 minutes, no longer than 3 hours.

The ideal risk appetite statement is qualitative and supported by quantitative measures.

Risk Owner

Chief Information Officer

Ultimately, there is an accountable owner(s), but involve business and technology stakeholders when drafting to gain consensus.

Risk Oversight

Enterprise Risk Committee

Supporting Framework(s)

Business Continuity Management, Information Security, Internal Audit

The number of supporting programs and frameworks will vary with the size of the organization.

3.5 Draft your IT risk appetite statements

Optional Activity

2-3 hours

  1. Using your completed taxonomy and your organization’s risk appetite statement, draft an IT risk appetite statement for each level 1 risk in your workbook.
  2. Socialize the statements and gain approval.
  3. Add the approved risk appetite statements to your IT risk register.

Download Build an IT Risk Taxonomy Workbook

Input Output
  • Organization’s risk appetite statement
  • Build an IT Risk Taxonomy Workbook
  • IT Risk Taxonomy Design Template
  • IT risk appetite statements
Materials Participants
  • Whiteboard/flip charts
  • Build an IT Risk Taxonomy Workbook
  • CISO, CIO
  • Human resources
  • Corporate communications
  • CRO or risk owners
  • Business leaders

Key takeaways and next steps

  • The risk taxonomy is the backbone of a robust enterprise risk management program. A good taxonomy is frequently used and well understood.
  • Not only is the risk taxonomy used to assess organizational impact, but it is also used for risk reporting, scenarios analysis and horizon scanning, and risk appetite expression.
  • It is essential to capture IT risks within the ERM framework to fully understand the impact and allow for consistent risk discussions and meaningful aggregation.
  • Defining an IT risk taxonomy is a team sport, and organizations should strive to set up a cross-functional working group that is tasked with defining the taxonomy, monitoring its effectiveness, and ensuring continual improvement.
  • The work does not end when the taxonomy is complete. The taxonomy should be well socialized throughout the organization after inception through training and new policies and procedures. Ultimately, it should be an activity embedded into risk management practices.
  • The taxonomy is a living document and should be continually improved upon.

3.6 Prepare to communicate the taxonomy internally

1-2 hours

To gain acceptance of your risk taxonomy within your organization, ensure it is well understood and used throughout the organization.

  1. Consider your audience and agree on the key elements you want to convey.
  2. Prepare your presentation.
  3. Test your presentation with a smaller group before communicating to senior leadership or the board.

Coming soon: Look for our upcoming research Communicate Any IT Initiative.

InputOutput
  • Build an IT Risk Taxonomy Workbook
  • Upcoming research: Communicate Any IT Initiative
  • Presentation
MaterialsParticipants
  • Whiteboard/flip charts
  • Upcoming research: Communicate Any IT Initiative
  • Internal communication templates
  • CISO, CIO
  • Human resources
  • Corporate communications
  • CRO or risk owners
  • Business leaders

Related Info-Tech Research

Build an IT Risk Management Program

  • Use this blueprint to transform your ad hoc risk management processes into a formalized ongoing program and increase risk management success.
  • Learn how to take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest's risks before they occur.

Integrate IT Risk Into Enterprise Risk

  • Use this blueprint to understand gaps in your organization’s approach to risk management.
  • Learn how to integrate IT risks into the foundational risk practice

Coming Soon: Communicate Any IT initiative

  • Use this blueprint to compose an easy-to-understand presentation to convey the rationale of your initiative and plan of action.
  • Learn how to identify your target audience and tailor and deliver the message in an authentic and clear manner.

Risk definitions

Term Description
Emergent Risk Risks that are poorly understood but expected to grow in significance.
Residual Risk The amount of risk you have left after you have removed a source of risk or implemented a mitigation approach (controls, monitoring, assurance).
Risk Acceptance If the risk is within the enterprise's risk tolerance or if the cost of otherwise mitigating the risk is higher than the potential loss, the enterprise can assume the risk and absorb any losses.
Risk Appetite An organization’s general approach and attitude toward risk; the total exposed amount that an organization wishes to undertake on the basis of risk-return trade-offs for one or more desired and expected outcomes.
Risk Assessment The process of estimating and evaluating risk.
Risk Avoidance The risk response where an organization chooses not to perform a particular action or maintain an existing engagement due to the risk involved.
Risk Event A risk occurrence (actual or potential) or a change of circumstances. Can consist of more than one occurrence or of something not happening. Can be referred to as an incident or accident.
Risk Identification The process of finding, recognizing, describing, and documenting risks that could impact the achievement of objectives.
Risk Management The capability and related activities used by an organization to identify and actively manage risks that affect its ability to achieve goals and strategic objectives. Includes principles, processes, and framework.
Risk Likelihood The chance of a risk occurring. Usually measured mathematically using probability.
Risk Management Policy Expresses an organization’s commitment to risk management and clarifies its use and direction.
Risk Mitigation The risk response where an action is taken to reduce the impact or likelihood of a risk occurring.
Risk Profile A written description of a set of risks.

Risk definitions

Term Description
Risk Opportunity A cause/trigger of a risk with a positive outcome.
Risk Owner The designated party responsible and accountable for ensuring that the risk is maintained in accordance with enterprise requirements.
Risk Register A tool used to identify and document potential and active risks in an organization and to track the actions in place to manage each risk.
Risk Response How you choose to respond to risk (accept, mitigate, transfer, or avoid).
Risk Source The element that, alone or in combination, has potential to give rise to a risk. Usually this is the root cause of the risk.
Risk Statement A description of the current conditions that may lead to the loss, and a description of the loss.
Risk Tolerance The amount of risk you are prepared or able to accept (in terms of volume or impact); the amount of uncertainty an organization is willing to accept in the aggregate (or more narrowly within a certain business unit or for a specific risk category). Expressed in quantitative terms that can be monitored (such as volatility or deviation measures), risk tolerance often is communicated in terms of acceptable/unacceptable outcomes or as limited levels of risk. Risk tolerance statements identify the specific minimum and maximum levels beyond which the organization is unwilling to accept variations from the expected outcome.
Risk Transfer The risk response where you transfer the risk to a third party.

Research Contributors and Experts

LynnAnn Brewer
Director
McLean & Company

Sandi Conrad
Principal Research Director
Info-Tech Research Group

Valence Howden
Principal Research Director
Info-Tech Research Group

John Kemp
Executive Counsellor – Executive Services
Info-Tech Research Group

Brittany Lutes
Research Director
Info-Tech Research Group

Carlene McCubbin
Practice Lead – CIO Practice
Info-Tech Research Group

Frank Sargent
Senior Workshop Director
Info-Tech Research Group

Frank Sewell
Advisory Director
Info-Tech Research Group

Ida Siahaan
Research Director
Info-Tech Research Group

Steve Willis
Practice Lead – Data Practice
Info-Tech Research Group

Bibliography

Andrea Tang, “Privacy Risk Management”. ISACA Journal, June 2020, Accessed January 2023
Anthony Kruizinga, “Reshaping the risk taxonomy”. PwC, April 2021, Accessed January 2023
Auditboard, "The Essentials of Integrated Risk Management (IRM)", June 2022, Accessed January 2023
Brenda Boultwood, “How to Design an ERM-Friendly Risk Data Architecture”. Global Association of Risk Professionals, February 2020, Accessed January 2023
BSI Standards Publication, "Risk Management Guidelines", ISO 31000, 2018
Dan Swinhoe, "What is Physical Security, How to keep your facilities and devices safe from onsite attackers", August 2021, Accessed January 2023
Eloise Gratton, “Data governance and privacy risk in Canada: A checklist for boards and c-suite”. Borden Ladner Gervais, November 2022 , Accessed January 2023
European Union Agency for Cyber Security Glossary
European Banking Authority, "Guidelines on ICT Risk Assessment under the Supervisory Review and Evaluation process (SREP)", September 2017, Accessed February 2023
European Banking Authority, "Regulatory Framework for Mitigating Key Resilient Risks", Sept 2018, Accessed February 2023
EY, "Seeking stability within volatility: How interdependent risks put CROs at the heart of the banking business", 12th annual EY/IFF global bank risk management survey, 2022, Accessed February 2023
Financial Stability Board, "Cyber Lexicon", November 2018, Accessed February 2023
Financial Stability Board, "Principles for Effective Risk Appetite Framework", November 2013, Accessed January 2023
Forbes Technology Council, "14 Top Data Security Risks Every Business Should Address", January 2020, Accessed January 2023
Frank Martens, Dr. Larry Rittenberg, "COSO, Risk Appetite Critical for Success, Using Risk Appetite to Thrive in a Changing World", May 2020, Accessed January 2023
Gary Stoneurmer, Alice Goguen and Alexis Feringa, "NIST, Risk Management Guide for Information Technology Systems", Special Publication, 800-30, September 2012, Accessed February 2023
Guy Pearce, "Real-World Data Resilience Demands and Integrated Approach to AI, Data Governance and the Cloud", ISACA Journal, May 2022
InfoTech Tech Trends Report, 2023
ISACA, "Getting Started with Risk Scenarios", 2022, Accessed February 2023
James Kaplan, "Creating a technology risk and cyber risk appetite framework," McKinsey & Company, August 2022, Accessed February 2023
Jean-Gregorie Manoukian, Wolters Kluwer, "Risk appetite and risk tolerance: what’s the difference?", Sept 2016, Accessed February 2023
Jennifer Bayuk, “Technology’s Role in Enterprise Risk Management”, ISACA Journal, March 2018, Accessed in February 2023
John Thackeray, "Global Association of Risk Professionals, 7 Key Elements of Effective ERM", January 2020, Accessed January 2023
KPMG, "Regulatory rigor: Managing technology and cyber risk, How FRFI’s can achieve outcomes laid out in OSFI B-13", October 2022, Accessed January 2023
Marc Chiapolino et al, “Risk and resilience priorities, as told by chief risk officers”, McKinsey and Company, December 2022, Accessed January 2023
Mike Rost, Workiva, "5 Steps to Effective Strategic Management", Updated February 2023. Accessed February 2023
NIST, "Risk Management Framework for Information Systems and Organization, The System Life Cycle Approach for Security and Privacy," December 2018, Accessed February 2023
NIST, NISTIR, "Integrating CyberSecurity and Enterprise Risk", October 2020, Accessed February 2023
Oliver Wyman, "The ORX Reference Taxonomy for operational and non-financial risk summary report", 2019, Accessed February 2023.
Office of the Superintendent of Financial Institutions, "Operational Resilience Consultation Results Summary", December 2021, Accessed January 2023
Open Risk Manual, Risk Taxonomy Definitions
Ponemon. "Cost of a Data Breach Report 2021." IBM, July 2021. Web.
Protiviti, "Executive Perspectives on Top Risks, 2023 & 2032, Key Issues being discussed in the boardroom and c-suite", February 2023, Accessed February 2023
RIMS, ISACA, "Bridging the Digital Gap, How Collaboration Between IT and Risk Management can Enhance Value Creation", September 2019, Accessed February 2023
Robert, R. Moeller, "COSO, Enterprise Risk Management, Second Edition, 2011", Accessed February 2023
Robert Putrus, "Effective Reporting to the BoD on Critical Assets, Cyberthreats and Key Controls: The Qualitative and Quantitative Model", ISACA Journal, January 2021, Accessed January 2023
Ron Brash, "Prioritizing Asset Risk Management in ICS Security", August 2020, Accessed February 2023
Ronald Van Loon, "What is Data Culture and How to Implement it?", November 2023, Accessed February 2023
SAS, "From Crisis to Opportunity, Redefining Risk Management", 2021Accessed January 2023
Satori, Cloudian, "Data Protection and Privacy: 12 Ways to Protect User Data", Accessed January 2023
Spector Information Security, "Building your Asset and Risk Register to Manage Technology Risk", November 2021, Accessed January 2023
Talend, "What is data culture", Accessed February 2023
Tom Schneider, "Managing Cyber Security Risk as Enterprise Risk", ISACA Journal, September 2022, Accessed February 2023
Tony Martin –Vegue, "How to Write Strong Risk Scenarios and Statements", ISACA Journal, September 2021, Accessed February 2023
The Wall Street Journal, "Making Data Risk a Top Priority", April 2018, Accessed February 2023

Embed Business Relationship Management in IT

  • Buy Link or Shortcode: {j2store}270|cart{/j2store}
  • member rating overall impact (scale of 10): 8.8/10 Overall Impact
  • member rating average dollars saved: $21,960 Average $ Saved
  • member rating average days saved: 19 Average Days Saved
  • Parent Category Name: Manage Business Relationships
  • Parent Category Link: /manage-business-relationships
  • While organizations realize they need to improve business relationships, they often don’t know how.
  • IT doesn’t know what their business needs and so can’t add as much value as they’d like.
  • They find that their partners often reach out to third parties before they connect with internal IT.

Our Advice

Critical Insight

  • Business relationship management (BRM) is not just about communication, it’s about delivering on business value.
  • Build your BRM program on establishing trust.

Impact and Result

  • Drive business value into the organization via innovative technology solutions.
  • Improve ability to meet and exceed business goals and objectives, resulting in more satisfied stakeholders (C-suite, board of directors).
  • Enhance ability to execute business activities to meet end customer requirements and expectations, resulting in more satisfied customers.

Embed Business Relationship Management in IT Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Embed Business Relationship Management Deck – A step-by-step document that walks you through how to establish a practice with well-embedded business relationships, driving IT success.

This blueprint helps you to establish a relationship with your stakeholders, both within and outside of IT. You’ll learn how to embed relationship management throughout your organization.

  • Embed Business Relationship Management in IT – Phases 1-5

2. BRM Workbook Deck – A workbook for you to capture the results of your thinking on the BRM practice.

Use this tool to capture your findings as you work through the blueprint.

  • Embed Business Relationship Management in IT Workbook

3. BRM Buy-In and Communication Template – A template to help you communicate what BRM is to your organization, that leverages feedback from your business stakeholders and IT.

Customize this tool to obtain buy in from leadership and other stakeholders. As you continue through the blueprint, continue to leverage this template to communicate what your BRM program is about.

  • BRM Buy-In and Communication Template

4. BRM Role Expectations Worksheet – A tool to help you establish how the BRM role and/or other roles will be managing relationships.

This worksheet template is used to outline what the BRM practice will do and associate the expectations and tasks with the roles throughout your organization. Use this to communicate that while your BRM role has a strategic focus and perspective of the relationship, other roles will continue to be important for relationship management.

  • Role Expectations Worksheet

5. BRM Stakeholder Engagement Plan Worksheet – A tool to help you establish your stakeholders and your engagement with them.

This worksheet allows you to list the stakeholders and their priority in order to establish how you want to engage with them.

  • BRM Stakeholder Engagement Plan Worksheet

6. Business Relationship Manager Job Descriptions – These templates can be used as a guide for defining the BRM role.

These job descriptions will provide you with list of competencies and qualifications necessary for a BRM operating at different levels of maturity. Use this template as a guide, whether hiring internally or externally, for the BRM role.

  • Business Relationship Manager – Level 1
  • Business Relationship Manager – Level 2
  • Business Relationship Manager – Level 3
[infographic]

Workshop: Embed Business Relationship Management in IT

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Foundation: Assess and Situate

The Purpose

Set the foundation for your BRM practice – understand your current state and set the vision.

Key Benefits Achieved

An understanding of current pain points and benefits to be addressed through your BRM practice. Establish alignment on what your BRM practice is – use this to start obtaining buy-in from stakeholders.

Activities

1.1 Define BRM

1.2 Analyze Satisfaction

1.3 Assess SWOT

1.4 Create Vision

1.5 Create the BRM Mission

1.6 Establish Goals

Outputs

BRM definition

Identify areas to be addressed through the BRM practice

Shared vision, mission, and understanding of the goals for the brm practice

2 Plan

The Purpose

Determine where the BRM fits and how they will operate within the organization.

Key Benefits Achieved

Learn how the BRM practice can best act on your goals.

Activities

2.1 Establish Guiding Principles

2.2 Determine Where BRM Fits

2.3 Establish BRM Expectations

2.4 Identify Roles With BRM Responsibilities

2.5 Align Capabilities

Outputs

An understanding of where the BRM sits in the IT organization, how they align to their business partners, and other roles that support business relationships

3 Implement

The Purpose

Determine how to identify and work with key stakeholders.

Key Benefits Achieved

Determine ways to engage with stakeholders in ways that add value.

Activities

3.1 Brainstorm Sources of Business Value

3.2 Identify Key Influencers

3.3 Categorize the Stakeholders

3.4 Create the Prioritization Map

3.5 Create Your Engagement Plan

Outputs

Shared understanding of business value

A plan to engage with stakeholders

4 Reassess and Embed

The Purpose

Determine how to continuously improve the BRM practice.

Key Benefits Achieved

An ongoing plan for the BRM practice.

Activities

4.1 Create Metrics

4.2 Prioritize Your Projects

4.3 Create a Portfolio Investment Map

4.4 Establish Your Annual Plan

4.5 Build Your Transformation Roadmap

4.6 Create Your Communication Plan

Outputs

Measurements of success for the BRM practice

Prioritization of projects

BRM plan

Further reading

Embed Business Relationship Management in IT

Show that IT is worthy of Trusted Partner status.

Executive Brief

Analyst Perspective

Relationships are about trust.

As long as humans are involved in enabling technology, it will always remain important to ensure that business relationships support business needs. At the cornerstone of those relationships is trust and the establishment of business value. Without trust, you won’t be believed, and without value, you won’t be invited to the business table.

Business relationship management can be a role, a capability, or a practice – either way it’s essential to ensure it exists within your organization. Show that IT can be a trusted partner by showing the value that IT offers.

Photo of Allison Straker, Research Director, CIO Practice, Info-Tech Research Group.

Allison Straker
Research Director, CIO Practice
Info-Tech Research Group

Your challenge: Why focus on business relationship management?

Is IT saying this about business partners?

I don’t know what my business needs and so we can’t add as much value as we’d like.

My partners don’t give us the opportunity to provide new ideas to solve business problems

My partners listen to third parties before they listen to IT.

We’re too busy and don’t have the capacity to help my partners.

Three stamps with the words 'Value', 'Innovation', and 'Advocacy'. Are business partners saying this about IT?

IT does not create and deliver valuable services/solutions that resolve my business pain points.

IT does not come to me with innovative solutions to my business problems/challenges/issues.

IT blocks my efforts to drive the business forward using innovative technology solutions.

IT does not advocate for my needs with the decision makers in the organization.

Common obstacles

While organizations realize they need to do better, they often don’t know how to improve.

Organizations want to:
  • Understand and strategically align to business goals
  • Ensure stakeholders are satisfied
  • Show project value/success

… these are all things that a mature business relationship can do to improve your organization.

Key improvement areas identified by business leaders and IT leaders

Bar chart comparing 'CXO' and 'CIO' responses to multiple areas one whether they need significant improvement or only some improvement. Areas in question are 'Understand Business Goals', 'Define and align IT strategy', 'Measure stakeholder satisfaction with IT', and 'Measure IT project success'. Source: CEO/CIO Alignment Diagnostic, N=446 organizations.

Info-Tech’s approach

BRMs who focus on achieving business value can improve organizational results.

Visualization of a piggy bank labelled 'Business Value' with a person on a ladder labelled 'Strategic Tactical Operational' putting coins into the bank which are labelled 'External & internal views', 'Applied knowledge of the business', 'Strategic perspective', 'Trusted relationship', and 'Empathetic engagements “What’s in it for me/them?”'.

Business relationships can take a strategic, tactical, or operational perspective.

While all levels are needed, focus on a strategic perspective for optimal outcomes.

Create business value through:

  • Applying your knowledge of the business so that conversations aren’t about what IT provides. Focus on what the overall business requires.
  • Ensuring your knowledge includes what is going on internally at your organization and also what occurs externally within and outside the industry (e.g. vendors, technologies used in similar industries or with similar customer interactions).
  • Discussing with the perspective of “what’s in it for [insert business partner here]” – don’t just present IT’s views.
  • Building a trusted strategic relationship – don’t just do well at the basics but also focus on the strategy that can move the organization to where it needs to be.

Neither you nor your partners can view IT as separate from your overall business…

…your IT goals need to be aligned with those of the overall business

IT Maturity Pyramid with 'business goals' and 'IT goals' moving upward along its sides. It has five levels, 'unstable - Ad hoc – IT is too busy and the business is unsatisfied (too expensive, too long, not delivering on needs)', 'firefighter - Order taker – IT engaged on as-needed basis. IT unable to forecast demand to manage own resources', 'trusted operator - IT and business are not always sure of each other’s direction/priorities’, ‘business partner - IT understands and delivers on business needs', and 'innovator - Business and IT work together to achieve shared goals'.

IT and other lines of business need to partner together – they are all part of the same overall business.

Four puzzle pieces fitting together representing 'IT' and three other Lines of Business '(LOB)'

<

Why it’s important to establish a BRM program

IT Benefits

  • Provides IT with a view of the lines of business they empower
  • Allows IT to be more proactive in providing solutions that help business partner teams
  • Allows IT to better manage their workload, as new requests can be prioritized and understood

Business Benefits

  • Provides business teams with a view of the services that IT can help them with
  • Brings IT to the table with value-driven solutions
  • Creates an overall roadmap aligning both partners
Ladder labelled 'Strategic Tactical Operational'.
  • Drive business value into the organization via innovative technology solutions.
  • Improve ability to meet and exceed business goals and objectives, resulting in more satisfied stakeholders (C-suite, board of directors).
  • Enhance ability to execute business activities to meet end-customer requirements and expectations, resulting in more satisfied customers.

Increase your business benefits by moving up higher – from operational to tactical to strategic.

Piggy bank labelled 'Business Value'.

When IT understands the business, they provide better value

Understanding all parties – including the business needs and context – is critical to effective business relationships.

Establishing a focus on business relationship management is key to improving IT satisfaction.

When business partners are satisfied that IT understands their needs, they have a higher perception of the value of overall IT

Bar chart with axes 'Business satisfaction with IT understanding of needs' and 'Perception of IT value'. There is an upward trend.

The relationship between the perception of IT value and business satisfaction is strong (r=0.89). Can you afford not to increase your understanding of business needs?

(Source: Info-Tech Research Group diagnostic data/Business-Aligned IT Strategy blueprint (N=652 first-year organizations that completed the CIO Business Vision diagnostic))

A tale of two IT partners

Teleconference with an IT partner asking them to 'Tell me everything'.

One IT partner approached their business partner without sufficient background knowledge to provide insights.

The relationship was not strong and did not provide the business with the value they desired.

Research your business and be prepared to apply your knowledge to be a better partner.

Teleconference with an IT partner that approached with knowledge of your business and industry.

The other IT partner approached with knowledge of the business and external parties (vendors, competitors, industry).

The business partners received this positively. They invited the IT partners to meetings as they knew IT would bring value to their sessions.

BRM success is measurable Measuring tape.

1) Survey your stakeholders to measure improvements in customer satisfaction 2) Measure BRM success against the goals for the practice

Business satisfaction survey

  • Audience: Business leaders
  • Frequency: Annual
  • Metrics:
    • Overall Satisfaction score
    • Overall Value score
    • Relationship Satisfaction:
      • Understand needs
      • Meet needs
      • Communication
Two small tables showing example 'Value' and 'Satisfaction' scores. Dart board with five darts, each representing a goal, 'Demand Shaping', 'Value Realization', 'Servicing', 'Exploring', and 'Other Goal(s)'.
Table with a breakdown of the example 'Satisfaction' score, with individual scores for 'Needs', 'Execution', and 'Communication'.

Maturing your BRM practice is a journey

Info-Tech has developed an approach that can be used by any organization to improve or successfully implement BRM. The same ladder as before with words 'Strategic', 'Tactical', 'Operational', and a person climbing on it. Become a Trusted Partner and Advisor
KNOWLEDGE OF INDUSTRY

STRATEGIC

Value Creator and Innovator

Strategic view of IT and the business with knowledge of the market and trends; a connector driving value-added services.

KNOWLEDGE OF FUNCTIONS

TACTICAL

Influencer and Advocate

Two-way voice between IT and business, understanding business processes and activities including IT touchpoints and growing tactical and strategic view of services and value.

TABLE STAKES:
COMMUNICATION
SERVICE DELIVERY
PROJECT DELIVERY

OPERATIONAL

Deliver

Communication, service, and project delivery and fulfillment, initial engagement with and knowledge of the business.

Foundation: Define and communicate the meaning and vision of BRM

At each level, keep maturing your BRM practice

ITPartnerWhat to do to move to the next level

Strategic Partner

Shared goals for maximizing value and shared risk and reward

5

Strategic view of IT and the business with knowledge of the market and trends; a connector driving value-added services.

Value Creator and Innovator

See partners as integral to business success and growth

Focus on continuous learning and improvement.

Trusted Advisor

Cooperation based on mutual respect and understanding

4

Partners understand, work with, and help improve capabilities.

Influencer and Advocate

Sees IT as helpful and reliable

Strategic: IT needs to demonstrate and apply knowledge of business, industry, and external influences.

Service Provider

Routine – innovation is a challenge

3

Two-way voice between IT and business; understanding business processes and activities including IT touchpoints and growing tactical and strategic view of services and value.

Priorities set but still always falling behind.

Views IT as helpful but they don’t provide guidance

IT needs to excel in portfolio and transition management.

Business needs to engage IT in strategy.

Order Taker

Distrust, reactive

2

Focuses on communication, service, and project delivery and fulfillment, initial engagement with and knowledge of the business.

Delivery Service

Engages with IT on an as-needed basis

Improve Tactical: IT needs to demonstrate knowledge of the business they are in. IT to improve BRM and service management.

Business needs to embrace BRM role and service management.

Ad Hoc

Loudest in, first out

1

Too busy doing the basics; in firefighter mode.

Low satisfaction (cost, duration, quality)

Improve Operational Behavior: IT to show value with “table stakes” – communication, service delivery, project delivery.

IT needs to establish intake/demand management.


Business to embrace a new way of approaching their partnership with IT.

(Adapted from BRM Institute Maturity Model and Info-Tech’s own model)

The Info-Tech path to implement BRM

Use Info-Tech’s ASPIRe method to create a continuously improving BRM practice.

Info-Tech's ASPIRe method visualized as a winding path. It begins with 'Role Definition', goes through many 'Role Refinements' and ends with 'Metrics'. The main steps to which the acronym refers are 'Assess', 'Situate', 'Plan', 'Implement', and 'Reassess & Embed'.

Insight summary

BRM is not just about communication, it’s about delivering on business value.

Business relationship management isn’t just about having a pleasant relationship with stakeholders, nor is it about just delivering things they want. It’s about driving business value in everything that IT does and leveraging relationships with the business and IT, both within and outside your organization.

Understand your current state to determine the best direction forward.

Every organization will apply the BRM practice differently. Understand what’s needed within your organization to create the best fit.

BRM is not just a communication conduit between IT and the business.

When implemented properly, a BRM is a value creator, advocate, innovator, and influencer.

The BRM role must be designed to match the maturity level of the IT organization and the business.

Before you can create incremental business value, you must master the fundamentals of service and project delivery.

Info-Tech Insight

Knowledge of your current situation is only half the battle; knowledge of the business/industry is key.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

Guided Implementation

Workshop

Consulting

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Key deliverable:

Executive Buy-In and Communication Presentation Template

Explain the need for the BRM practice and obtain buy-in from leadership and staff across the organization.

Sample of Info-Tech's key deliverable, the Executive Buy-In and Communication Presentation Template.

BRM Workbook

Capture the thinking behind your organization’s BRM program.

Sample of Info-Tech's BRM Workbook deliverable.

BRM Stakeholder Engagement Plan Worksheet

Worksheet to capture how the BRM practice will engage with stakeholders across the organization.

Sample of Info-Tech's BRM Stakeholder Engagement Plan Worksheet deliverable.

BRM Role Expectations Worksheet

How business relationship management will be supported throughout the organization at a strategic, tactical, and operational level.

Sample of Info-Tech's BRM Role Expectations Worksheet deliverable.

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

What does a typical GI on this topic look like?

Phase 1

Phase 2

Phase 3

Phase 4

Phase 5

Call #1: Discuss goals, current state, and an overview of BRM.

Call #2: Examine business satisfaction and discuss results of SWOT.

Call #3: Establish BRM mission, vision, and goals. Call #4: Develop guiding principles.

Call #5: Establish the BRM operating model and role expectations.

Call #6: Establish business value. Discuss stakeholders and engagement planning. Call #7: Develop metrics. Discuss portfolio management.

Call #8: Develop a communication or rollout plan.

Workshop Overview

Complete the CIO-Business Vision diagnostic prior to the workshop.
Contact your account representative for more information.
workshops@infotech.com1-888-670-8889
Day 1 Day 2 Day 3 Day 4 Post-Workshop
Activities
Set the Foundation
Assess & Situate
Define the Operating Model
Plan
Define Engagement
Implement
Implement BRM
Reassess
Next steps and Wrap-Up (offsite)

1.1 Discuss rationale and importance of business relationship management

1.2 Review CIO BV results

1.3 Conduct SWOT analysis (analyze strengths, weaknesses, opportunities, and threats)

1.4 Establish BRM vision and mission

1.5 Define objectives and goals for maturing the practice

2.1 Create your list of guiding principles (optional)

2.2 Define business value

2.3. Establish the operating model for the BRM practice

2.4 Define capabilities

3.1. Identify key stakeholders

3.2 Map, prioritize, and categorize the stakeholders

3.4 Create an engagement plan

4,1 Define metrics

4.2 Identify remaining enablers/blockers for practice implementation

4.3 Create roadmap

4.4 Create communication plan

5.1 Complete in-progress deliverables from previous four days

5.2 Set up review time for workshop deliverables and to discuss next steps

Deliverables
  1. Summary of CIO Business Vision results
  2. Vision and list of objectives for the BRM program
  3. List of business and IT pain points
  1. BRM role descriptions, capabilities, and ownership definitions
  1. BRM reporting structure
  2. BRM engagement plans
  1. BRM communication plan
  2. BRM metrics tracking plan
  3. Action plan and next step
  1. Workshop Report

ASSESS

Assess

1.1 Define BRM

1.2 Analyze Satisfaction

1.3 Assess SWOT

Situate

2.1 Create Vision

2.2 Create the BRM Mission

2.3 Establish Goals

Plan

3.1 Establish Guiding Principles

3.2 Determine Where BRM Fits

3.3 Establish BRM Expectations

3.4 Identify Roles With BRM Responsibilities

3.5 Align Capabilities

Implement

4.1 Brainstorm Sources of Business Value

4.2 Identify Key Influencers

4.3 Categorize the Stakeholders

4.4 Create the Prioritization Map

4.5 Create Your Engagement Plan

Reassess & Embed

5.1 Create Metrics

5.2 Prioritize Your Projects

5.3 Create a Portfolio Investment Map

5.4 Establish Your Annual Plan

5.5 Build Your Transformation Roadmap

5.6 Create Your Communication Plan

To assess BRM, clarify what it means to you

Who are BRM relationships with? Octopus holding icons with labels 'Tech Partners', 'Lines of Business', and 'External Partners'. The BRM has multiple arms/legs to ensure they’re aligned with multiple parties – the partners within the lines of business, external partners, and technology partners.
What does a BRM do? Engage the right stakeholders – orchestrate key roles, resources, and capabilities to help stimulate, shape, and harvest business value.

Connect partners (IT and other business) with the resources needed.

Help stakeholders navigate the organization and find the best path to business value.

Three figures performing different actions, labelled 'orchestrate', 'connect', and 'navigate'.
What does a BRM focus on? Circle bisected at many random points to create areas of different colors with four color-coded circles surrounding it. Demand Shaping – Surfacing and shaping business demand
Value Harvesting – Identifying ways to increase business value and providing insights
Exploring – Rationalizing demand and reviewing new business, technology, and industry insights
Servicing – Managing expectations and facilitating business strategy; business capability road mapping

Determine what business relationship management is

Many organizations face business dissatisfaction because they do not understand what the role of a BRM should be.

A BRM Is NOT:
  • Order taker
  • Service desk
  • Project manager
  • Business analyst
  • Service delivery manager
  • Service owner
  • Change manager
A BRM Is:
  • Value creator
  • Innovator
  • Trusted advisor
  • Strategic partner
  • Influencer
  • Business subject matter expert
  • Advocate for the business
  • Champion for business process improvement
Business relationship management does not mean a go-between for the business and IT. Its focus should be on delivering VALUE and INNOVATIVE SOLUTIONS to the business.

1.1 What is BRM?

1 hour

Input: Your preliminary thoughts and ideas on BRM

Output: Themes summarizing what BRM will be at your organization

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. Each team member will take a colored sticky note to capture what BRM is and what it isn’t.
  2. As a group, review and discuss the sticky notes.
  3. Group them into themes summarizing what BRM will be at your organization.
  4. Leverage the workbook to brainstorm the definition of BRM at your organization.
  5. Create a refined summary statement and capture it in the Executive Buy-In and Communication Template.

Download the BRM Workbook

Download the Executive Buy-In and Communication Template

It’s important to understand what the business thinks; ask them the right questions

Leverage the CIO Business Vision Diagnostic to provide clarity on:
  • The organization’s view on satisfaction and importance of core IT services
  • Satisfaction across business priorities
  • IT’s capacity to meet business needs

Contact your Account Representative to get started

Sample of various scorecards from the CIO Business Vision Diagnostic.

1.2 Use their responses to help guide your BRM program

1 hour

Input: CIO-Business Vision Diagnostic, Other business feedback

Output: Summary of your partners’ view of the IT relationship

Materials: Whiteboard/flip charts (physical or electronic)

Participants: CIO, IT management team

  1. Complete the CIO Business Vision diagnostic.
  2. Analyze the findings from the Business Vision diagnostic or other business relationship and satisfaction surveys. Key areas to look at include:
    • Overall IT Satisfaction
    • IT Value
    • Relationship (Understands Needs, Communicates Effectively, Executes Requests, Trains Effectively)
    • Shadow IT
    • Capacity Needs
    • Business Objectives
  3. Capture the following on your analysis:
    • Success stories – what your business partners are satisfied with
    • Challenges – are the responses consistent across departments?
  4. Leverage the workbook to capture your findings the goals. Key highlights should be documented in the Executive Buy-In and Communication Template.

Use the BRM Workbook to capture ideas

Polish the goals in the Executive Buy-In and Communication Template

Perform a SWOT analysis to explore internal and external business factors

A SWOT analysis is a structured planning method organizations use to evaluate the effects of internal strengths and weaknesses and external opportunities and threats on a project or business venture.

Why It Is Important

  • Business SWOT reveals internal and external trends that affect the business. You may uncover relevant information about the business that the other analysis methods did not reveal.
  • The organizational strengths or weaknesses will shed some light on implications that you might not have considered otherwise, such as brand perception or internal staff capability to change.

Key Tips/Information

  • Although this activity is simple in theory, there is much value to be gained when performed effectively.
  • Focus on weaknesses that can cause a competitive disadvantage and strengths that can cause a competitive advantage.
  • Rank your opportunities and threats based on impact and probability.
  • Info-Tech members who have derived the most insights from a business SWOT analysis usually involved business stakeholders in the analysis.

SWOT diagram split into four quadrants representing 'Strengths' at top left, 'Opportunities' at bottom left, 'Weaknesses' at top right, and 'Threats' at bottom right.

Review these questions to help you conduct your SWOT analysis on the business

Strengths (Internal)
  • What competitive advantage does your organization have?
  • What do you do better than anyone else?
  • What makes you unique (human resources, product offering, experience, etc.)?
  • Do you have location, price, cost, or quality advantages?
  • Does your organizational culture offer an advantage (hiring the best people, etc.)?
  • Do you have a high level of customer engagement or satisfaction?
Weaknesses (Internal)
  • What areas of your business require improvement?
  • Are there gaps in capabilities?
  • Do you have financial vulnerabilities?
  • Are there leadership gaps (succession, poor management, etc.)?
  • Are there reputational issues?
  • Are there factors contributing to declining sales?
Opportunities (External)
  • Are there market developments or new markets?
  • Are there industry or lifestyle trends (move to mobile, etc.)?
  • Are there geographical changes in the market?
  • Are there new partnerships or mergers and acquisitions (M&A) opportunities?
  • Are there seasonal factors that can be used to the advantage of the business?
  • Are there demographic changes that can be used to the advantage of the business?
Threats (External)
  • Are there obstacles that the organization must face?
  • Are there issues with respect to sourcing of staff or technologies?
  • Are there changes in market demand?
  • Are your competitors making changes that you are not making?
  • Are there economic issues that could affect your business?

1.3 Analyze internal and external business factors using a SWOT analysis

1 hour

Input: IT and business stakeholder expertise

Output: Analysis of internal and external factors impacting the IT organization

Materials: Whiteboard/flip charts (physical or electronic)

Participants: CIO, IT management team

  1. Break the group into two teams:
    • Assign team A internal strengths and weaknesses.
    • Assign team B external opportunities and threats.
  2. Think about strengths, weaknesses, opportunities, and threats as they pertain to the IT-business relationship. Consider people, process, and technology elements.
  3. Have the teams brainstorm items that fit in their assigned grids. Use the prompt questions on the previous slide as guidance.
  4. Pick someone from each group to fill in the SWOT grid.
  5. Conduct a group discussion about the items on the list; identify implications for the BRM/IT.

Capture in the BRM Workbook

SITUATE

Assess

1.1 Define BRM

1.2 Analyze Satisfaction

1.3 Assess SWOT

Situate

2.1 Create Vision

2.2 Create the BRM Mission

2.3 Establish Goals

Plan

3.1 Establish Guiding Principles

3.2 Determine Where BRM Fits

3.3 Establish BRM Expectations

3.4 Identify Roles With BRM Responsibilities

3.5 Align Capabilities

Implement

4.1 Brainstorm Sources of Business Value

4.2 Identify Key Influencers

4.3 Categorize the Stakeholders

4.4 Create the Prioritization Map

4.5 Create Your Engagement Plan

Reassess & Embed

5.1 Create Metrics

5.2 Prioritize Your Projects

5.3 Create a Portfolio Investment Map

5.4 Establish Your Annual Plan

5.5 Build Your Transformation Roadmap

5.6 Create Your Communication Plan

Your strategy informs your BRM program

Your strategy is a critical input into your program. Extract critical components of your strategy and convert them into a set of actionable principles that will guide the selection of your operating model.

Sample of Info-Tech's 'Build a Business-Aligned IT Strategy' blueprint.

Vision, Mission & Principles Chevron pointing right.
  • Leverage your vision and mission statements that communicate aspirations and purpose for key information that can be turned into design principles.
Business Goal Implications Chevron pointing right.
  • Implications are derived from your business goals and will provide important context about the way BRM needs to change to meet its overarching objectives.
  • Understand how those implications will change the way that work needs to be done – new capabilities, new roles, new modes of delivery, etc.
Target-State Maturity Chevron pointing right.
  • Determine your target-state relationship maturity for your organization using the BRM goals that have been uncovered.

Outline your mission and vision for your BRM practice

If you don’t know where you’re trying to go, how do you know if you’ve arrived?

Establish the vision of what your BRM practice will achieve.

Your vision will paint a picture for your stakeholders, letting them know where you want to go with your BRM practice.

Stock image of a hand painting on a large canvas.

The vision will also help motivate and inspire your team members so they understand how they contribute to the organization.

Your strategy must align with and support your organization’s strategy.

Good Visions
  • Attainable – Aspirational but still within reach
  • Communicable – Easy to comprehend
  • Memorable – Not easily forgotten
  • Practical – Solid, realistic
  • Shared – Create a culture of shared ownership across the team/company
When Visions Fail
  • Not Shared: Lack of buy-in, no alignment with stakeholders
  • Impractical: No plan or strategy to deliver on the vision
  • Unattainable: Set too far in the future
  • Forgettable: Not championed, not kept in mind
(Source: UX Magazine, 2011)

Derive the BRM vision statement

Stock image of an easel with a bundle of paint brushes beside it. Begin the process of deriving the business relationship management vision statement by examining your business and user concerns. These are the problems your organization is trying to solve.
Icon of one person asking another a question.
Problem Statements
First, ask what problems your organization hopes to solve.
Icon of a magnifying glass on a box.
Analysis
Second, ask what success would look like when those problems were solved.
Icon of two photos in quotes.
Vision Statement
Third, polish the answer into a short but meaningful phrase.

Paint the picture for your team and stakeholders so that they align on what BRM will achieve.

Vision statements demonstrate what your practice “aspires to be”

Your vision statement communicates a desired future state of the BRM organization. The statement is expressed in the present tense. It seeks to articulate the desired role of business relationship management and how it will be perceived.

Sample vision statements:

  • To be a trusted advisor and partner in enabling business innovation and growth through an engaged design practice.
  • The group will strive to become a world-class value center that is a catalyst for innovation.
  • Apple: “We believe that we are on the face of the earth to make great products and that’s not changing.” (Mission Statement Academy, May 2019.)
  • Coca-Cola: “To refresh the world in mind, body, and spirit, to inspire moments of optimism and happiness through our brands and actions, and to create value and make a difference.” (Mission Statement Academy, August 2019.)

2.1 Vision generation

1 hour

Input: IT and business strategies

Output: Vision statement

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. Review the goals and the sample vision statements provided on the previous slide.
  2. Brainstorm possible vision statements that can apply to your practice. Refer to the guidance provided on the previous page – ensure that it paints a picture for the reader to show the desired target state.
  3. Leverage the workbook to brainstorm the vision. Capture the refined statement in the Executive Buy-In and Communication Template.
Strong vision statements have the following characteristics
  • Describe a desired future
  • Focus on ends, not means
  • Communicate promise
  • Concise, no unnecessary words
  • Compelling
  • Achievable
  • Inspirational
  • Memorable

Use the BRM Workbook to capture ideas

Polish the goals in the Executive Buy-In and Communication Template

Create the mission statement from the problems and the vision statement

Your mission demonstrates your current intent and the purpose driving you to achieve your vision.

It reflects what the organization does for users/customers.

The main word 'Analysis' is sandwiched between 'Goals and Problems' and 'Vision Statement', each with arrow pointing to the middle. Make sure the practice’s mission statement reflects answers to the questions below:

The questions:

  • What does the organization do?
  • How does the organization do it?
  • For whom does the organization do it?
  • What value is the organization bringing?

“A mission statement illustrates the purpose of the organization, what it does, and what it intends on achieving. Its main function is to provide direction to the organization and highlight what it needs to do to achieve its vision.” (Joel Klein, BizTank (in Hull, “Answer 4 questions to get a great mission statement.”))

Sample mission statements

To enhance the lives of our end users through our products so that our brand becomes synonymous with user-centricity.

To enable innovative services that are seamless and enjoyable to our customers so that together we can inspire change.

Apple’s mission statement: “To bring the best user experience to its customers through its innovative hardware, software, and services.” (Mission Statement Academy, May 2019.)

Coca Cola’s mission statement: “To refresh the world in mind, body, and spirit, to inspire moments of optimism and happiness through our brands and actions, and to create value and make a difference.” (Mission Statement Academy, August 2019.)

Tip: Using the “To … so that” format helps to keep your mission focused on the “why.”

2.2 Develop your own mission statement

1 hour

Input: IT and business strategies, Vision

Output: Mission statement

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. Review the goals and the vision statement generated in the previous activities.
  2. Brainstorm possible mission statements that can apply to your BRM practice. Capture this in your BRM workbook.
  3. Refine your mission statement. Refer to the guidance provided on the previous page – ensure that the mission provides “the why”. Document the refined mission statement in the Executive Buy-In and Communication Template.

“People don't buy what you do; they buy why you do it and what you do simply proves what you believe.” (Sinek, Transcript of “How Great Leaders Inspire Action.”)

Download the BRM Workbook

Download the Executive Buy-In and Communication Template

Areas that BRMs focus on include:

Establish how much of these your practice will focus on.

VALUE HARVESTING
  • Tracks and reviews performance
  • Identifies ways to increase business value
  • Provides insights on the results of business change/initiatives
Circle bisected at many random points to create areas of different colors with four color-coded circles surrounding it. DEMAND SHAPING
  • Isn’t just demand/intake management
  • Surfaces and shapes business demand
  • Is influenced by knowledge of the overall business and external entities
SERVICING
  • Coordinates resources
  • Manages expectations
  • Facilitates business strategy, business capability road-mapping, and portfolio and program management
EXPLORING
  • Identifies and rationalizes demand
  • Reviews new business, technology, and industry insights
  • Identifies business value initiatives

Establish what success means for your focus areas

Brainstorm objectives and success areas for your BRM practice.

Circle bisected at many random points to create areas of different colors with four color-coded circles surrounding it. VALUE HARVESTING
Success may mean that you:
  • Understand the drivers and what the business needs to attain
  • Demonstrate focus on value in discussions
  • Ensure value is achieved, tracking it during and beyond deployment
DEMAND SHAPING
Success may mean that you:
  • Understand the business
  • Are engaged at business meetings (invited to the table)
  • Understand IT; communicate clarity around IT to the business
  • Help IT prioritize needs
SERVICING
Success may mean that you:
  • Understand IT services and service levels that are required
  • Provide clarity around services and communicate costs and risks
EXPLORING
Success may mean that you:
  • Surface new opportunities based on understanding of pain points and growth needs
  • Research and partner with others to further the business
  • Engage resources with a focus on the value to be delivered

2.3 Establish BRM goals

1 hour

Input: Mission and vision statements

Output: List of goals

Materials: Whiteboard/flip charts (physical or electronic)

Participants: CIO, IT management team, BRM team

  1. Use the previous slides as a starting point – review the focus areas and sample associated objectives.
  2. Determine if all apply to your role.
  3. Brainstorm the objectives for your BRM practice.
  4. Discuss and refine the objectives and goals until the team agrees on your starting set.
  5. Leverage the workbook to establish the goals. Capture refined goals in the Executive Buy-In and Communication Template.

Download the BRM Workbook

Download the Executive Buy-In and Communication Template

PLAN

Assess

1.1 Define BRM

1.2 Analyze Satisfaction

1.3 Assess SWOT

Situate

2.1 Create Vision

2.2 Create the BRM Mission

2.3 Establish Goals

Plan

3.1 Establish Guiding Principles

3.2 Determine Where BRM Fits

3.3 Establish BRM Expectations

3.4 Identify Roles With BRM Responsibilities

3.5 Align Capabilities

Implement

4.1 Brainstorm Sources of Business Value

4.2 Identify Key Influencers

4.3 Categorize the Stakeholders

4.4 Create the Prioritization Map

4.5 Create Your Engagement Plan

Reassess & Embed

5.1 Create Metrics

5.2 Prioritize Your Projects

5.3 Create a Portfolio Investment Map

5.4 Establish Your Annual Plan

5.5 Build Your Transformation Roadmap

5.6 Create Your Communication Plan

Guiding principles help you focus the development of your practice

Your guiding principles should define a set of loose rules that can be used to design your BRM practice to the specific needs of the organization and work that needs to be done.

These rules will guide you through the establishment of your BRM practice and help you explain to your stakeholders the rationale behind organizing in a specific way.

Sample Guiding Principles

Principle Name

Principle Statement

Customer Focus We will prioritize internal and external customer perspectives
External Trends We will monitor and liaise with external organizations to bring best practices and learnings into our own
Organizational Span We embed relationship management across all levels of leadership in IT
Role If the resource does not have a seat at the table, they are not performing the BRM role

3.1 Establish guiding principles (optional activity)

Input: Mission and vision statements

Output: BRM guiding principles

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. Think about strengths, weaknesses, opportunities, and threats as well as the overarching goals, mission, and vision.
  2. Identify a set of principles that the BRM practice should have. Guiding principles are shared, long-lasting beliefs that guide the use of business relationship management in your organization.

Download the BRM Workbook

Download the Executive Buy-In and Communication Template

Establish the BRM partner model and alignment

Having the right model and support is just as important as having the right people.

Gears with different BRM model terms: 'BRM Capabilities', 'BRM & Other Roles', 'Scope (pilot)', 'Operating Unit', 'BRM Expectations Across the organization', and 'Delivery & Support'.

Don’t boil the ocean: Start small

It may be useful to pilot the BRM practice with a small group within the organization – this gives you the opportunity to learn from the pilot and share best practices as you expand your BRM practice.

You can leverage the pilot business unit’s feedback to help obtain buy-in from additional groups.

Evaluate the approaches for your pilot:
Work With an Engaged Business Unit
Icon of a magnifying glass over a group of people.

This approach can allow you to find a champion group and establish quick wins.

Target Underperforming Area(s)
Icon of an ambulance.

This approach can allow you to establish significant wins, providing new opportunities for value.

Target the Area(s) Driving the Most Business Value
Icon of an arrow in a bullseye.

Provide the largest positive impact on your portfolio’s ability to drive business value; for large strategic or transformative goals.

Work Across a Single Business Process
Icon of a process tree.

This approach addresses a single business process or operation that exists across business units, departments, or locations. This, again, will allow you to limit the number of stakeholders.

Leverage BRM goals to determine where the role fits within the organization

Organization tree with a strategic BRM.

Strategic BRMs are considered IT leaders, often reporting to the CIO.


Organization tree with an operational BRM.

In product-aligned organizations, the product owners will own the strategic business relationship from a product perspective (often across LOB), while BRMs will own the strategic role for the line(s) of businesses (often across products) that they hold a relationship with. The BRM role may be played by a product family leader.


Organization tree with a BRM in a product-aligned organization.

BRMs may take on a more operational function when they are embedded within another group, such as the PMO. This manifests in:

  • Accountability for projects and programs
  • BRM conversations around projects and programs rather than overall needs
  • Often, there is less focus on stimulating need, more about managing demand
  • This structure may be useful for smaller organizations or where organizations are piloting the relationship capability

Use the IT structure and the business structure to determine how to align BRM and business partners. Many organizations ensure that each LOB has a designated BRM, but each BRM may work with multiple LOBs. Ensure your alignment provides an even and manageable distribution of work.

Don’t be intimidated by those who play a significant role in relationship management

Layers representing the BRM, BA, and Product Owner. Business Relationship Manager: Portfolio View
  • Ongoing with broader organization-wide objectives
  • A BRM’s strategic perspective is focused across projects and products
The BRM will look holistically across a portfolio, rather than on specific projects or products. Their focus is ensuring value is delivered that impacts the overall organization. Multiple BRMs may be responsible for lines of businesses and ensure that products and project enable LOBs effectively.
Business Analyst: Product or Project View
  • Works within a project or product
  • Accomplishes specific objectives within the project/product
The BA tends to be involved in project work – to that end, they are often brought in a bit before a project begins to better understand the context. They also often remain after the project is complete to ensure project value is delivered. However, their main focus is on delivering the objectives within the project.
Product Owner: Product View
  • Ongoing and strategic view of entire product, with product-specific objectives
The Product Owner bridges the gap between the business and delivery to ensure their product continuously delivers value. Their focus is on the product.

3.2 Establish the BRM’s place in the organizational structure

Input: BRM goals, IT organizational structure, Business organizational structure

Output: BRM operating model

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. Review the current organizational structure – both IT and overall business.
  2. Think about the maturity of the IT organization and what you and your partners will be able to support at this stage in the relationship or journey. Establish whether it is necessary to start with a pilot.
  3. Consider the reporting relationship that is required to support the desired maturity of your practice – who will your BRM function report into?
  4. Consider the distribution of work from your business partners. Establish which BRM is responsible for which partners.
  5. Document where the BRM fits in the organization in the Executive Buy-In and Communication Template.

Download the BRM Workbook

Download the Executive Buy-In and Communication Template

Align your titles to your business partners and ensure it demonstrates your strategic goals

Some titles that may reflect alignment with your partners:
  • Business Capability Manager
  • Business Information Officer
  • Business Relationship Manager
  • Director, Technology Partner
  • IT Business Relationship Manager
  • People Relationship Manager
  • Relationship and Strategy Officer
  • Strategic Partnership Director
  • Technology Partner/People Partner/Finance Partner/etc.
  • Value Management Officer

Support BRM team members might have “analyst” or “coordinator” as part of their titles.

Caution when using these titles:
  • Account Manager (do you see your stakeholders as accounts or as partners?)
  • Customer Relationship Manager (do you see your stakeholders as customers or as partners?)
  • People Partner (differentiate your role from HR)

Determine the expectations for your BRM role(s)

Below are standard expectations from BRM job descriptions. Establish whether there are changes required for your organization.

Act as a Relationship Manager
  • Build strong, collaborative relationships with business clients
  • Build strong, collaborative relationships with IT service owners
  • Track client satisfaction with services provided
  • Continuously improve, based on feedback from clients
Communicate With Business Stakeholders
  • Ensure that effective communication occurs related to service delivery and project delivery (e.g. planned downtime, changes, open tickets)
  • Manage expectations of multiple business stakeholders
  • Provide a clear point of contact within IT for each business stakeholder
  • Act as a bridge between IT and the business
Service Delivery

Service delivery breaks out into three activities: service status, changes, and service desk tickets

  • Understand at a high level the services and technologies in use
  • Work with clients to plan and make sure they understand the relevance and impact of IT changes to their operations
  • Define, agree to, and report on key service metrics
  • Act as an escalation point for major issues with any aspect of service delivery
  • Work with service owners to develop and monitor service improvement plans
Project/Product Delivery
  • Ensure that the project teams provide regular reports regarding project status, issues, and changes
  • Work with project managers and clients to ensure project requirements are well understood and documented and approved by all stakeholders
  • Ensure that the project teams provide key project metrics on a regular basis to all relevant stakeholders

Determine role expectations (slide 2 of 3)

Knowledge of the Business

Understand the main business activities for each department:

  • Understand which IT services are required to complete each business activity
  • Understand business processes and associated business activities for each user group within a department
Advocate for Your Business Clients
  • Act as an advocate for the client – be invested in client success
  • Understand the strategies and plans of the clients and help develop an IT strategic plan/roadmap that maps to business strategies
  • Help the business understand project governance processes
  • Help clients to develop proposals and advance them through the project intake and assessment process
Influence Business and IT Stakeholders
  • Influence business and IT stakeholders at multiple levels of the organization to help clients achieve their business objectives
  • Leverage existing relationships to convince decision makers to move forward with business and IT initiatives that will benefit the department and the organization as a whole
  • Understand and solve issues and challenges such as differing agendas, political considerations, and resistance to change
Knowledge of the Market
  • Understand the industry – trends, competition, future direction
  • Leverage what others are doing to bring innovative ideas to the organization
  • Understand what end customers expect with regards to IT services and bring this intelligence to business leaders and decision makers

Determine role expectations (slide 3 of 3)

Value Creator
  • Understand how services currently offered by IT can be put to best use and create value for the business
  • Work collaboratively with clients to define and prioritize technology initiatives (new or enhanced services) that will bring the most business benefit
  • Lead initiatives that help the business achieve or exceed business goals and objectives
  • Lead initiatives that create business value (increased revenue, lower costs, increased efficiency) for the organization
Innovator
  • Lead initiatives that result in new and better ways of doing business
  • Identify opportunities for using IT in new and innovative ways to bring value to the business and drive the business forward
  • Leverage knowledge of the business, knowledge of the industry, and knowledge of leading-edge technological solutions to transform the way the business operates and provides services to its customers

3.3 Establish BRM expectations

Input: BRM goals

Output: BRM expectations

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. Review the BRM expectations on the previous slides.
  2. Customize them – are they the appropriate set of expectations needed for your organization? What needs to be edited in or out?
  3. Add relevant expectations – what are the things that need to be done in the BRM practice at your organization?
  4. Leverage the workbook to brainstorm BRM expectations. Make sure you update them in the BRM Role Expectation Spreadsheet.

Download the BRM Workbook

Download the Executive Buy-In and Communication Template

Various roles and levels within your organization may have a part of the BRM pie

Where the BRM sits will impact what they are able to get done.

The BRM role is a strategic one, but other roles in the organization have a part to play in impacting IT-partner relationship.

Some roles may have a more strategic focus, while others may have a more tactical or operational focus.

3.4 Identify roles with BRM responsibilities

Input: BRM goals

Output: BRM-aligned roles

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. Various roles can play a part in the BRM practice, managing business relationships. Which ones make sense in your organization, given the BRM goals?
  2. Identify the roles and capture in the BRM Role Expectation Spreadsheet. Use the Role Expectation Alignment tab, row 1.


Download the Role Expectations Worksheet

Determine the focus for each role that may manage business relationships

Icon of a telescope. STRATEGIC Sets Direction: Focus of the activities is at the holistic, enterprise business level “relating to the identification of long-term or overall aims and interests and the means of achieving them” e.g. builds overarching relationships to enable and support the organization’s strategy; has strategic conversations
Icon of a house in a location marker. TACTICAL Figures Out the How: Focuses on the tactics required to achieve the strategic focus “skillful in devising means to ends” e.g. builds relationships specific to tactics (projects, products, etc.)
Icon of a gear cog with a checkmark. OPERATIONAL Executes on the Direction: Day-to-day operations; how things get done “relating to the routine functioning and activities of a business or organization” e.g. builds and leverages relationships to accomplish specific goals (within a project or product)

3.5 Align BRM capabilities to roles

Input: Current-state model, Business value matrix, Objectives and goals

Output: BRM-aligned roles

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. Review each group of role expectations – Act as a Relationship Manager, Communicate with Business Stakeholders, etc. For each group, determine the focus each role can apply to it – strategic, tactical, or operational. Refer to the previous slide for examples.
  2. Capture on the spreadsheet:
    • S – This role is required to have a strategic view of the capabilities. They are accountable and set direction for this aspect of relationship management.
    • T – Indicate if the role is required to have a tactical view of the capabilities. This would include whether the role is required to figure out how the capabilities will be done; for example, is the role responsible for carrying out service management or are they just involved to ensure that that set of expectations are being performed?
    • O – Indicate if the role will have an operational view – are they the ones responsible for doing the work?
    • Note: In some organizations, a role may have more than one of these.
  3. The spreadsheet will highlight the cells in green if the role plays more of the strategic role, yellow for tactical, and brown for operational. This provides an overall visual of each role’s part in relationship management.
  4. (Optional) Review each detailed expectation within the group. Evaluate whether specific roles will have a different focus on the unique role expectations.

Leverage the Role Expectations Worksheet

Sample role expectation alignment

Sample of a role expectation alignment table with expectation names and descriptions on the left and a matrix of which roles should have a Strategic (S), Tactical (T), or Operational (O) view of the capabilities.

IMPLEMENT

Assess

1.1 Define BRM

1.2 Analyze Satisfaction

1.3 Assess SWOT

Situate

2.1 Create Vision

2.2 Create the BRM Mission

2.3 Establish Goals

Plan

3.1 Establish Guiding Principles

3.2 Determine Where BRM Fits

3.3 Establish BRM Expectations

3.4 Identify Roles With BRM Responsibilities

3.5 Align Capabilities

Implement

4.1 Brainstorm Sources of Business Value

4.2 Identify Key Influencers

4.3 Categorize the Stakeholders

4.4 Create the Prioritization Map

4.5 Create Your Engagement Plan

Reassess & Embed

5.1 Create Metrics

5.2 Prioritize Your Projects

5.3 Create a Portfolio Investment Map

5.4 Establish Your Annual Plan

5.5 Build Your Transformation Roadmap

5.6 Create Your Communication Plan

Speak the same language as your partners: Business Value

Business value represents the desired outcome from achieving business priorities.

Value is not only about revenue or reduced expenses. Use this internal-external and capability-financial business value matrix to more holistically consider what is valuable to stakeholders.

Improved Capabilities
Enhance Services
Products and services that enable business capabilities and improve an organization’s ability to perform its internal operations.
Increase Customer Satisfaction
Products and services that enable and improve the interaction with customers or produce practical market information and insights.
Inward Outward
Save Money
Products and services that reduce overhead. They typically are less related to broad strategic vision or goals and more simply limit expenses that would occur had the product or service not put in place.
Make money
(Return on Investment)
Products and services that are specifically related to the impact on an organization’s ability to create a return on investment.
Financial Benefits

Business Value Matrix Axes:

Financial Benefits vs. Improved Capabilities
  • Improved capabilities refers to the enhancement of business capabilities and skill sets.
  • Financial Benefits refers to the degree in which the value source can be measured through monetary metrics and is often highly tangible.
Inward vs. Outward Orientation
  • Inward refers to value sources that have an internal impact an organization’s effectiveness and efficiency in performing its operations.
  • Outward refers to value sources that come from interactions with external factors, such as the market or your customers.

4.1 Activity: Brainstorm sources of business value

Input: Product and service knowledge, Business process knowledge

Output: Understanding of different sources of business value

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. Identify your key stakeholders. These individuals are the critical business strategic partners in the organization’s governing bodies.
  2. Brainstorm the different types of business value that the BRM practice can produce.
  3. Is the item more focused on improving capabilities or generating financial benefits?
  4. Is the item focused on the customers you serve or the IT team?
  5. Enter your value item into a cell on the Business Value Matrix based on where it falls on these axes.
  6. Start to think about metrics you can use to measure how effective the product or service is at generating the value source.
Simplified version of the Business Value Matrix on the previous slide.

Use the BRM Workbook to capture sources of business value

Brainstorm the different sources of business value (continued)

See appendix for more information on value drivers:
Example:
Enhance Services
  • Dashboards/IT Situational Awareness
  • Improve measurement of services for data-driven analytics that can improve services
  • Collaborate to support Enterprise Architecture
  • Approval for and support of new applications per customer demand
  • Provide consultation for IT issues
Axis arrow with 'Improved Capabilities'.
Axis arrow with 'Financial Benefits'.
Reach Customers
  • Provide technology roadmaps for IT services and devices
  • Improved "PR" presence: websites, service catalog, etc.
  • Enhance customer experience
  • Faster Time-to-market delivering innovative technologies and current services
Axis arrow with 'Inward'.Axis arrow with 'Outward'.
Reduce Costs
  • Achieve better pricing through enterprise agreements for IT services that are duplicated across several orgs
  • Prioritization/ development of roadmap
  • Portfolio management / reduce duplication of services
  • Evolve resourcing strategies to integrate teams (e.g. do more with less)
Return on Investment
  • Customer -focused dashboards
  • Encourage use of centralized services through external collaboration capabilities that fit multiple use cases
  • Devise strategies for measured/supported migration from older IT systems/software

Implications of ineffective stakeholder management

A stakeholder is any group or individual who is impacted by (or impacts) your objectives.

Challenges with stakeholder management can result from a self-focused point of view. Avoid these challenges by taking on the other’s perspectives – what’s in it for them.

The key objectives of stakeholder management are to improve outcomes, increase confidence, and enhance trust in IT.

  • Obtain commitment of executive management for IT-related objectives.
  • Enhance alignment between IT and the business.
  • Improve understanding of business requirements.
  • Improve implementation of technology to support business processes.
  • Enhance transparency of IT costs, risks, and benefits.

Challenges

  • Stakeholders are missed or new stakeholders are identified too late.
  • IT has a tendency to only look for direct stakeholders. Indirect and hidden stakeholders are not considered.
  • Stakeholders may have conflicting priorities, different visions, and different needs. Keeping every stakeholder happy is impossible.
  • IT has a lack of business understanding and uses jargon and technical language that is not understood by stakeholders.

Implications

  • Unanticipated stakeholders and negative changes in stakeholder sentiment can derail initiatives.
  • Direct stakeholders are identified, but unidentified indirect or hidden stakeholders cause a major impact to the initiative.
  • The CIO attempts to trade off competing agendas and ends up caught in the middle and pleasing no one.
  • There is a failure in understanding and communications, leading stakeholders to become disenchanted with IT.

Cheat Sheet: Identify stakeholders

Ask stakeholders “who else should I be talking to?” to discover additional stakeholders and ensure you don’t miss anyone.

List the people who are identified through the following questions: Take a 360-degree view of potential internal and external stakeholders who might be impacted by the initiative.
  • Who will be adversely affected by potential environmental and social impacts in areas of influence that are affected by what you are doing?
  • At which stage will stakeholders be most affected (e.g. procurement, implementation, operations, decommissioning)?
  • Will other stakeholders emerge as the phases are started and completed?
  • Who is sponsoring the initiative?
  • Who benefits from the initiative?
  • Who loses from the initiative?
  • Who can make approvals?
  • Who controls resources?
  • Who has specialist skills?
  • Who implements the changes?
  • Who are the owners, governors, customers, and suppliers to impacted capabilities or functions?

Executives

Peers

Direct reports

Partners

Customers

Stock image of a world.

Subcontractors

Suppliers

Contractors

Lobby groups

Regulatory agencies

Establish your stakeholder network “map”

Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

Your stakeholder map defines the influence landscape your BRM team operates in. It is every bit as important as the teams who enhance, support, and operate your products directly.

Notes on the network map

  • Pay special attention to influencers who have many arrows; they are called “connectors,” and due to their diverse reach of influence, should themselves be treated as significant stakeholders.
  • Don’t forget to consider the through-lines from one influencer through intermediate stakeholders or influencers to the final stakeholder – a single influencer may have additional influence via multiple, possibly indirect paths to a single stakeholder.

Legend for the example stakeholder network map below. 'Black arrows indicate the direction of professional influence'. 'Dashed green arrows indicate bidirectional, informal influence relationships'

Example stakeholder network map visualizing relationships between different stakeholders.

4.2 Visualize interrelationships among stakeholders to identify key influencers

Input: List of stakeholders

Output: Relationships among stakeholders and influencers

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. List direct stakeholders for your area. Ensure it includes stakeholders across the organization (both IT and business units).
  2. Determine the stakeholders of your stakeholders. Consider adding each of them to the stakeholder list: assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
  3. Create a stakeholder network map to visualize relationships.
    • (Optional) Use black arrows to indicate the direction of professional influence.
    • (Optional) Use dashed green arrows to indicate bidirectional, informal influence relationships.
  4. Capture the list or diagram of your stakeholders in your workbook.

Use the BRM Workbook to capture stakeholders

Categorize your stakeholders with a stakeholder prioritization map

A stakeholder prioritization map help teams categorize their stakeholders by their level or influence and ownership.

There are four areas in the map and the stakeholders within each area should be treated differently.

  • Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical and a lack of support can cause significant impediment to the objectives.
  • Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.
  • Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.
  • Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

Stakeholder prioritization map with axes 'Influence' and 'Ownership/Interest' splitting the map into four quadrants: 'Spectators Low/Low', 'Noisemakers Low/High', 'Mediators High/Low', and 'Players High/High'.

4.3 Group your stakeholders into categories

Input: Stakeholder Map

Output: Categorization of stakeholders and influencers

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. Identify your stakeholder’s interest in and influence on your BRM program.
  2. Map your results to the quadrant in your workbook to determine each stakeholder’s category.

Stakeholder prioritization map with example 'Stakeholders' placed in or across the four quadrants.

Level of Influence

  • Power: Ability of a stakeholder to effect change.
  • Urgency: Degree of immediacy demanded.
  • Legitimacy: Perceived validity of stakeholder’s claim.
  • Volume: How loud their “voice” is or could become.
  • Contribution: What they have that is of value to you.

Level of Interest

How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

Use the BRM Workbook to map your stakeholders

Define strategies for engaging stakeholders by type

Each group of stakeholders draws attention and resources away from critical tasks.

By properly identifying your stakeholder groups, you can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of the Mediators and Players are met.

Type Quadrant Actions
Players High influence; high interest Actively Engage
Keep them engaged through continuous involvement. Maintain their interest by demonstrating their value to its success.
Mediators High influence; low interest Keep Satisfied
They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust, and include them in important decision-making steps. In turn, they can help you influence other stakeholders.
Noisemakers Low influence; high interest Keep Informed
Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
Spectators Low influence; low interest Monitor
They are followers. Keep them in the loop by providing clarity on objectives and status updates.

Prioritize your stakeholders

There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

Apply a third dimension for stakeholder prioritization: support.

Support, in addition to interest and influence, is used to prioritize which stakeholders are should receive the focus of your attention. This table indicates how stakeholders are ranked:

Table with 'Stakeholder Categories' and their 'Level of Support' for prioritizing. Support levels are 'Supporter', 'Evangelist', 'Neutral', and 'Blocker'.

Support can be determined by rating the following question: how likely is it that your stakeholder would recommend IT at your organization/your group? Our four categories of support:

  • Blocker – beware of the blocker. These stakeholders do not support your cause and have the necessary drive to impede the achievement of your objectives.
  • Semi-Supporter – while these stakeholders are committed to your objectives, they are somewhat apathetic to advocate on your behalf. They will support you so long as it does not require much effort from them to do so.
  • Neutral – neutrals do not have much commitment to your objectives and are not willing to expend much energy to either support or detract from them.
  • Supporter – these stakeholders are committed to your initiative and are willing to whole-heartedly provide you with support.

4.4 Update your stakeholder quadrant to include the three dimensions

Input: Stakeholder Map

Output: Categorization of stakeholders and influencers

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. Identify the level of support of each stakeholder by answering the following question: how likely is it that your stakeholder would support your initiative/endeavor?
  2. Map your results to the model in your workbook to determine each stakeholder’s category.
Stakeholder prioritization map with example 'Persons' placed in or across the four quadrants. with The third dimension, 'Level of Support', is color-coded.

Use the BRM Workbook to map your stakeholders

Leverage your map to think about how to engage with your stakeholders

Not all stakeholders are equal, nor can they all be treated the same. Your stakeholder quadrant highlights areas where you may need to engage differently.

Blockers

Pay attention to your “blockers,” especially those that appear in the high influence and high interest part of the quadrant. Consider how your engagement with them varies from supporters in this quadrant. Consider what is valuable to these stakeholders and focus your conversations on “what’s in this for them.”

Neutral & Evangelists

Stakeholders that are neutral or evangelists do not require as much attention as blockers and supporters, but they still can’t be ignored – especially those who are players (high influence and engagement). Focus on what’s in it for them to move them to become supporters.

Supporters

Do not neglect supporters – continue to engage with them to ensure that they remain supporters. Focus on the supporters that are influential and impacted, rather than the “spectators.”

4.5 Create your engagement plan

Input: Stakeholder Map/list of stakeholders

Output: Categorization of stakeholders and influencers

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. Leverage the BRM Stakeholder Engagement Plan spreadsheet. List your key stakeholders.
  2. Consider: how do you show value at your current maturity level so that you can gain trust and your relationship can mature? Establish where your relationship lacks maturity, and consider whether you need to engage with them on a more strategic, tactical, or even operational manner.
    • At lower levels of maturity (Table Stakes), focus on service delivery, project delivery, and communication.
    • At mid-level maturity (Influencer/Advocate), focus on business pain points and a deeper knowledge of the business.
    • At higher maturity levels (Value Creator/Innovator), focus on creating value by leading innovative initiatives that drive the business forward.
  3. Review the stakeholder quadrant. Update the frequency of your communication accordingly.
  4. Capture the agenda for your engagements with them.

Download and use the BRM Stakeholder Engagement Plan

Your agenda should vary with the maturity of your relationship

Agenda
Stakeholder Information Type Meeting Frequency Lower Maturity Mid-Level Maturity Higher Maturity
VP Strategic Quarterly
  • Summary of current and upcoming projects and initiatives
  • Business pain points for the department
  • Proposed solutions to address business pain points
  • Innovative solutions to improve business processes and drive value for the department and the organization
Director Strategic, Tactical Monthly
  • Summary of recent and upcoming changes
  • Summary of current and upcoming projects and initiatives
  • Business pain points for the department
  • Proposed business process improvements
  • Current and upcoming project proposals to address business pain points
  • Innovative solutions to help the department achieve its business goals and objectives
Manager Tactical Monthly
  • Summary of service desk tickets
  • Summary of recent and upcoming changes
  • Summary of current and upcoming projects and initiatives
  • Business pain points for the team
  • Proposed business activity improvements
  • Current and upcoming projects to address business pain points
  • Innovative solutions to help business users perform their daily business activities more effectively and efficiently

Lower Maturity – Focus on service delivery, project delivery, and communication

Mid-Level Maturity – Focus on business pain points and a deeper knowledge of the business

Higher Maturity – Focus on creating value by leading innovative initiatives that drive the business forward

Stakeholder – Include both IT and business stakeholders at appropriate levels

Agenda – Manage stakeholders expectations, and clarify how your agenda will progress as the partnership matures

REASSESS & EMBED

Assess

1.1 Define BRM

1.2 Analyze Satisfaction

1.3 Assess SWOT

Situate

2.1 Create Vision

2.2 Create the BRM Mission

2.3 Establish Goals

Plan

3.1 Establish Guiding Principles

3.2 Determine Where BRM Fits

3.3 Establish BRM Expectations

3.4 Identify Roles With BRM Responsibilities

3.5 Align Capabilities

Implement

4.1 Brainstorm Sources of Business Value

4.2 Identify Key Influencers

4.3 Categorize the Stakeholders

4.4 Create the Prioritization Map

4.5 Create Your Engagement Plan

Reassess & Embed

5.1 Create Metrics

5.2 Prioritize Your Projects

5.3 Create a Portfolio Investment Map

5.4 Establish Your Annual Plan

5.5 Build Your Transformation Roadmap

5.6 Create Your Communication Plan

Measure your BRM practice success

  • Metrics are powerful because they drive behavior.
  • Metrics are also dangerous because they often lead to unintended negative outcomes.
  • Metrics should be chosen carefully to avoid getting “what you asked for” instead of “what you intended.”

Stock image of multiple business people running off the end of a pointed finger like lemmings.

Questions to ask Are your metrics achievable?
  1. What are the leading indicators of BRM effectively supporting the business’ strategic direction?
  2. How are success metrics aligned with the objectives of other functional groups?

S pecific

M easurable

A chievable

R ealistic

T ime-bound

Embedding the BRM practice within your organization must be grounded in achievable outcomes.

Ensure that the metrics your practice is measured against reflect realistic and tangible business expectations. Overpromising the impact the practice will have can lead to long-term implementation challenges.

Determine whether your business is satisfied with IT

Measuring tape.

1

Survey your stakeholders to measure improvements in customer satisfaction.

Leverage the CIO Business Vision on a regular interval – most find that annual assessments drive success.

Evaluate whether the addition or increased maturity of your BRM practice has improved satisfaction with IT.

Business satisfaction survey

  • Audience: Business leaders
  • Frequency: Annual
  • Metrics:
    • Overall Satisfaction score
    • Overall Value score
    • Relationship Satisfaction:
      • Understand needs
      • Meet needs
      • Communication
Two small tables showing example 'Value' and 'Satisfaction' scores.
Table with a breakdown of the example 'Satisfaction' score, with individual scores for 'Needs', 'Execution', and 'Communication'.

Check if you’ve met the BRM goals you set out to achieve

Measuring tape.

2

Measure BRM success against the goals for the practice.

Evaluate whether the BRM practice has helped IT to meet the goals that you’ve established.

For each of your goals, create metrics to establish how you will know if you’ve been successful. This might be how many or what type of interactions you have with your stakeholders, and/or it could be new connections with internal or external partners.

Ensure you have established metrics to measure success at your goals.

Dart board with five darts, each representing a goal, 'Demand Shaping', 'Value Realization', 'Servicing', 'Exploring', and 'Other Goal(s)'.

5.1 Create metrics

Input: Goals, The attributes which can align to goal success

Output: Measurements of success

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. Start with a consideration of your goals and objectives.
  2. Identify key aspects that can support confirming if the goal was successful.
  3. For each aspect, develop a method to measure success with a specific measurement.
  4. When creating the KPI consider:
    • How you know if you are achieving your objective (performance)?
    • How frequently will you be measuring this?
    • Are you looking for an increase, decrease, or maintenance of the metric?
Table with columns 'BRM Goals', 'Measurement', 'KPI', and 'Frequency'.

Use the BRM Workbook

Don’t wait all year to find out if you’re on track

Leverage the below questions to quickly poll your business partners on a more frequent basis.

Partner instructions:

Please indicate how much you agree with each of the following statements. Use a scale of 1-5, where 1 is low agreement and 5 indicates strong agreement:

Demand Shaping: My BRM is at the table and seeks to understand my business. They help me understand IT and helps IT prioritize my needs.

Exploring: My BRM surfaces new opportunities based on their understanding of my pain points and growth needs. They engage resources with a focus on the value to be delivered.

Servicing: The BRM obtains an understanding of the services and service levels that are required, clarifies them, and communicates costs and risks.

Value Harvesting: Focus on value is evident in discussions – the BRM supports IT in ensuring value realization is achieved and tracks value during and beyond deployment.

Embedding the BRM practice also includes acknowledging the BRM’s part in balancing the IT portfolio

IT needs to juggle “keeping the lights on” initiatives with those required to add value to the organization.

Partner with the appropriate resources (Project Management Office, Product Owners, System Owners, and/or others as appropriate within your organization) to ensure that all initiatives focus on value.

Info-Tech Insight

Not every organization will balance their portfolio in the same way. Some organizations have higher risk tolerance and so their higher priority goals may require that they accept more risk to potentially reap more returns.

Stock image of a man juggling business symbols.

80% of organizations feel their portfolios are dominated by low-value initiatives that do not deliver value to the business. (Source: Stage-Gate International and Product Development Institute, March/April 2009)

All new requests are not the same; establish a process for intake and manage expectations and IT’s capacity to deliver value.

Ensure you communicate your process to support new ideas with your stakeholders. They’ll be clear on the steps to bring new initiatives into IT and will understand and be engaged in the process to demonstrate value.

Flowchart for an example intake process.

For support creating your intake process, go to Optimize Project Intake, Approval and Prioritization Sample of Info-Tech's Optimize Project Intake, Approval and Prioritization.

Use value as your criteria to evaluate initiatives

Work with project managers to ensure that all projects are executed in a way that meets business expectations.

Sample of Info-Tech’s Project Value Scorecard Development Tool.

Download Info-Tech’s Project Value Scorecard Development Tool.

Enter risk/compliance criteria under operational alignment: projects must be aligned with the operational goals of the business and IT.

Business value matrix.

Enter these criteria under strategic alignment: projects must be aligned with the strategic goals of the business, customer, and IT.
Enter financial criteria under financial: projects must realize monetary benefits, in increased revenue or decreased costs, while posing as little risk of cost overrun as possible.
And don’t forget about feasibility: practical considerations for projects must be taken into account in selecting projects.

5.2 Prioritize your investments/ projects (optional activity)

Input: Value criteria

Output: Prioritized project listing

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. Review and edit (if necessary) the criteria on tab 2 the Project Value Scorecard Development Tool.
    Screenshot from tab 2 of Info-Tech’s Project Value Scorecard Development Tool.
  2. Score initiatives and investments on tab 3 using your criteria.
    Screenshot from tab 3 of Info-Tech’s Project Value Scorecard Development Tool.
Download Info-Tech’s Project Value Scorecard Development Tool.

Visualize where investments add value through an initiative portfolio map

An initiative portfolio map is a graphic visualization of strategic initiatives overlaid on a business capability map.

Leverage the initiative portfolio map to communicate the value of what IT is working on to your stakeholders.

Info-Tech Insight

Projects will often impact one or more capabilities. As such, your portfolio map will help you identify cross-dependencies when scaling up or scaling down initiatives.

Example initiative portfolio map


Example initiative portfolio map with initiatives in categories like 'Marketing Strategy' and 'Brand Mgmt.'. Certain groups of initiatives have labels detailing when they achieve collectively.

5.3 Create a portfolio investment map (optional activity)

Input: Business capability map

Output: Portfolio investment map

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. Build a capability map, outlining the value streams that support your organization’s goals and the high-level capabilities (level 1) that support the value stream (and goals).
    For more support in establishing the capability map, see Document Your Business Architecture.
    Example table for outlining 'Value Streams' and 'Level 1 Capabilities' through 'Goals'.
  2. Identify high-value capabilities for the organization.
  3. What are the projects and initiatives that will address the critical capabilities? Add these under the high-value capabilities.
  4. This process will help you demonstrate how projects align to business goals. Enter your capabilities and projects in Info-Tech’s Initiative Portfolio Map Template.
Download Info-Tech’s Initiative Portfolio Map Template.

Establish your annual BRM plan

To support the BRM capability at your organization, you’ll want to communicate your plan. This will include:
  • Business Feedback and Engagement
    • Engaging with your partners includes meeting with them on a regular basis. Establish this frequency and capture it in your plan. This engagement must include an understanding of their goals and challenges.
    • As Bill Gates said, “We all need people who will give us feedback. That’s how we improve” (Inc.com, 2013). There are various points in the year which will provide you with the opportunity to understand your business partners’ views of IT or the BRM role. List the opportunities to reflect on this feedback in your plan.
  • Business-IT Alignment
    • Bring together the views and perspectives of IT and the business.
    • List the activities that will be required to reflect business goals in IT. These include IT goals, budget, and planning.
  • BRM Improvement
    • The practices put in place to support the BRM practice need to continuously evolve to support a maturing organization. The feedback from stakeholders throughout the organization will provide input into this. Ensure there are activities and time put aside to evaluate the improvements required.
Stock image of someone discovering a calendar in a jungle with a magnifying glass.

5.4 Establish your year-in-the-life plan

Input: Engagement plan, BRM goals

Output: Annual BRM plan

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. Start with your business planning activities – what will you as a BRM be doing as your business establishes their plans and strategies? These could include:
    • Listening and feedback sessions
    • Third-party explorations
  2. Then look at your activities required to integrate within IT – what activities are required to align business directives within your IT groups? Examples can include:
    • Business strategy review
    • Capability map creation
    • Input into the Business-aligned IT strategy
    • IT budget input
  3. What activities are required to continuously improve the BRM role? This may consist of:
    • Feedback discussions with business partners
    • Roadshow with colleagues to communicate and refine the practice
  4. Map these on your annual calendar that can be shared with your colleagues.
Capture in the BRM Workbook

Communicate using the Executive Buy-In and Communication Template

Sample of a slide titled 'BRM Annual Cycle'.

Sample BRM annual cycle

Sample BRM annual cycle with row headers 'Business Feedback and Engagement', 'Business-IT Alignment', and 'BRM Improvement' mapped across a Q1 to Q4 timeline with individual tasks in each category.

5.5 Build your transformation roadmap

Input: SWOT analysis

Output: Transformation roadmap

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. Brainstorm and discuss the key enablers that are needed to help promote and ease your BRM program.
  2. Brainstorm and discuss the key blockers (or risks) that may interrupt or derail your BRM program.
  3. Brainstorm mitigation activities for each blocker.
  4. Enablers and mitigation activities can be listed on your transformation roadmap.

Example:

Enablers

  • High business engagement and buy-in
  • Supportive BRM leadership
  • Organizational acceptance for change
  • Development process awareness by development teams
  • Collaborative culture
  • Existing tools can be customized for BRM

Blockers

  • Pockets of management resistance
  • Significant time is required to implement BRM and train resources
  • Geographically distributed resources
  • Difficulty injecting customers in demos

Mitigation

  • BRM workshop training with all teams and stakeholders to level set expectations
  • Limit the scope for pilot project to allow time to learn
  • Temporarily collocate all resources and acquire virtual communication technology

Capture in the BRM Workbook

5.5 Build your transformation roadmap (cont’d)

  1. Roadmap Elements:
    • List the artifacts, changes, or actions needed to implement the new BRM program.
    • For each item, identify how long it will take to implement or change by moving it into the appropriate swim lane. Use timing that makes sense for your organization: Quick Wins, Short Term, and Long Term; Now, Next, and Later; or Q1, Q2, Q3, and Q4.

Example transformation roadmap with BRM programs arranged in columns 'Now', 'Next (3-6 months)', 'Later (6+ months)', and 'Deferred'.

Communicate the BRM changes to set your practice up for success

Leaders of successful change spend considerable time developing a powerful change message, i.e. a compelling narrative that articulates the desired end state, and that makes the change concrete and meaningful to staff.

The change message should:

  • Explain why the change is needed.
  • Summarize what will stay the same.
  • Highlight what will be left behind.
  • Emphasize what is being changed.
  • Explain how change will be implemented.
  • Address how change will affect various roles in the organization.
  • Discuss the staff’s role in making the change successful.
Five elements of communicating change
Diagram titled 'COMMUNICATING THE CHANGE' surrounded by useful questions: 'What is the change?', 'What will the role be for each department and individual?', 'Why are we doing it?', 'How long will it take us to do it?', and 'How are we going to go about it?'.
(Source: The Qualities of Leadership: Leading Change)

Apply the following communication principles to make your BRM changes relevant to stakeholders

“We tend to use a lot of jargon in our discussions, and that is a sure fire way to turn people away. We realized the message wasn’t getting out because the audience wasn’t speaking the same language. You have to take it down to the next level and help them understand where the needs are.” (Jeremy Clement, Director of Finance, College of Charleston, Info-Tech Interview, 2018)

Be Relevant

  • Talk about what matters to the stakeholder. Think: “what’s in it for them?
  • Tailor the details of the message to each stakeholder’s specific concerns.
  • Often we think in processes but stakeholders only care about results: talk in terms of results.

Be Clear

  • Don’t use jargon.
  • Choice of language is important: “Do you think this is a good idea? I think we could really benefit from your insights and experience here.” Or do you mean: “I think we should do this. I need you to do this to make it happen.”

Be Concise

  • Keep communication short and to the point so key messages are not lost in the noise.
  • There is a risk of diluting your key message if you include too many other details.

Be Consistent

  • The core message must be consistent regardless of audience, channel, or medium. A lack of consistency can be interpreted as an attempt at deception. This can hurt credibility and trust.
  • Test your communication with your team or colleagues to obtain feedback before delivering to a broader audience.

5.6 Create a communications plan tailored to each of your stakeholders

Input: Prioritized list of stakeholders

Output: Communication Plan

Materials: Whiteboard/flip charts (physical or electronic)

Participants: Team

  1. List stakeholders in order of importance in the first column.
  2. Identify the frequency with which you will communicate to each group.
  3. Determine the scope of the communication:
    • What key information needs to be included in the message to ensure they are informed and on board?
    • Which medium(s) will you use to communicate to that specific group?
  4. Develop a concrete timeline that will be followed to ensure that support is maintained from the key stakeholders.

Audience

All BRM Staff

Purpose

  • Introduce and explain operating model
  • Communicate structural changes

Communication Type

  • Team Meeting

Communicator

CIO

Timing

  • Sept 1 – Introduce new structure
  • Sept 15 – TBD
  • Sept 29 – TBD

Related Blueprints

Business Value
Service Catalog
Intake Management
Sample of Info-Tech's 'Document Your Business Architecture' blueprint.
Sample of Info-Tech's 'Design and Build a User-Facing Service Catalog' blueprint.
Sample of Info-Tech's 'Manage Stakeholder Relations' blueprint.
Sample of Info-Tech's 'Document Business Goals and Capabilities for Your IT Strategy' blueprint.
Sample of Info-Tech's 'Fix Your IT Culture' blueprint.

Selected Bibliography

“Apple Mission and Vision Analysis.” Mission Statement Academy, 23 May 2019. Accessed 5 November 2020.

Barnes, Aaron. “Business Relationship Manager and Plan Build Run.” BRM Institute, 8 April 2014.

Barnes, Aaron. “Starting a BRM Team - Business Relationship Management Institute.” BRM Institute, 5 June 2013. Web.

BRM Institute. “Business Partner Maturity Model.” Member Templates and Examples, Online Campus, n.d. Accessed 3 December 2021.

BRM Institute. “BRM Assessment Templates and Examples.” Member Templates and Examples, Online Campus, n.d. Accessed 24 November 2021.

Brusnahan, Jim, et al. “A Perfect Union: BRM and Agile Development and Delivery.” BRM Institute, 8 December 2020. Web.

Business Relationship Management: The BRMP Guide to the BRM Body of Knowledge. Second printing ed., BRM Institute, 2014.

Chapman, Chuck. “Building a Culture of Trust - Remote Leadership Institute.” Remote Leadership Institute, 10 August 2021. Accessed 27 January 2022.

“Coca Cola Mission and Vision Analysis.” Mission Statement Academy, 4 August 2019. Accessed 5 November 2020.

Colville, Alan. “Shared Vision.” UX Magazine, 31 October 2011. Web.

Cooper, Robert, G. “Effective Gating: Make product innovation more productive by using gates with teeth.” Stage-Gate International and Product Development Institute, March/April 2009. Web.

Heller, Martha. “How CIOs Can Make Business Relationship Management (BRM) Work.” CIO, 1 November 2016. Accessed 27 January 2022.

“How Many Business Relationship Managers Should You Have.” BRM Institute, 20 March 2013. Web.

Hull, Patrick. “Answer 4 Questions to Get a Great Mission Statement.” Forbes, 10 January 2013. Web.

Kasperkevic, Jana. “Bill Gates: Good Feedback Is the Key to Improvement.” Inc.com, 17 May 2013. Web.

Merlyn, Vaughan. “Relationships That Matter to the BRM.” BRM Institute, 19 October 2016. Web.

“Modernizing IT’s Business Relationship Manager Role.” The Hackett Group, 22 November 2019. Web.

Monroe, Aaron. “BRMs in a SAFe World...That Is, a Scaled Agile Framework Model.” BRM Institute, 5 January 2021. Web.

Selected Bibliography

“Operational, adj." OED Online, Oxford University Press, December 2021. Accessed 29 January 2022.

Sinek, Simon. “Transcript of ‘How Great Leaders Inspire Action.’” TEDxPuget Sound, September 2009. Accessed 7 November 2020.

“Strategic, Adj. and n.” OED Online, Oxford University Press, December 2016. Accessed 27 January 2022.

“Tactical, Adj.” OED Online, Oxford University Press, September 2018. Accessed 27 January 2022.

“The Qualities of Leadership: Leading Change.” Cornelius & Associates, 23 September 2013. Web.

“Twice the Business Value in Half the Time: When Agile Methods Meet the Business Relationship Management Role.” BRM Institute, 10 April 2015. Web.

“Value Streams.” Scaled Agile Framework, 30 June 2020. Web.

Ward, John. “Delivering Value from Information Systems and Technology Investments: Learning from Success.” Information Systems Research Centre, August 2006. Web.

Appendix

  • Business Value Drivers
  • Service Blueprint
  • Stakeholder Communications
  • Job Descriptions

Understand business value drivers for ROI and cost

Make Money

This value driver is specifically related to the impact a product or service has on your organization’s ability to show value for the investments. This is usually linked to the value for money for an organization.

Return on Investment can be derived from:

  • Sustaining or increasing funding.
  • Enabling data monetization.
  • Improving the revenue generation of an existing service.
  • Preventing the loss of a funding stream.

Be aware of the difference among your products and services that enable a revenue source and those which facilitate the flow of funding.

Save Money

This value driver relates to the impact of a product or service on cost and budgetary constraints.

Reduce costs value can be derived from:

  • Reducing the cost to provide an existing product or service.
  • Replacing a costly product or service with a less costly alternative.
  • Bundling and reusing products or services to reduce overhead.
  • Expanding the use of shared services to generate more value for the cost of existing investment.
  • Reducing costs through improved effectiveness and reduction of waste.

Budgetary pressures tied to critical strategic priorities may defer or delay implementation of initiatives and revision of existing products and services.

Understand Business Value Drivers that Enhance Your Services

Operations

Some products and services are in place to facilitate and support the structure of the organization. These vary depending on what is important to your organization, but should be assessed in relation to the organizational culture and structure you have identified.

  • Adds or improves effectiveness for a particular service or the process and technology enabling its success.

Risk and Compliance

A product or service may be required in order to meet a regulatory requirement. In these cases, you need to be aware of the organizational risk of NOT implementing or maintaining a service in relation to those risks.

In this case, the product or service is required in order to:

  • Prevent fines.
  • Allow the organization to operate within a specific jurisdiction.
  • Remediate audit gaps.
  • Provide information required to validate compliance.

Internal Information

Understanding internal operations is also critical for many organizations. Data captured through your operations provides critical insights that support efficiency, productivity, and many other strategic goals.

Internal information value can be derived by:

  • Identifying areas of improvement in the development of core offerings.
  • Monitoring and tracking employee behavior and productivity.
  • Monitoring resource levels.
  • Monitoring inventory levels.

Collaboration and Knowledge Transfer

Communication is integral and products and services can be the link that ties your organization together.

In this case, the value generated from products and services can be to:

  • Align different departments and multiple locations.
  • Enable collaboration.
  • Capture trade secrets and facilitate organizational learning.

Understand Business Value Drivers that Connect the Business to Your Customers

Policy

Products and services can also be assessed in relation to whether they enable and support the required policies of the organization. Policies identify and reinforce required processes, organizational culture, and core values.

Policy value can be derived from:

  • The service or initiative will produce outcomes in line with our core organizational values.
  • It will enable or improve adherence and/or compliance to policies within the organization.

Customer Relations

Products and services are often designed to facilitate goals of customer relations; specifically, improve satisfaction, retention, loyalty, etc. This value type is most closely linked to brand management and how a product or service can help execute brand strategy. Customers, in this sense, can also include any stakeholders who consume core offerings.

Customer satisfaction value can be derived from:

  • Improving the customer experience.
  • Resolving a customer issue or identified pain point.
  • Providing a competitive advantage for your customers.
  • Helping to retain customers or prevent them from leaving.

Market Information

Understanding demand and market trends is a core driver for all organizations. Data provided through understanding the ways, times, and reasons that consumers use your services is a key driver for growth and stability.

Market information value can be achieved when an app:

  • Addresses strategic opportunities or threats identified through analyzing trends.
  • Prevents failures due to lack of capacity to meet demand.
  • Connects resources to external sources to enable learning and growth within the organization.

Market Share

Market share represents the percentage of a market or market segment that your business controls. In essence, market share can be viewed as the potential for more or new revenue sources.

Assess the impact on market share. Does the product or service:

  • Increase your market share?
  • Open access to a new market?
  • Help you maintain your market share?

Service Blueprint

Service design involves an examination of the people, process and technology involved in delivering a service to your customers.

Service blueprinting provides a visual of how these are connected together. It enables you to identify and collaborate on improvements to an existing service.

The main components of a service blueprint are:

Customer actions – this anchors the service in the experiences of the customer

Front-stage – this shows the parts of the service that are visible to the customer

Back-stage – this is the behind-the-scenes actions necessary to deliver the experience to the customer

Support processes – this is what’s necessary to deliver the back-stage (and front-stage/customer experience), but is not aligned from a timing perspective (e.g. it doesn’t matter if the fridge is stocked when the order is put in, as long as the supplies are available for the chef to use)

Example service blueprint with the main components listed above as row headers.

Physical Evidence and Time are blueprint components can be added in to provide additional context & support

Example service blueprint with the main components plus added components 'Physical Evidence' and 'Time'.

Stakeholder Communications

Personalize
  • “What’s in it for me” & Persona development – understanding what the concerns are from the community that you will want to communicate about
  • Get to know the cultures of each persona to identify how they communicate. For the faculty, Teams might not be the answer, but faculty meetings might be, or sending messages via email. Each persona group may have unique/different needs
  • Meet them “where they are”: Be prepared to provide 5-minute updates (with “what’s in it for me” and personas in mind) at department meetings in cases where other communications (Teams etc.) aren’t reaching the community
  • Review the business vision diagnostic report to understand what’s important to each community group and what their concerns are with IT. Definitely review the comments that users have written.
Show Proof
  • Share success stories tailored to users needs – e.g. if they have a concern with security, and IT implemented a new secure system to better meet their needs, then telling them about the success is helpful – shows that you’re listening and have responded to meet their concerns. Demonstrates how interacting with IT has led to positive results. People can more easily relate to stories

Reference
  • Consider establishing a repository (private/unlisted YouTube channel, Teams, etc.) so that the community can search to view the tip/trick they need
  • Short videos are great to provide a snippet of the information you want to share
Responses
  • Engage in 2-way communications – it’s about the messages IT wants to convey AND the messages you want them to convey to you. This helps to ensure that your messages aren’t just heard but are understood/resonate.
  • Let people know how they should communicate with IT – whether it’s engaging through Teams, via email to a particular address, or through in person sessions
Test & Learn
  • Be prepared to experiment with the content and mediums, and use analytics to assess the results. For example if videos are posted on a site like SharePoint that already has analytics functionality, you can capture the number of views to determine how much they are viewed
Multiple Mediums
  • Use a combination of one-on-one interviews/meetings and focus groups to obtain feedback. You may want to start with some of the respondents who provided comments on surveys/diagnostics

BRM Job Descriptions

Download the Job Descriptions:

Become a Transformational CIO

  • Buy Link or Shortcode: {j2store}86|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Innovation
  • Parent Category Link: /innovation
  • Business transformations are happening, but CIOs are often involved only when it comes time to implement change. This makes it difficult for the CIO to be perceived as an organizational leader.
  • CIOs find it difficult to juggle operational activities, strategic initiatives, and involvement in business transformation.
  • CIOs don’t always have the IT organization structured and mobilized in a manner that facilitates the identification of transformation opportunities, and the planning for and the implementation of organization-wide change.

Our Advice

Critical Insight

  • Don’t take an ad hoc approach to transformation.
  • You’re not in it alone.
  • Your legacy matters

Impact and Result

  • Elevate your stature as a business leader.
  • Empower the IT organization to act with a business mind first, and technology second.
  • Create a high-powered IT organization that is focused on driving lasting change, improving client experiences, and encouraging collaboration across the entire enterprise.
  • Generate opportunities for organizational growth, as manifested through revenue growth, profit growth, new market entry, new product development, etc.

Become a Transformational CIO Research & Tools

Start here – read the Executive Brief

Read our Executive Brief to find out why you should undergo an evolution in your role as a business leader, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Are you ready to lead transformation?

Determine whether you are ready to focus your attention on evolving your role.

  • Become a Transformational CIO – Phase 1: Are You Ready to Lead Transformation?

2. Build business partnerships

Create a plan to establish key business partnerships and position IT as a co-leader of transformation.

  • Become a Transformational CIO – Phase 2: Build Business Partnerships
  • Partnership Strategy Template

3. Develop the capability to transform

Mobilize the IT organization and prepare for the new mandate.

  • Become a Transformational CIO – Phase 3: Develop the Capability to Transform
  • Transformation Capability Assessment

4. Shift IT’s focus to the customer

Align IT with the business through a direct, concentrated focus on the customer.

  • Become a Transformational CIO – Phase 4: Shift IT’s Focus to the Customer
  • Transformational CIO Value Stream Map Template
  • Transformational CIO Business Capability Map Template

5. Adopt a transformational approach to leadership

Determine the key behaviors necessary for transformation success and delegate effectively to make room for new responsibilities.

  • Become a Transformational CIO – Phase 5: Adopt a Transformational Approach to Leadership
  • Office of the CIO Template

6. Sustain the transformational capability

Track the key success metrics that will help you manage transformation effectively.

  • Become a Transformational CIO – Phase 6: Sustain the Transformational Capability
  • Transformation Dashboard
[infographic]

Workshop: Become a Transformational CIO

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Determine Readiness to Become a Transformational CIO

The Purpose

Understand stakeholder and executive perception of the CIO’s performance and leadership.

Determine whether the CIO is ready to lead transformation.

Key Benefits Achieved

Decision to evolve role or address areas of improvement as a pre-requisite to becoming a transformational CIO.

Activities

1.1 Select data collection techniques.

1.2 Conduct diagnostic programs.

1.3 Review results and define readiness.

Outputs

Select stakeholder and executive perception of the CIO

Decision as to whether to proceed with the role evolution

2 Build Business Partnerships

The Purpose

Identify potential business partners and create a plan to establish key partnerships.

Key Benefits Achieved

An actionable set of initiatives that will help the CIO create valuable partnerships with internal or external business stakeholders.

Activities

2.1 Identify potential business partners.

2.2 Evaluate and prioritize list of potential partners.

2.3 Create a plan to establish the target partnerships.

Outputs

Partnership strategy

3 Establish IT’s Ability to Transform

The Purpose

Make the case and plan for the development of key capabilities that will enable the IT organization to handle transformation.

Key Benefits Achieved

A maturity assessment of critical capabilities.

A plan to address maturity gaps in preparation for a transformational mandate.

Activities

3.1 Define transformation as a capability.

3.2 Assess the current and target transformation capability maturity.

3.3 Develop a roadmap to address gaps.

Outputs

Transformation capability assessment

Roadmap to develop the transformation capability

4 Shift IT’s Focus to the Customer

The Purpose

Gain an understanding of the end customer of the organization.

Key Benefits Achieved

A change in IT mindset away from a focus on operational activities or internal customers to external customers.

A clear understanding of how the organization creates and delivers value to customers.

Opportunities for business transformation.

Activities

4.1 Analyze value streams that impact the customer.

4.2 Map business capabilities to value streams.

Outputs

Value stream maps

Business capability map

5 Establish Transformation Leadership and Sustain the Capability

The Purpose

Establish a formal process for empowering employees and developing new leaders.

Create a culture of continuous improvement and a long-term focus.

Key Benefits Achieved

Increased ability to sustain momentum that is inherent to business transformations.

Better strategic workforce planning and a clearer career path for individuals in IT.

A system to measure IT’s contribution to business transformation.

Activities

5.1 Set the structure for the office of the CIO.

5.2 Assess current leadership skills and needs.

5.3 Spread a culture of self-discovery.

5.4 Maintain the transformation capability.

Outputs

OCIO structure document

Transformational leadership dashboard

Make the Case for Product Delivery

  • Buy Link or Shortcode: {j2store}184|cart{/j2store}
  • member rating overall impact (scale of 10): 9.5/10 Overall Impact
  • member rating average dollars saved: $41,674 Average $ Saved
  • member rating average days saved: 13 Average Days Saved
  • Parent Category Name: Architecture & Strategy
  • Parent Category Link: /architecture-and-strategy
  • Organizations are traditionally organized to deliver initiatives in specific periods of time. This is in contention with product-centric delivery practices. This form of delivery acknowledges the reality that solutions of all shapes and sizes deliver continual and evolving business value over their lifetime.
  • Delivering multiple products together creates additional challenges because each product has its own pedigree, history, and goals.
  • Product owners struggle to prioritize changes to deliver product value. This creates a gap and conflict between product and enterprise goals.

Our Advice

Critical Insight

  • Delivering products doesn’t mean you will stop delivering projects! Product-centric delivery is intended to address the misalignment between the long-term delivery of value that organizations demand and the nature of traditional project-focused environments.

Impact and Result

  • We will help you build a proposal deck to make the case to your stakeholders for product-centric delivery.
  • You will build this proposal deck by answering key questions about product-centric delivery so you can identify:
    • A common definition of product.
    • How this form of delivery differs from traditional project-centric approaches.
    • Key challenges and benefits.
    • The capabilities needed to effectively own products and deliver value.
    • What you are asking of stakeholders.
    • A roadmap of how to get started.

Make the Case for Product Delivery Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Make the Case for Product Delivery Deck – A guide to help align your organization on the practices to deliver what matters most.

This project will help you define “product” for your organization, define your drivers and goals for moving to product delivery, understand the role of product ownership, lay out the case to your stakeholders, and communicate what comes next for your transition to product.

  • Make the Case for Product Delivery Storyboard

2. Make the Case for Product Delivery Presentation Template – A template to help you capture and detail your case for product delivery.

Build a proposal deck to help make the case to your stakeholders for product-centric delivery.

  • Make the Case for Product Delivery Presentation Template

3. Make the Case for Product Delivery Workbook – A tool to capture the results of exercises to build your case to change your product delivery method.

This workbook is designed to capture the results of the exercises in the Make the Case for Product Delivery Storyboard. Each worksheet corresponds to an exercise in the storyboard. The workbook is also a living artifact that should be updated periodically as the needs of your team and organization change.

  • Make the Case for Product Delivery Workbook
[infographic]

Further reading

Make the Case for Product Delivery

Align your organization on the practices to deliver what matters most.

Table of Contents

Define product

Define your drivers and goals

Understand the role of product ownership

Communicate what comes next

Make the case to your stakeholders

Appendix: Additional research

Appendix: Product delivery strategy communication

Appendix: Manage stakeholder influence

Appendix: Product owner capability details

Executive Summary

Your Challenge
  • Products are the lifeblood of an organization. They deliver the capabilities needed to deliver value to customers, internal users, and stakeholders.
  • Organizations are under pressure to align the value they provide with the organization’s goals and overall company vision.
  • You need to clearly convey the direction and strategy of your product portfolio to gain alignment, support, and funding from your organization.
Common Obstacles
  • IT organizations are traditionally organized to deliver initiatives in specific periods of time. This is in contention with product-centric delivery.
  • Product delivery acknowledges the reality that solutions of all shapes and sizes deliver continual and evolving business value over their lifetime.
  • Delivering multiple products together creates additional challenges because each product has its own pedigree, history, and goals.
  • Product owners struggle to prioritize changes to deliver product value. This creates a gap and conflict between product and enterprise goals.
Info-Tech’s Approach
  • Info-Tech will enable you to build a proposal deck to make the case to your stakeholders for product-centric delivery.
  • You will build this proposal deck by answering key questions about product-centric delivery so you can identify:
    • A common definition of product.
    • How this form of delivery differs from traditional project-centric approaches.
    • Key challenges and benefits.
    • The capabilities needed to effectively own products and deliver value.
    • What you are asking of stakeholders.
    • A roadmap of how to get started.

Info-Tech Insight

Delivering products doesn’t mean you will stop delivering projects! Product-centric delivery is intended to address the misalignment between the long-term delivery of value that organizations demand and the nature of traditional project-focused environments.

Many executives perceive IT as being poorly aligned with business objectives

Info-Tech’s CIO Business Vision Survey data highlights the importance of IT initiatives in supporting the business in achieving its strategic goals.

However, Info-Tech’s CEO-CIO Alignment Survey (2021; N=58) data indicates that CEOs perceive IT to be poorly aligned to business’ strategic goals.

Info-Tech CEO-CIO Alignment Diagnostics, 2021 (N=58)

40% Of CEOs believe that business goals are going unsupported by IT.

34% Of business stakeholders are supporters of their IT departments (n=334).

40% Of CIOs/CEOs are misaligned on the target role for IT.

Info-Tech Insight

Great technical solutions are not the primary driver of IT success. Focusing on delivery of digital products that align with organizational goals will produce improved outcomes and will foster an improved relationship between business and IT.

Increase product success by involving IT, business, and customers in your product roadmaps, planning, and delivery

Product management and delivery seek to promote improved relationships among IT, business, and customers, a critical driver for business satisfaction.

IT

Stock image of an IT professional.

1

Collaboration

IT, business, and customers work together through all stages of the product lifecycle, from market research through the roadmapping and delivery processes and into maintenance and retirement. The goal is to ensure the risks and dependencies are realized before work is committed.

Stakeholders, Customers, and Business

Stock image of a business professional.

2

Communication

Prioritize high-value modes of communication to break down existing silos and create common understanding and alignment across functions. This approach increases transparency and visibility across the entire product lifecycle.

3

Integration

Explore methods to integrate the workflows, decision making, and toolsets among the business, IT, and customers. The goal is to become more reactive to changes in business and customer expectations and more proactive about market trends.

Product does not mean the same thing to everyone

Do not expect a universal definition of products.
Every organization and industry has a different definition of what a product is. Organizations structure their people, processes, and technologies according to their definition of the products they manage. Conflicting product definitions between teams increase confusion and misalignment of product roadmaps.

“A product [is] something (physical or not) that is created through a process and that provides benefits to a market.” (Mike Cohn, Founding Member of Agile Alliance and Scrum Alliance) “A product is something ... that is created and then made available to customers, usually with a distinct name or order number.” (TechTarget) “A product is the physical object ... , software or service from which customer gets direct utility plus a number of other factors, services, and perceptions that make the product useful, desirable [and] convenient.” (Mark Curphey)

Organizations need a common understanding of what a product is and how it pertains to the business.

This understanding needs to be accepted across the organization.

“There is not a lot of guidance in the industry on how to define [products]. This is dangerous because what will happen is that product backlogs will be formed in too many areas. All that does is create dependencies and coordination across teams … and backlogs.” (Chad Beier, “How Do You Define a Product?” Scrum.org)

Products enable the long-term and continuous delivery of value

Diagram laying out the lifecycles and roadmaps contributing to the 'Continuous delivery of value'. Beginning with 'Project Lifecycle' in which Projects with features and services end in a Product Release that is disconnected from the continuum. Then the 'Hybrid Lifecycle' and 'Product Lifecycle' which are connected by a 'Product Roadmap' and 'Product Backlog' have Product Releases that connect to the continuum.

Phase 1

Build the case for product-centric delivery

Phase 1
1.1 Define product
1.2 Define your drivers and goals
1.3 Understand the role of product ownership
1.4 Communicate what comes next
1.5 Make the case to your stakeholders

This phase will walk you through the following activities:

  • Define product in your context.
  • Define your drivers and goals for moving to product delivery.
  • Understand the role of product ownership.
  • Communicate what comes next for your transition to product.
  • Lay out the case to your stakeholders.

This phase involves the following participants:

  • Product owners
  • Product managers
  • Development team leads
  • Portfolio managers
  • Business analysts

Step 1.1

Define product

Activities
  • 1.1.1 Define “product” in your context
  • 1.1.2 Consider examples of what is (and is not) a product in your organization
  • 1.1.3 Identify the differences between project and product delivery

This step involves the following participants:

  • Product owners
  • Product managers
  • Development team leads
  • Portfolio managers
  • Business analysts

Outcomes of this step

  • A clear definition of product in your organization’s context.

Make the Case for Product Delivery

Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

Exercise 1.1.1 Define “product” in your context

30-60 minutes

Output: Your enterprise/organizational definition of products and services

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

  1. Discuss what “product” means in your organization.
  2. Create a common, enterprise-wide definition for “product.”
“A product [is] something (physical or not) that is created through a process and that provides benefits to a market.” (Mike Cohn, Founding Member of Agile Alliance and Scrum Alliance) “A product is something ... that is created and then made available to customers, usually with a distinct name or order number.” (TechTarget) “A product is the physical object ... , software or service from which customer gets direct utility plus a number of other factors, services, and perceptions that make the product useful, desirable [and] convenient.” (Mark Curphey)

Record the results in the Make the Case for Product-Centric Delivery Workbook.

Example: What is a product?

Not all organizations will define products in the same way. Take this as a general example:

“A tangible solution, tool, or service (physical or digital) that enables the long-term and evolving delivery of value to customers and stakeholders based on business and user requirements.”

Info-Tech Insight

A proper definition of product recognizes three key facts:

  1. Products are long-term endeavors that don’t end after the project finishes.
  2. Products are not just “apps” but can be software or services that drive the delivery of value.
  3. There is more than one stakeholder group that derives value from the product or service.
Stock image of an open human head with gears and a city for a brain.

How do we know what is a product?

What isn’t a product:
  • Features (on their own)
  • Transactions
  • Unstructured data
  • One-time solutions
  • Non-repeatable processes
  • Solutions that have no users or consumers
  • People or teams
You have a product if the given item...
  • Has end users or consumers
  • Delivers quantifiable value
  • Evolves or changes over time
  • Has predictable delivery
  • Has definable boundaries
  • Has a cost to produce and operate

Exercise 1.1.2 Consider examples of what is (and is not) a product in your organization

15 minutes

Output: Examples of what is and isn’t a product in your specific context.

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

  1. Leverage the definition you created in exercise 1.1.1 and the explanation on the slide What is a product?
  2. Pick examples that effectively show the difference between products and non-products and facilitate a conversation on the ones that seem to be on the line. Specific server instances, or instances of providing a service, are worthwhile examples to consider.
  3. From the list you come up with, take the top three examples and put them into the Make the Case for Product Delivery Presentation Template.
Example:
What isn’t a product?
  • Month-end SQL scripts to close the books
  • Support Engineer doing a password reset
  • Latest research project in R&D
What is a product?
  • Self-service password reset portal
  • Oracle ERP installation
  • Microsoft Office 365

Record the results in the Make the Case for Product Delivery Workbook.

Product delivery practices should consider everything required to support it, not just what users see.

Cross-section of an iceberg above and below water with visible product delivery practices like 'Funding', 'External Relationships', and 'Stakeholder Management' above water and internal product delivery practices like 'Product Governance', 'Business Functionality', and 'R&D' under water. There are far more processes below the water.

Products and services share the same foundation and best practices

For the purpose of this blueprint, product/service and product owner/service owner are used interchangeably. Product is used for consistency but would apply to services as well.

Product = Service

“Product” and “service” are terms that each organization needs to define to fit its culture and customers (internal and external). The most important aspect is consistent use and understanding of:
  • External products
  • Internal products
  • External services
  • Internal services
  • Products as a service (PaaS)
  • Productizing services (SaaS)

Exercise 1.1.3 Identify the differences between project and product delivery

30-60 minutes

Output: List of differences between project and product delivery

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

  1. Consider project delivery and product delivery.
  2. Discuss what some differences are between the two.
    Note: This exercise is not about identifying the advantages and disadvantages of each style of delivery. This is to identify the variation between the two.
Theme Project Delivery (Current) Product Delivery (Future)
Timing Defined start and end Does not end until the product is no longer needed
Funding Funding projects Funding products and teams
Prioritization LoB sponsors Product owner
Capacity Management Project management Managed by product team

Record the results in the Make the Case for Product Delivery Workbook.

Identify the differences between a project-centric and a product-centric organization

Project Product
Fund projects — Funding –› Fund products or teams
Line of business sponsor — Prioritization –› Product owner
Makes specific changes to a product —Product management –› Improves product maturity and support
Assignment of people to work — Work allocation –› Assignment of work to product teams
Project manager manages — Capacity management –› Team manages capacity

Info-Tech Insights

  • Product ownership should be one of your first areas of focus when transitioning from project to product delivery.
  • Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that support improving end-user value and enterprise alignment.

Projects can be a mechanism for funding product changes and improvements

Diagram laying out the lifecycles and roadmaps contributing to the 'Continuous delivery of value'. Beginning with 'Project Lifecycle' in which Projects with features and services end in a Product Release that is disconnected from the continuum. Then the 'Hybrid Lifecycle' and 'Product Lifecycle' which are connected by a 'Product Roadmap' and 'Product Backlog' have Product Releases that connect to the continuum. Projects within products

Regardless of whether you recognize yourself as a product-based or project-based shop, the same basic principles should apply.

The purpose of projects is to deliver the scope of a product release. The shift to product delivery leverages a product roadmap and backlog as the mechanism for defining and managing the scope of the release.

Eventually, teams progress to continuous integration/continuous delivery (CI/CD) where they can release on demand or as scheduled, requiring org change management.

Step 1.2

Define your drivers and goals

Activities
  • 1.2.1 Understand your drivers for product-centric delivery
  • 1.2.2 Define the goals for your product-centric organization

This step involves the following participants:

  • Product owners
  • Product managers
  • Development team leads
  • Portfolio managers
  • Business analysts

Outcomes of this step

  • A clear understanding of your motivations and desired outcomes for moving to product delivery.

Make the Case for Product Delivery

Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

Exercise 1.2.1 Understand your drivers for product-centric delivery

30-60 minutes

Output: Organizational drivers to move to product-centric delivery.

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

  1. Identify your pain points in the current delivery model.
  2. What is the root cause of these pain points?
  3. How will a product-centric delivery model fix the root cause (drivers)?
Pain Points
  • Lack of ownership
Root Causes
  • Siloed departments
Drivers
  • Accountability

Record the results in the Make the Case for Product Delivery Workbook.

Exercise 1.2.2 Define the goals for your product-centric organization

30 minutes

Output: Goals for product-centric delivery

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

  1. Review the differences between project and product delivery from exercise 1.1.3 and the list of drivers from exercise 1.2.1.
  2. Define your goals for achieving a product-centric organization.
    Note: Your drivers may have already covered the goals. If so, review if you would like to change the drivers based on your renewed understanding of the differences between project and product delivery.
Pain Points
  • Lack of ownership
Root Causes
  • Siloed departments
Drivers
  • Accountability
Goals
  • End-to-end ownership

Record the results in the Make the Case for Product Delivery Workbook.

Step 1.3

Understand the role of product ownership

Activities
  • 1.3.1 Identify product ownership capabilities

This step involves the following participants:

  • Product owners
  • Product managers
  • Development team leads
  • Portfolio managers
  • Business analysts

Outcomes of this step

  • Product owner capabilities that you agree are critical to start your product transformation.

Make the Case for Product Delivery

Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

Accountability for the delivery of value through product ownership is not optional

Tree of 'Enterprise Goals and Priorities' leading to 'Product' through a 'Product Family'.

Info-Tech Insight

People treat the assignment of accountability for products (aka product ownership) as optional. Without assigning accountability up front, your transition to product delivery will stall. Accountable individuals will be focused on the core outcome for product delivery, which is the delivery of the right value, at the right time, to the right people.

Description of the tree levels shown in the diagram on the left. First is 'Enterprise Goals and Priorities', led by 'Executive Leadership' using the 'Enterprise Strategic Roadmap'. Second is 'Product Family', led by 'Product Manager' using the 'Product Family Roadmap'. Last is 'Product', led by the 'Product Owner' using the 'Product Roadmap' and 'Backlog' on the strategic end, and 'Releases' on the Tactical end. In the holistic context, 'Product Family is considered 'Strategic' while 'Product' is 'Tactical'.

Recognize the different product owner perspectives

Business
  • Customer facing, revenue generating
Technical
  • IT systems and tools
Operations
  • Keep the lights on processes

Info-Tech Best Practice

Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

Info-Tech Insight

Recognize that product owners represent one of three primary perspectives. Although all share the same capabilities, how they approach their responsibilities is influenced by their perspective.

“A Product Owner in its most beneficial form acts like an Entrepreneur, like a 'mini-CEO'. The Product Owner is someone who really 'owns' the product.” (Robbin Schuurman, “Tips for Starting Product Owners”)

Implement the Info-Tech product owner capability model

As discussed in Build a Better Product Owner, most product owners operate with an incomplete knowledge of the skills and capabilities needed to perform the role. Common gaps include focusing only on product backlogs, acting as a proxy for product decisions, and ignoring the need for key performance indicators (KPIs) and analytics in both planning and value realization. 'Product Owner Capabilities': 'Vision', 'Leadership', 'Product Lifecycle Management', 'Value Realization'.
Vision
  • Market Analysis
  • Business Alignment
  • Product Roadmap
Leadership
  • Soft Skills
  • Collaboration
  • Decision Making
Product Lifecycle Management
  • Plan
  • Build
  • Run
Value Realization
  • KPIs
  • Financial Management
  • Business Model

Details on product ownership capabilities can be found in the appendix.

Exercise 1.3.1 Identify product ownership capabilities

60 minutes

Output: Product owner capability mapping

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

  1. Write down the capabilities product owners need to perform their duties (one per sticky note) in order to describe product ownership in your organization. Consider people, processes, and tools.
  2. Mark each capability with a plus (current capability), circle (some proficiency), or dash (missing capability).
  3. Discuss each capability and place on the appropriate quadrant.

'Product Owner Capabilities': 'Vision', 'Leadership', 'Product Lifecycle Management', 'Value Realization'.

Record the results in the Make the Case for Product Delivery Workbook.

Differentiate between product owners and product managers

Product Owner (Tactical Focus)
  • Backlog management and prioritization
  • Epic/story definition, refinement in conjunction with business stakeholders
  • Sprint planning with Scrum Master
  • Working with Scrum Master to minimize disruption to team velocity
  • Ensuring alignment between business and Scrum teams during sprints
  • Profit and loss (P&L) product analysis and monitoring
Product Manager (Strategic Focus)
  • Product strategy, positioning, and messaging
  • Product vision and product roadmap
  • Competitive analysis and positioning
  • New product innovation/definition
  • Release timing and focus (release themes)
  • Ongoing optimization of product-related marketing and sales activities
  • P&L product analysis and monitoring

Info-Tech Insight

“Product owner” and “product manager” are terms that should be adapted to fit your culture and product hierarchy. These are not management relationships but rather a way to structure related products and services that touch the same end users.

Step 1.4

Communicate what comes next

Activities
  • 1.4.1 How do we get started?

This step involves the following participants:

  • Product owners
  • Product managers
  • Development team leads
  • Portfolio managers
  • Business analysts

Outcomes of this step

  • A now, next, later roadmap indicating your overall next steps.

Make the Case for Product Delivery

Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

Make a plan in order to make a plan!

Consider some of the techniques you can use to validate your strategy.

Cyclical diagram of the 'Continuous Delivery of Value' within 'Business Value'. Surrounding attributes are 'User Centric', 'Adaptable', 'Accessible', 'Private & Secured', 'Informative & Insightful', 'Seamless Application Connection', 'Relationship & Network Building', 'Fit for Purpose'.

Go to your backlog and prioritize the elements that need to be answered sooner rather than later.

Possible areas of focus:

  • Regulatory requirements or questions to answer around accessibility, security, privacy.
  • Stress testing any new processes against situations that may occur.
Learning Milestones

The completion of a set of artifacts dedicated to validating business opportunities and hypotheses.

Possible areas of focus:

  • Align teams on product strategy prior to build
  • Market research and analysis
  • Dedicated feedback sessions
  • Provide information on feature requirements
Stock image of people learning.
Sprint Zero (AKA Project-before-the-project)

The completion of a set of key planning activities, typically the first sprint.

Possible areas of focus:

  • Focus on technical verification to enable product development alignment
  • Sign off on architectural questions or concerns
Stock photo of a person writing on a board of sticky notes.

The “Now, Next, Later” roadmap

Use this when deadlines and delivery dates are not strict. This is best suited for brainstorming a product plan when dependency mapping is not required.

  • Now
    What are you going to do now?
  • Next
    What are you going to do very soon?
  • Later
    What are you going to do in the future?
A priority map laid out as a half rainbow with 'Now' as the inner, 'Next' as the middle, and 'Later' as the outer. Various 'Features', 'Releases', and an 'MVP' are mapped into the sections.
(Source: “Tips for Agile product roadmaps & product roadmap examples,” Scrum.org, 2017)

Exercise 1.4.1 How do we get started?

30-60 minutes

Output: Product transformation critical steps and basic roadmap

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

  1. Identify what the critical steps are for the organization to embrace product-centric delivery.
  2. Group each critical step by how soon you need to address it:
    • Now: Let’s do this ASAP.
    • Next: Sometime very soon, let’s do these things.
    • Later: Much further off in the distance, let’s consider these things.
A priority map laid out as a half rainbow with 'Now' as the inner, 'Next' as the middle, and 'Later' as the outer. Various 'Features', 'Releases', and an 'MVP' are mapped into the sections.
(Source: “Tips for Agile product roadmaps & product roadmap examples,” Scrum.org, 2017)

Record the results in the Make the Case for Product Delivery Workbook.

Example

Example table for listing tasks to complete Now, Next, or Later

Step 1.5

Make the case to your stakeholders

Activities
  • 1.5.1 Identify what support you need from your stakeholders
  • 1.5.2 Build your pitch for product delivery

This step involves the following participants:

  • Product owners
  • Product managers
  • Development team leads
  • Portfolio managers
  • Business analysts

Outcomes of this step

  • A deliverable that helps make the case for product delivery.

Make the Case for Product Delivery

Step 1.1 Step 1.2 Step 1.3 Step 1.4 Step 1.5

Develop a stakeholder strategy to define your product owner landscape

Stakeholder Influence

Stakeholders are a critical cornerstone to product ownership. They provide the context, alignment, and constraints that influence or control what a product owner is able to accomplish.

Product teams operate within this network of stakeholders who represent different perspectives within the organization.

See the appendix for activities and guidance on how to devise a strategy for managing stakeholders.

Image of four puzzle pieces being put together, labelled 'Product Lifecycle', 'Project Delivery', 'Operational Support', 'and Stakeholder Management'.

Exercise 1.5.1 Identify what support you need from your stakeholders

30 minutes

Output: Clear understanding of stakeholders, what they need from you, and what you need from them.

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

  1. If you don’t yet know who your stakeholders are, consider completing one or more of the stakeholder management exercises in the appendix.
  2. Identify your key stakeholders who have an interest in solution delivery.
  3. Consider their perspective on product-centric delivery. (For example: For head of support, what does solution delivery mean to them?)
  4. Identify what role each stakeholder would play in the transformation.
    • This role represents what you need from them for this transformation to product-centric delivery.
Stakeholder
What does solution delivery mean to them?
What do you need from them in order to be successful?

Record the results in the Make the Case for Product Delivery Workbook.

Exercise 1.5.2 Build your pitch deck

30 minutes (and up)

Output: A completed presentation to help you make the case for product delivery.

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

  1. Take the results from the Make the Case for Product Delivery Workbook and transfer them into the presentation template.
  2. Follow the instructions on each page listed in the instruction bubbles to know what results to place where.
  3. This is meant to be a template; you are welcome to add and remove slides as needed to suit your audience!

Sample of slides from the Make the Case for Product Delivery Workbook with instruction bubbles overlaid.

Record the results in the Make the Case for Product Delivery Workbook.

Appendix

Additional research to start your journey

Related Info-Tech Research

Product Delivery

Deliver on Your Digital Product Vision

  • Build a product vision your organization can take from strategy through execution.

Build a Better Product Owner

  • Strengthen the product owner role in your organization by focusing on core capabilities and proper alignment.

Build Your Agile Acceleration Roadmap

  • Quickly assess the state of your Agile readiness and plan your path forward to higher value realization.

Implement Agile Practices That Work

  • Improve collaboration and transparency with the business to minimize project failure.

Implement DevOps Practices That Work

  • Streamline business value delivery through the strategic adoption of DevOps practices.

Deliver Digital Products at Scale

  • Deliver value at the scale of your organization through defining enterprise product families.

Extend Agile Practices Beyond IT

  • Further the benefits of Agile by extending a scaled Agile framework to the business.

Build Your BizDevOps Playbook

  • Embrace a team sport culture built around continuous business-IT collaboration to deliver great products.

Embed Security Into the DevOps Pipeline

  • Shift security left to get into DevSecOps.

Spread Best Practices With an Agile Center of Excellence

  • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

Related Info-Tech Research

Application Portfolio Management

Application Portfolio Management (APM) Research Center

  • See an overview of the APM journey and how we can support the pieces in this journey.

Application Portfolio Management for Small Enterprises

  • There is no one-size-fits-all rationalization. Tailor your framework to meet your goals.

Streamline Application Maintenance

  • Effective maintenance ensures the long-term value of your applications.

Build an Application Rationalization Framework

  • Manage your application portfolio to minimize risk and maximize value.

Modernize Your Applications

  • Justify modernizing your application portfolio from both business and technical perspectives.

Review Your Application Strategy

  • Ensure your applications enable your business strategy.

Application Portfolio Management Foundations

  • Ensure your application portfolio delivers the best possible return on investment.

Streamline Application Management

  • Move beyond maintenance to ensuring exceptional value from your apps.

Optimize Applications Release Management

  • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

Embrace Business-Managed Applications

  • Empower the business to implement their own applications with a trusted business-IT relationship.

Related Info-Tech Research

Value, Delivery Metrics, Estimation

Build a Value Measurement Framework

  • Focus product delivery on business value–driven outcomes.

Select and Use SDLC Metrics Effectively

  • Be careful what you ask for, because you will probably get it.

Application Portfolio Assessment: End User Feedback

  • Develop data-driven insights to help you decide which applications to retire, upgrade, re-train on, or maintain to meet the demands of the business.

Create a Holistic IT Dashboard

  • Mature your IT department by measuring what matters.

Refine Your Estimation Practices With Top-Down Allocations

  • Don’t let bad estimates ruin good work.

Estimate Software Delivery With Confidence

  • Commit to achievable software releases by grounding realistic expectations

Reduce Time to Consensus With an Accelerated Business Case

  • Expand on the financial model to give your initiative momentum.

Optimize IT Project Intake, Approval, and Prioritization

  • Deliver more projects by giving yourself the voice to say “no” or “not yet” to new projects.

Enhance PPM Dashboards and Reports

  • Facilitate ongoing alignment between Agile teams and the business with a set of targeted service offerings.

Related Info-Tech Research

Org Design and Performance

Redesign Your IT Organizational Structure

  • Focus product delivery on business value–driven outcomes.

Build a Strategic IT Workforce Plan

  • Have the right people, in the right place, at the right time.

Implement a New IT Organizational Structure

  • Reorganizations are inherently disruptive. Implement your new structure with minimal pain for staff while maintaining IT performance throughout the change.

Build an IT Employee Engagement Program

  • Measure employee sentiment to drive IT performance

Set Meaningful Employee Performance Measures

  • Set holistic measures to inspire employee performance.

Master Organizational Change Management Practices

  • PMOs, if you don't know who is responsible for org change, it's you.

Appendix

Product delivery strategy communication

Product roadmaps guide delivery and communicate your strategy

In Deliver on Your Digital Product Vision, we demonstrate how the product roadmap is core to value realization. The product roadmap is your communicated path, and as a product owner, you use it to align teams and changes to your defined goals while aligning your product to enterprise goals and strategy.

Diagram on how to get from product owner capabilities to 'Business Value Realization' through 'Product Roadmap' with a 'Tiered Backlog', 'Delivery Capacity and Throughput' via a 'Product Delivery Pipeline'.
(Adapted from: Pichler, “What Is Product Management?”)

Info-Tech Insight

The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.

Define product value by aligning backlog delivery with roadmap goals

In each product plan, the backlogs show what you will deliver.
Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

Two-part diagram showing the 'Product Backlog' segmented into '1. Current: Features/ Stories', '2. Near-term: Capabilities', and '3. Future: Epics', and then the 'Product Roadmap' with the same segments placed into a timeline.

Multiple roadmap views can communicate differently, yet tell the same truth

Product managers and product owners have many responsibilities, and a roadmap can be a useful tool to complete those objectives through communication or organization of tasks.

However, not all roadmaps address the correct audience and achieve those objectives. Care must be taken to align the view to the given audience.

Pie Chart showing the surveyed most important reason for using a product roadmap. From largest to smallest are 'Communicate a strategy', 'Plan and prioritize', 'Communicate milestones and releases', 'Get consensus on product direction', and 'Manage product backlog'.
Surveyed most important reason for using a product roadmap (Source: ProductPlan, 2018)

Audience
Business/ IT leaders Users/Customers Delivery teams
Roadmap View
Portfolio Product Technology
Objectives
To provide a snapshot of the portfolio and priority apps To visualize and validate product strategy To coordinate and manage teams and show dev. progress
Artifacts
Line items or sections of the roadmap are made up of individual apps, and an artifact represents a disposition at its highest level. Artifacts are generally grouped by various product teams and consist of strategic goals and the features that realize those goals. Artifacts are grouped by the teams who deliver that work and consist of features and technical enablers that support those features.

Appendix

Managing stakeholder influence

From Build a Better Product Owner

Step 1.3 (from Build a Better Product Owner)

Manage Stakeholder Influence

Activities
  • 1.3.1 Visualize interrelationships to identify key influencers
  • 1.3.2 Group your product owners into categories
  • 1.3.3 Prioritize your stakeholders
  • 1.3.4 Delegation Poker: Reach better decisions

This step will walk you through the following activities:

To be successful, product owners need to identify and manage all stakeholders for their products. This step will build a stakeholder map and strategy.

This step involves the following participants:

  • Product owners
  • Product managers
  • Development team leads
  • Portfolio managers
  • Delivery managers
  • Business analysts

Outcomes of this step

  • Relationships among stakeholders and influencers
  • Categorization of stakeholders and influencers
  • Stakeholder and influencer prioritization
  • Better understanding of decision-making approaches and delegation
Product Owner Foundations
Step 1.1 Step 1.2 Step 1.3

Develop a product owner stakeholder strategy

Stakeholder Influence

Stakeholders are a critical cornerstone to product ownership. They provide the context, alignment, and constraints that influence or control what a product owner is able to accomplish.

Product owners operate within this network of stakeholders who represent different perspectives within the organization.

First, product owners must identify members of their stakeholder network. Next, they should devise a strategy for managing stakeholders.

Without accomplishing these missing pieces, product owners will encounter obstacles, resistance, or unexpected changes.

Image of four puzzle pieces being put together, labelled 'Product Lifecycle', 'Project Delivery', 'Operational Support', 'and Stakeholder Management'.

Create a stakeholder network map to product roadmaps and prioritization

Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

Legend
Black arrow with a solid line and single direction. Black arrows indicate the direction of professional influence
Green arrow with a dashed line and bi-directional. Dashed green arrows indicate bidirectional, informal influence relationships

Info-Tech Insight

Your stakeholder map defines the influence landscape your product operates in. It is every bit as important as the teams who enhance, support, and operate your product directly.

Use “connectors” to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantive relationships with your stakeholders.

1.3.1 Visualize interrelationships to identify key influencers

60 minutes

Input: List of product stakeholders

Output: Relationships among stakeholders and influencers

Materials: Whiteboard/flip charts, Markers, Build a Better Product Owner Workbook

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

  1. List direct stakeholders for your product.
  2. Determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
  3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
  4. Construct a diagram linking stakeholders and their influencers together.
    1. Use black arrows to indicate the direction of professional influence.
    2. Use dashed green arrows to indicate bidirectional, informal influence relationships.
  5. Record the results in the Build a Better Product Owner Workbook.

Record the results in the Build a Better Product Owner Workbook.

Categorize your stakeholders with a prioritization map

A stakeholder prioritization map helps product owners categorize their stakeholders by their level or influence and ownership in the product and/or teams.

Stakeholder prioritization map split into four quadrants along two axes, 'Influence', and 'Ownership/Interest': 'Players' (high influence, high interest); 'Mediators' (high influence, low interest); 'Noisemakers' (low influence, high interest); 'Spectators' (low influence, low interest). Source: Info-Tech Research Group

There are four areas in the map, and the stakeholders within each area should be treated differently.
  • Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.
  • Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.
  • Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.
  • Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

1.3.2 Group your product owners into categories

30 minutes

Input: Stakeholder map

Output: Categorization of stakeholders and influencers

Materials: Whiteboard/flip charts, Markers, Build a Better Product Owner Workbook

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

  1. Identify your stakeholder’s interest in and influence on your Agile implementation as high, medium, or low by rating the attributes below.
  2. Map your results to the model below to determine each stakeholder’s category.
  3. Record the results in the Build a Better Product Owner Workbook.
Same stakeholder prioritization map as before but with example positions mapped onto it.
Level of Influence
  • Power: Ability of a stakeholder to effect change.
  • Urgency: Degree of immediacy demanded.
  • Legitimacy: Perceived validity of stakeholder’s claim.
  • Volume: How loud their “voice” is or could become.
  • Contribution: What they have that is of value to you.
Level of Interest

How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

Record the results in the Build a Better Product Owner Workbook.

Prioritize your stakeholders

There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

Stakeholder prioritization table with 'Stakeholder Category' as row headers ('Player', 'Mediator', 'Noisemaker', 'Spectator') and 'Level of Support' as column headers ('Supporter', 'Evangelist', 'Neutral', 'Blocker'). Importance ratings are 'Critical', 'High', 'Medium', 'Low', and 'Irrelevant'.

Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by rating the following question: how likely is it that your stakeholder would recommend your product? These parameters are used to prioritize which stakeholders are most important and should receive the focus of your attention. The table to the right indicates how stakeholders are ranked.

1.3.3 Prioritize your stakeholders

30 minutes

Input: Stakeholder matrix, Stakeholder prioritization

Output: Stakeholder and influencer prioritization

Materials: Whiteboard/flip charts, Markers, Build a Better Product Owner Workbook

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

  1. Identify the level of support of each stakeholder by answering the following question: how likely is it that your stakeholder would endorse your product?
  2. Prioritize your stakeholders using the prioritization scheme on the previous slide.
  3. Record the results in the Build a Better Product Owner Workbook.
Stakeholder Category Level of Support Prioritization
CMO Spectator Neutral Irrelevant
CIO Player Supporter Critical

Record the results in the Build a Better Product Owner Workbook.

Define strategies for engaging stakeholders by type

Stakeholder strategy map assigning stakeholder strategies to stakeholder categories, as described in the adjacent table.

Info-Tech Insight

Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying your stakeholder groups, the product owner can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers, while ensuring the needs of the Mediators and Players are met.

Type Quadrant Actions
Players High influence; high interest – actively engage Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success.
Mediators High influence; low interest – keep satisfied They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.
Noisemakers Low influence; high interest – keep informed Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
Spectators Low influence; low interest – monitor They are followers. Keep them in the loop by providing clarity on objectives and status updates.

Appendix

Product owner capability details

From Build a Better Product Owner

Develop product owner capabilities

Capability 'Vision' with sub-capabilities 'Market Analysis, 'Business Alignment', and 'Product Roadmap'.

Each capability has three components needed for successful product ownership.

Definitions are on the following slides.

Central diagram title 'Product Owner Capabilities'.

Define the skills and activities in each component that are directly related to your product and culture.

Capability 'Leadership' with sub-capabilities 'Soft Skills', 'Collaboration', and 'Decision Making'.
Capability 'Product Lifecycle Management' with sub- capabilities 'Plan', 'Build', and 'Run'. Capability 'Value Realization' with sub-capabilities 'KPIs', 'Financial Management', and 'Business Model'.

Capabilities: Vision

Market Analysis

  • Unique solution: Identify the target users and unique value your product provides that is not currently being met.
  • Market size: Define the size of your user base, segmentation, and potential growth.
  • Competitive analysis: Determine alternative solutions, products, or threats that affect adoption, usage, and retention.

Business Alignment

  • SWOT analysis: Complete a SWOT analysis for your end-to-end product lifecycle. Use Info-Tech’s Business SWOT Analysis Template.
  • Enterprise alignment: Align product to enterprise goals, strategies, and constraints.
  • Delivery strategy: Develop a delivery strategy to achieve value quickly and adapt to internal and external changes.

Product Roadmap

  • Roadmap strategy: Determine the duration, detail, and structure of your roadmap to accurately communicate your vision.
  • Value prioritization: Define criteria used to evaluate and sequence demand.
  • Go to market strategy: Create organizational change management, communications, and a user implementation approach.

Info-Tech Insight

Data comes from many places and may still not tell the complete story.

Capability 'Vision' with sub-capabilities 'Market Analysis, 'Business Alignment', and 'Product Roadmap'.

“Customers are best heard through many ears.” (Thomas K. Connellan, Inside the Magic Kingdom)

Capabilities: Leadership

Soft Skills

  • Communication: Maintain consistent, concise, and appropriate communication using SMART guidelines (specific, measurable, attainable, relevant, and timely).
  • Integrity: Stick to your values, principles, and decision criteria for the product to build and maintain trust with your users and teams.
  • Influence: Manage stakeholders using influence and collaboration over contract negotiation.

Collaboration

  • Stakeholder management: Build a communications strategy for each stakeholder group, tailored to individual stakeholders.
  • Relationship management: Use every interaction point to strengthen relationships, build trust, and empower teams.
  • Team development: Promote development through stretch goals and controlled risks to build team capabilities and performance.

Decision Making

  • Prioritized criteria: Remove personal bias by basing decisions off data analysis and criteria.
  • Continuous improvement: Balance new features with the need to ensure quality and create an environment of continuous improvement.
  • Team empowerment/negotiation: Push decisions to teams closest to the problem and solution, using Delegation Poker to guide you.

Info-Tech Insight

Product owners cannot be just a proxy for stakeholder decisions. The product owner owns product decisions and management of all stakeholders.

Capability 'Leadership' with sub-capabilities 'Soft Skills', 'Collaboration', and 'Decision Making'.

“Everything walks the walk. Everything talks the talk.” (Thomas K. Connellan, Inside the Magic Kingdom)

Capabilities: Product lifecycle management

Plan

  • Product backlog: Follow a schedule for backlog intake, refinement, updates, and prioritization.
  • Journey map: Create an end-user journey map to guide adoption and loyalty.
  • Fit for purpose: Define expected value and intended use to ensure the product meets your end user’s needs.

Build

  • Capacity management: Work with operations and delivery teams to ensure consistent and stable outcomes.
  • Release strategy: Build learning, release, and critical milestones into a repeatable release plan.
  • Compliance: Build policy compliance into delivery practices to ensure alignment and reduce avoidable risk (privacy, security).

Run

  • Adoption: Focus attention on end-user adoption and proficiency to accelerate value and maximize retention.
  • Support: Build operational support and business continuity into every team.
  • Measure: Measure KPIs and validate expected value to ensure product alignment to goals and consistent product quality.

Info-Tech Insight

Product owners must actively manage the full lifecycle of the product.

Capability 'Product Lifecycle Management' with sub- capabilities 'Plan', 'Build', and 'Run'.

“Pay fantastic attention to detail. Reward, recognize, celebrate.” (Thomas K. Connellan, Inside the Magic Kingdom)

Capabilities: Value realization

Key Performance Indicators (KPIs)

  • Usability and user satisfaction: Assess satisfaction through usage monitoring and end-user feedback.
  • Value validation: Directly measure performance against defined value proposition, goals, and predicted ROI.
  • Fit for purpose: Verify the product addresses the intended purpose better than other options.

Financial Management

  • P&L: Manage each product as if it were its own business with profit and loss statements.
  • Acquisition cost/market growth: Define the cost of acquiring a new consumer, onboarding internal users, and increasing product usage.
  • User retention/market share: Verify product usage continues after adoption and solution reaches new user groups to increase value.

Business Model

  • Defines value proposition: Dedicate your primary focus to understanding and defining the value your product will deliver.
  • Market strategy and goals: Define your acquisition, adoption, and retention plan for users.
  • Financial model: Build an end-to-end financial model and plan for the product and all related operational support.

Info-Tech Insight

Most organizations stop with on-time and on-budget. True financial alignment needs to define and manage the full lifecycle P&L.

Capability 'Value Realization' with sub-capabilities 'KPIs', 'Financial Management', and 'Business Model'.

“The competition is anyone the customer compares you with.” (Thomas K. Connellan, Inside the Magic Kingdom)

Avoid common capability gaps

Vision

  • Focusing solely on backlog refining (tactical only)
  • Ignoring or failing to align product roadmap to enterprise goals
  • Operational support and execution
  • Basing decisions on opinion rather than market data
  • Ignoring or missing internal and external threats to your product

Leadership

  • Failing to include feedback from all teams who interact with your product
  • Using a command-and-control approach
  • Viewing product owner as only a delivery role
  • Acting as a proxy for stakeholder decisions
  • Avoiding tough strategic decisions in favor of easier tactical choices

Product Lifecycle Management

  • Focusing on delivery and not the full product lifecycle
  • Ignoring support, operations, and technical debt
  • Failing to build knowledge management into the lifecycle
  • Underestimating delivery capacity, capabilities, or commitment
  • Assuming delivery stops at implementation

Value Realization

  • Focusing exclusively on “on time/on budget” metrics
  • Failing to measure a 360-degree end-user view of the product
  • Skipping business plans and financial models
  • Limiting financial management to project/change budgets
  • Ignoring market analysis for growth, penetration, and threats

Bibliography – Product Ownership

A, Karen. “20 Mental Models for Product Managers.” Medium, Product Management Insider, 2 Aug. 2018. Web.

Adams, Paul. “Product Teams: How to Build & Structure Product Teams for Growth.” Inside Intercom, 30 Oct. 2019. Web.

Agile Alliance. “Product Owner.” Agile Alliance, n.d. Web.

Banfield, Richard, et al. “On-Demand Webinar: Strategies for Scaling Your (Growing) Enterprise Product Team.” Pluralsight, 31 Jan. 2018. Web.

Blueprint. “10 Ways Requirements Can Sabotage Your Projects Right From the Start.” Blueprint, 2012. Web.

Breddels, Dajo, and Paul Kuijten. “Product Owner Value Game.” Agile2015 Conference, 2015. Web.

Cagan, Martin. “Behind Every Great Product.” Silicon Valley Product Group, 2005. Web.

Cohn, Mike “What is a product?” Mountain Goat Software, 16 Sept. 2016, Web

Connellan, Thomas K. Inside the Magic Kingdom. Bard Press, 1997. Print.

Curphey, Mark, “Product Definition.” slideshare.net, 25 Feb. 2007. Web

Eringa, Ron. “Evolution of the Product Owner.” RonEringa.com, 12 June 2016. Web.

Fernandes, Thaisa. “Spotify Squad Framework - Part I.” Medium.com, 6 March 2017. Web.

Galen, Robert. “Measuring Product Ownership – What Does ‘Good’ Look Like?” RGalen Consulting, 5 Aug. 2015. Web.

Halisky, Merland, and Luke Lackrone. “The Product Owner’s Universe.” Agile Alliance, Agile2016, 2016. Web.

Kamer, Jurriaan. “How to Build Your Own ‘Spotify Model’.” Medium.com, 9 Feb. 2018. Web.

Kendis Team. “Exploring Key Elements of Spotify’s Agile Scaling Model.” Medium.com, 23 July 2018. Web.

Lindstrom, Lowell. “7 Skills You Need to Be a Great Product Owner.” Scrum Alliance, n.d. Web.

Lukassen, Chris. “The Five Belts Of The Product Owner.” Xebia.com, 20 Sept. 2016. Web.

Management 3.0. “Delegation Poker Product Image.” Management 3.0, n.d. Web.

McCloskey, Heather. “Scaling Product Management: Secrets to Defeating Common Challenges.” ProductPlan, 12 July 2019. Web.

Bibliography – Product Ownership

McCloskey, Heather. “When and How to Scale Your Product Team.” UserVoice, 21 Feb. 2017. Web.

Mironov, Rich. “Scaling Up Product Manager/Owner Teams: Rich Mironov's Product Bytes.” Rich Mironov's Product Bytes, Mironov Consulting, 12 April 2014 . Web.

Overeem, Barry. “A Product Owner Self-Assessment.” Barry Overeem, 6 March 2017. Web.

Overeem, Barry. “Retrospective: Using the Team Radar.” Barry Overeem, 27 Feb. 2017. Web.

Pichler, Roman. “How to Scale the Scrum Product Owner.” Roman Pichler, 28 June 2016 . Web.

Pichler, Roman. “Product Management Framework.” Pichler Consulting Limited, 2014. Web.

Pichler, Roman. “Sprint Planning Tips for Product Owners.” LinkedIn, 4 Sept. 2018. Web.

Pichler, Roman. “What Is Product Management?” Pichler Consulting Limited, 26 Nov. 2014. Web.

Radigan, Dan. “Putting the ‘Flow' Back in Workflow With WIP Limits.” Atlassian, n.d. Web.

Schuurman, Robbin. “10 Tips for Product Owners on Agile Product Management.” Scrum.org, 28 Nov. 2017. Web.

Schuurman, Robbin. “10 Tips for Product Owners on (Business) Value.” Scrum.org, 30 Nov. 2017. Web.

Schuurman, Robbin. “10 Tips for Product Owners on Product Backlog Management.” Scrum.org, 5 Dec. 2017. Web.

Schuurman, Robbin. “10 Tips for Product Owners on the Product Vision.” Scrum.org, 29 Nov. 2017. Web.

Schuurman, Robbin. “Tips for Starting Product Owners.” Scrum.org, 27 Nov. 2017. Web.

Sharma, Rohit. “Scaling Product Teams the Structured Way.” Monetary Musings, 28 Nov. 2016. Web.

Bibliography – Product Ownership

Steiner, Anne. “Start to Scale Your Product Management: Multiple Teams Working on Single Product.” Cprime, 6 Aug. 2019. Web.

Shirazi, Reza. “Betsy Stockdale of Seilevel: Product Managers Are Not Afraid To Be Wrong.” Austin VOP #50, 2 Oct. 2018. Web.

“The Standish Group 2015 Chaos Report.” The Standish Group, 2015. Web.

Theus, Andre. “When Should You Scale the Product Management Team?” ProductPlan, 7 May 2019. Web.

Tolonen, Arto. “Scaling Product Management in a Single Product Company.” Smartly.io, 26 Apr. 2018. Web.

Ulrich, Catherine. “The 6 Types of Product Managers. Which One Do You Need?” Medium.com, 19 Dec. 2017. Web.

VersionOne. “12th Annual State of Agile Report.” VersionOne, 9 April 2018. Web.

Verwijs, Christiaan. “Retrospective: Do The Team Radar.” Medium.com, 10 Feb. 2017. Web.

“How do you define a product?” Scrum.org, 4 April 2017, Web.

“Product Definition.” TechTarget, Sept. 2005. Web

Bibliography – Product Roadmap

Ambysoft. “2018 IT Project Success Rates Survey Results.” Ambysoft. 2018. Web.

Bastow, Janna. “Creating Agile Product roadmaps Everyone Understands.” ProdPad, 22 Mar. 2017. Accessed Sept. 2018.

Bastow, Janna. “The Product Tree Game: Our Favorite Way To Prioritize Features.” ProdPad, 21 Feb. 2016. Accessed Sept. 2018.

Chernak, Yuri. “Requirements Reuse: The State of the Practice.” 2012, Herzlia, Israel, 2012 IEEE International Conference on Software Science, Technology and Engineering, 12 June 2012. Web.

Fowler, Martin. “Application Boundary.” MartinFowler.com, 11 Sept. 2003. Accessed 20 Nov. 2017.

Harrin, Elizabeth. “Learn What a Project Milestone Is.” The Balance Careers, 10 May 2018. Accessed Sept. 2018.

“How to create a product roadmap.” Roadmunk, n.d. Accessed Sept. 2018.

Johnson, Steve. “How to Master the 3 Horizons of Product Strategy.” Aha!, 24 Sept. 2015. Accessed Sept. 2018.

Johnson, Steve. “The Product Roadmap vs. the Technology Roadmap.” Aha!, 23 June 2016. Accessed Sept. 2018

Juncal, Shaun. “How Should You Set Your Product Roadmap Timeframes?” ProductPlan, n.d. Accessed Sept. 2018.

Leffingwell, Dean. “SAFe 4.0.” Scaled Agile, Inc., 2017. Web.

Maurya, Ash. “What is a Minimum Viable Product (MVP)?” LEANSTACK, 12 June 2017. Accessed Sept. 2018.

Pichler, Roman. “10 Tips for Creating an Agile Product Roadmap.” Roman Pichler, 20 July 2016. Accessed Sept. 2018.

Pichler, Roman. Strategize: Product Strategy and Product Roadmap Practices for the Digital Age. Pichler Consulting, 2016.

“Product Roadmap Contents: What Should You Include?” ProductPlan, n.d. Accessed 20 Nov. 2017.

Saez, Andrea. “Why Your Roadmap Is Not a Release Plan.” ProdPad, 23 Oct. 2015. Accessed Sept. 2018.

Schuurman, Robbin. “Tips for Agile product roadmaps & product roadmap examples.” Scrum.org, 7 Dec. 2017. Accessed Sept. 2018

Research Contributors and Experts

Photo of Emily Archer, Lead Business Analyst, Enterprise Consulting, authentic digital agency.

Emily Archer
Lead Business Analyst,
Enterprise Consulting, authentic digital agency

Emily Archer is a consultant currently working with Fortune 500 clients to ensure the delivery of successful projects, products, and processes. She helps increase the business value returned for organizations’ investments in designing and implementing enterprise content hubs and content operations, custom web applications, digital marketing, and e-commerce platforms.

Photo of David Berg, Founder & CTO, Strainprint Technologies Inc.

David Berg
Founder & CTO
Strainprint Technologies Inc.

David Berg is a product commercialization expert that has spent the last 20 years of his career delivering product management and business development services across a broad range of industries. Early in his career, David worked with product management and engineering teams to build core network infrastructure products that secure and power the internet we benefit from today. David’s experience also includes working with clean technologies in the area of clean power generation, agritech, and Internet of Things infrastructure. Over the last five years, David has been focused on his latest venture, Strainprint Technologies, a data and analytics company focused on the medical cannabis industry. Strainprint has built the largest longitudinal medical cannabis dataset in the world with the goal to develop an understanding of treatment behavior, interactions, and chemical drivers to guide future product development.

Research Contributors and Experts

Blank photo template.

Kathy Borneman
Digital Product Owner, SunTrust Bank

Kathy Borneman is a senior product owner who helps people enjoy their jobs again by engaging others in end-to-end decision making to deliver software and operational solutions that enhance the client experience and allow people to think and act strategically.

Photo of Charlie Campbell, Product Owner, Merchant e-Solutions.

Charlie Campbell
Product Owner, Merchant e-Solutions

Charlie Campbell is an experienced problem solver with the ability to quickly dissect situations and recommend immediate actions to achieve resolution, liaise between technical and functional personnel to bridge the technology and communication gap, and work with diverse teams and resources to reach a common goal.

Research Contributors and Experts

Photo of Yarrow Diamond, Sr. Director, Business Architecture, Financial Services.

Yarrow Diamond
Sr. Director, Business Architecture
Financial Services

Yarrow Diamond is an experienced professional with expertise in enterprise strategy development, project portfolio management, and business process reengineering across financial services, healthcare and insurance, hospitality, and real estate environments. She has a master’s in Enterprise Architecture from Penn State University, LSSMBB, PMP, CSM, ITILv3.

Photo of Cari J. Faanes-Blakey, CBAP, PMI-PBA, Enterprise Business Systems Analyst, Vertex, Inc.

Cari J. Faanes-Blakey, CBAP, PMI-PBA
Enterprise Business Systems Analyst,
Vertex, Inc.

Cari J. Faanes-Blakey has a history in software development and implementation as a Business Analyst and Project Manager for financial and taxation software vendors. Active in the International Institute of Business Analysis (IIBA), Cari participated on the writing team for the BA Body of Knowledge 3.0 and the certification exam.

Research Contributors and Experts

Photo of Kieran Gobey, Senior Consultant Professional Services, Blueprint Software Systems.

Kieran Gobey
Senior Consultant Professional Services
Blueprint Software Systems

Kieran Gobey is an IT professional with 24 years of experience, focused on business, technology, and systems analysis. He has split his career between external and internal customer-facing roles, and this has resulted in a true understanding of what is required to be a Professional Services Consultant. His problem-solving skills and ability to mentor others have resulted in successful software implementations.

Kieran’s specialties include deep system troubleshooting and analysis skills, facilitating communications to bring together participants effectively, mentoring, leadership, and organizational skills.

Photo of Rupert Kainzbauer, VP Product, Digital Wallets, Paysafe Group.

Rupert Kainzbauer
VP Product, Digital Wallets
Paysafe Group

Rupert Kainzbauer is an experienced senior leader with a passion for defining and delivering products that deliver real customer and commercial benefit. Together with a team of highly experienced and motivated product managers, he has successfully led highly complex, multi-stakeholder payments initiatives, from proposition development and solution design through to market delivery. Their domain experience is in building online payment products in high-risk and emerging markets, remittance, prepaid cards, and mobile applications.

Research Contributors and Experts

Photo of Saeed Khan, Founder, Transformation Labs.

Saeed Khan
Founder,
Transformation Labs

Saeed Khan has been working in high tech for 30 years in both Canada and the US and has held a number of leadership roles in Product Management over that time. He speaks regularly at conferences and has been writing publicly about technology product management since 2005.

Through Transformation Labs, Saeed helps companies accelerate product success by working with product teams to improve their skills, practices, and processes. He is a cofounder of ProductCamp Toronto and currently runs a Meetup group and global Slack community called Product Leaders, the only global community of senior-level product executives.

Photo of Hoi Kun Lo, Product Owner, Nielsen.

Hoi Kun Lo
Product Owner
Nielsen

Hoi Kun Lo is an experienced change agent who can be found actively participating within the IIBA and WITI groups in Tampa, FL, and a champion for Agile, architecture, diversity, and inclusion programs at Nielsen. She is currently a Product Owner in the Digital Strategy team within Nielsen Global Watch Technology.

Research Contributors and Experts

Photo of Abhishek Mathur, Sr Director, Product Management, Kasisto, Inc.

Abhishek Mathur
Sr Director, Product Management
Kasisto, Inc.

Abhishek Mathur is a product management leader, an artificial intelligence practitioner, and an educator. He has led product management and engineering teams at Clarifai, IBM, and Kasisto to build a variety of artificial intelligence applications within the space of computer vision, natural language processing, and recommendation systems. Abhishek enjoys having deep conversations about the future of technology and helping aspiring product managers enter and accelerate their careers.

Photo of Jeff Meister, Technology Advisor and Product Leader.

Jeff Meister
Technology Advisor and Product Leader

Jeff Meister is a technology advisor and product leader. He has more than 20 years of experience building and operating software products and the teams that build them. He has built products across a wide range of industries and has built and led large engineering, design, and product organizations.

Jeff most recently served as Senior Director of Product Management at Avanade, where he built and led the product management practice. This involved hiring and leading product managers, defining product management processes, solution shaping and engagement execution, and evangelizing the discipline through pitches, presentations, and speaking engagements.

Jeff holds a Bachelor of Applied Science (Electrical Engineering) and a Bachelor of Arts from the University of Waterloo, an MBA from INSEAD (Strategy), and certifications in product management, project management, and design thinking.

Research Contributors and Experts

Photo of Vincent Mirabelli, Principal, Global Project Synergy Group.

Vincent Mirabelli
Principal,
Global Project Synergy Group

With over 10 years of experience in both the private and public sectors, Vincent Mirabelli possesses an impressive track record of improving, informing, and transforming business strategy and operations through process improvement, design and re-engineering, and the application of quality to business analysis, project management, and process improvement standards.

Photo of Oz Nazili, VP, Product & Growth, TWG.

Oz Nazili
VP, Product & Growth
TWG

Oz Nazili is a product leader with a decade of experience in both building products and product teams. Having spent time at funded startups and large enterprises, he thinks often about the most effective way to deliver value to users. His core areas of interest include Lean MVP development and data-driven product growth.

Research Contributors and Experts

Photo of Mark Pearson, Principal IT Architect, First Data Corporation.

Mark Pearson
Principal IT Architect
First Data Corporation

Mark Pearson is an executive business leader grounded in the process, data, technology, and operations of software-driven business. He knows the enterprise software landscape and is skilled in product, technology, and operations design and delivery within information technology organizations, outsourcing firms, and software product companies.

Photo of Brenda Peshak, Product Owner, Widget Industries, LLC.

Brenda Peshak
Product Owner,
Widget Industries, LLC

Brenda Peshak is skilled in business process, analytical skills, Microsoft Office Suite, communication, and customer relationship management (CRM). She is a strong product management professional with a Master’s focused in Business Leadership (MBL) from William Penn University.

Research Contributors and Experts

Photo of Mike Starkey, Director of Engineering, W.W. Grainger.

Mike Starkey
Director of Engineering
W.W. Grainger

Mike Starkey is a Director of Engineering at W.W. Grainger, currently focusing on operating model development, digital architecture, and building enterprise software. Prior to joining W.W. Grainger, Mike held a variety of technology consulting roles throughout the system delivery lifecycle spanning multiple industries such as healthcare, retail, manufacturing, and utilities with Fortune 500 companies.

Photo of Anant Tailor, Cofounder & Head of Product, Dream Payments Corp.

Anant Tailor
Cofounder & Head of Product
Dream Payments Corp.

Anant Tailor is a cofounder at Dream Payments where he currently serves as the COO and Head of Product, having responsibility for Product Strategy & Development, Client Delivery, Compliance, and Operations. He has 20+ years of experience building and operating organizations that deliver software products and solutions for consumers and businesses of varying sizes.

Prior to founding Dream Payments, Anant was the COO and Director of Client Services at DonRiver Inc, a technology strategy and software consultancy that he helped to build and scale into a global company with 100+ employees operating in seven countries.

Anant is a Professional Engineer with a Bachelor’s degree in Electrical Engineering from McMaster University and a certificate in Product Strategy & Management from the Kellogg School of Management at Northwestern University.

Research Contributors and Experts

Photo of Angela Weller, Scrum Master, Businessolver.

Angela Weller
Scrum Master, Businessolver

Angela Weller is an experienced Agile business analyst who collaborates with key stakeholders to attain their goals and contributes to the achievement of the company’s strategic objectives to ensure a competitive advantage. She excels when mediating or facilitating teams.

Drive Technology Adoption

  • Buy Link or Shortcode: {j2store}111|cart{/j2store}
  • member rating overall impact (scale of 10): N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Strategy and Organizational Design
  • Parent Category Link: /strategy-and-organizational-design

The project isn’t over if the new product or system isn’t being used. How do you ensure that what you’ve put in place isn’t going to be ignored or only partially adopted? People are more complicated than any new system and managing them through the change needs careful planning.

Our Advice

Critical Insight

Cultivating a herd mentality, where people adopt new technology merely because everyone else is, is an important goal in getting the bulk of users using the new product or system. The herd needs to gather momentum though and this can be done by using the more tech-able and enthused to lead the rest on the journey. Identifying and engaging these key resources early in the process will greatly assist in starting the flow.

Impact and Result

While communication is key throughout, involving staff in proof-of-concept activities and contests and using the train-the-trainer techniques and technology champions will all start the momentum toward technology adoption. Group activities will address the bulk of users, but laggards may need special attention.

Drive Technology Adoption Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Drive Technology Adoption – A brief deck describing how to encourage users to adopt newly implemented technology.

This document will help you to ensure that newly implemented systems and technologies are correctly adopted by the intended recipients.

  • Drive Technology Adoption Storyboard
[infographic]

Further reading

Drive Technology Adoption

The project is over. The new technology is implemented. Now how do we make sure it's used?

Executive Summary

Your Challenge

Technology endlessly changes and evolves. Similarly, business directions and requirements change, and these changes need to be supported by technology. Improved functionality and evolvement of systems, along with systems becoming redundant or unsupported, means that maintaining a static environment is virtually impossible.

Enormous amounts of IT budget are allocated to these changes each year. But once the project is over, how do you manage that change and ensure the systems are being used? Planning your technology adoption is vital.

Common Obstacles

The obstacles to technology adoption can be many and various, covering a broad spectrum of areas including:

  • Reluctance of staff to let go of familiar processes and procedures.
  • Perception that any change will add complications but not add value, thereby hampering enthusiasm to adopt.
  • Lack of awareness of the change.
  • General fear of change.
  • Lack of personal confidence.

Info-Tech’s Approach

Start by identifying, understanding, categorizing, and defining barriers and put in place a system to:

  • Gain an early understanding of the different types of users and their attitudes to technology and change.
  • Review different adoption techniques and analyze which are most appropriate for your user types.
  • Use a “Follow the Leader” approach, by having technical enthusiasts and champions to show the way.
  • Prevent access to old systems and methods.

Info-Tech Insight

For every IT initiative that will be directly used by users, consider the question, “Will the final product be readily accepted by those who are going to use it?” There is no point in implementing a product that no one is prepared to use. Gaining user acceptance is much more than just ticking a box in a project plan once UAT is complete.

The way change should happen is clear

Prosci specializes in change. Its ADKAR model outlines what’s required to bring individuals along on the change journey.

AWARENESS

  • Awareness means more than just knowing there’s a change occurring,
  • it means understanding the need for change.

DESIRE

  • To achieve desire, there needs to be motivation, whether it be from an
  • organizational perspective or personal.

KNOWLEDGE

  • Both knowledge on how to train during the transition and knowledge
  • on being effective after the change are required. This can only be done
  • once awareness and desire are achieved.

ABILITY

  • Ability is not knowledge. Knowing how to do something doesn’t necessarily translate to having the skills to do it.

REINFORCEMENT

  • Without reinforcement there can be a tendency to revert.

When things go wrong

New technology is not being used

The project is seen as complete. Significant investments have been made, but the technology either isn’t being used or is only partially in use.

Duplicate systems are now in place

Even worse. The failure to adopt the new technology by some means that the older systems are still being used. There are now two systems that fail to interact; business processes are being affected and there is widespread confusion.

Benefits not being realized

Benefits promised to the business are not being realized. Projected revenue increases, savings, or efficiencies that were forecast are now starting to be seen as under threat.

There is project blowout

The project should be over, but the fact that the technology is not being used has created a perception that the implementation is not complete and the project needs to continue.

Info-Tech Insight

People are far more complicated than any technology being implemented.

Consider carefully your approach.

Why does it happen?

POOR COMMUNICATION

There isn’t always adequate communications about what’s changing in the workplace.

FEAR

Fear of change is natural and often not rational. Whether the fear is about job loss or not being able to adapt to change; it needs to be managed.

TRAINING

Training can be insufficient or ineffective and when this happens people are left feeling like they don’t have the skills to make the change.

LACK OF EXECUTIVE SUPPORT

A lack of executive support for change means the change is seen as less important.

CONFLICTING VIEWS OF CHANGE

The excitement the project team and business feels about the change is not necessarily shared throughout the business. Some may just see the change as more work, changing something that already works, or a reason to reduce staff levels.

LACK OF CONFIDENCE

Whether it’s a lack of confidence generally with technology or concern about a new or changing tool, a lack of confidence is a huge barrier.

BUDGETARY CONSTRAINTS

There is a cost with managing people during a change, and budget must be allocated to allow for it.

Communications

Info-Tech Insight

Since Sigmund Freud there has been endless work to understand people’s minds.
Don’t underestimate the effect that people’s reactions to change can have on your project.

This is a Kubler-ross change curve graph, plotting the following Strategies: Create Alignment; Maximize Communication; Spark Motivation; Develop Capability; Share Knowledge

Communication plans are designed to properly manage change. Managing change can be easier when we have the right tools and information to adapt to new circumstances. The Kubler-Ross change curve illustrates the expected steps on the path to acceptance of change. With the proper communications strategy, each can be managed appropriately

Analyst perspective

Paul Binns – Principal Research Advisor, Info-Tech

The rapidly changing technology landscape in our world has always meant that an enthusiasm or willingness to embrace change has been advantageous. Many of us have seen how the older generation has struggled with that change and been left behind.

In the work environment, the events of the past two years have increased pressure on those slow to adopt as in many cases they couldn't perform their tasks without new tools. Previously, for example, those who may have been reluctant to use digital tools and would instead opt for face-to-face meetings, suddenly found themselves without an option as physical meetings were no longer possible. Similarly, digital collaboration tools that had been present in the market for some time were suddenly more heavily used so everyone could continue to work together in the “online world.”

At this stage no one is sure what the "new normal" will be in the post-pandemic world, but what has been clearly revealed is that people are prepared to change given the right motivation.

“Technology adoption is about the psychology of change.”
Bryan Tutor – Executive Counsellor, Info-Tech

The Fix

  • Categorize Users
    • Gain a clear understanding of your user types.
  • Identify Adoption Techniques
    • Understand the range of different tools and techniques available.
  • Match Techniques To Categories
    • Determine the most appropriate techniques for your user base.
  • Follow-the-Leader
    • Be aware of the different skills in your environment and use them to your advantage.
  • Refresh, Retrain, Restrain
    • Prevent reversion to old methods or systems.

Categories

Client-Driven Insight

Consider your staff and industry when looking at the Everett Rogers curve. A technology organization may have less laggards than a traditional manufacturing one.

In Everett Rogers’ book Diffusion of Innovations 5th Edition (Free Press, 2005), Rogers places adopters of innovations into five different categories.

This is an image of an Innovation Adoption Curve from Everett Rogers' book Diffusion of Innovations 5th Edition

Category 1: The Innovator – 2.5%

Innovators are technology enthusiasts. Technology is a central interest of theirs, either at work, at home, or both. They tend to aggressively pursue new products and technologies and are likely to want to be involved in any new technology being implemented as soon as possible, even before the product is ready to be released.

For people like this the completeness of the new technology or the performance can often be secondary because of their drive to get new technology as soon as possible. They are trailblazers and are not only happy to step out of their comfort zone but also actively seek to do so.

Although they only make up about 2.5% of the total, their enthusiasm, and hopefully endorsement of new technology, offers reassurance to others.

Info-Tech Insight

Innovators can be very useful for testing before implementation but are generally more interested in the technology itself rather than the value the technology will add to the business.

Category 2: The Early Adopter – 13.5%

Whereas Innovators tend to be technologists, Early Adopters are visionaries that like to be on board with new technologies very early in the lifecycle. Because they are visionaries, they tend to be looking for more than just improvement – a revolutionary breakthrough. They are prepared to take high risks to try something new and although they are very demanding as far as product features and performance are concerned, they are less price-sensitive than other groups.

Early Adopters are often motivated by personal success. They are willing to serve as references to other adopter groups. They are influential, seen as trendsetters, and are of utmost importance to win over.

Info-Tech Insight

Early adopters are key. Their enthusiasm for technology, personal drive, and influence make them a powerful tool in driving adoption.

Category 3: The Early Majority – 34%

This group is comprised of pragmatists. The first two adopter groups belong to early adoption, but for a product to be fully adopted the mainstream needs to be won over, starting with the Early Majority.

The Early Majority share some of the Early Adopters’ ability to relate to technology. However, they are driven by a strong sense of practicality. They know that new products aren’t always successful. Consequently, they are content to wait and see how others fare with the technology before investing in it themselves. They want to see well-established references before adopting the technology and to be shown there is no risk.

Because there are so many people in this segment (roughly 34%), winning these people over is essential for the technology to be adopted.

Category 4: The Late Majority – 34%

The Late Majority are the conservatives. This group is generally about the same size as the Early Majority. They share all the concerns of the Early Majority; however, they are more resistant to change and are more content with the status quo than eager to progress to new technology. People in the Early Majority group are comfortable with their ability to handle new technology. People in the Late Majority are not.

As a result, these conservatives prefer to wait until something has become an established standard and take part only at the end of the adoption period. Even then, they want to see lots of support and ensure that there is proof there is no risk in them adopting it.

Category 5: The Laggard – 16%

This group is made up of the skeptics and constitutes 16% of the total. These people want nothing to do with new technology and are generally only content with technological change when it is invisible to them. These skeptics have a strong belief that disruptive new technologies rarely deliver the value promised and are almost always worried about unintended consequences.

Laggards need to be dealt with carefully as their criticism can be damaging and without them it is difficult for a product to become fully adopted. Unfortunately, the effort required for this to happen is often disproportional to the size of the group.

Info-Tech Insight

People aren’t born laggards. Technology projects that have failed in the past can alter people’s attitudes, especially if there was a negative impact on their working lives. Use empathy when dealing with people and respect their hesitancy.

Adoption Techniques

Different strokes for different folks

Technology adoption is all about people; and therefore, the techniques required to drive that adoption need to be people oriented.

The following techniques are carefully selected with the intention of being impactful on all the different categories described previously.

Technology Adoption: Herd Mentality; Champions; Force; Group Training; One-on-One; Contests; Marketing; Proof of Concept; Train the Trainer

There are multitudes of different methods to get people to adopt new technology, but which is the most appropriate for your situation? Generally, it’s a combination.

Technology Adoption: Herd Mentality; Champions; Force; Group Training; One-on-One; Contests; Marketing; Proof of Concept; Train the Trainer

Train the Trainer

Use your staff to get your message across.

Abstract

This technique involves training key members of staff so they can train others. It is important that those selected are strong communicators, are well respected by others, and have some expertise in technology.

Advantages

  • Cost effective
  • Efficient dissemination of information
  • Trusted internal staff

Disadvantages

  • Chance of inconsistent delivery
  • May feel threatened by co-worker

Best to worst candidates

  • Early Adopter: Influential trendsetters. Others receptive of their lead.
  • Innovator: Comfortable and enthusiastic about new technology, but not necessarily a trainer.
  • Early Majority: Tendency to take others’ lead.
  • Late Majority: Risk averse and tend to follow others, only after success is proven.
  • Laggard: Last to adopt usually. Unsuitable as Trainer.

Marketing

Marketing should be continuous throughout the change to encourage familiarity.

Abstract

Communication is key as people are comfortable with what is familiar to them. Marketing is an important tool for convincing adopters that the new product is mainstream, widely adopted and successful.

Advantages

  • Wide communication
  • Makes technology appear commonplace
  • Promotes effectiveness of new technology

Disadvantages

  • Reliant on staff interest
  • Can be expensive

Best to worst candidates

  • Early Majority: Pragmatic about change. Marketing is effective encouragement.
  • Early Adopter: Receptive and interested in change. Marketing is supplemental.
  • Innovator: Actively seeks new technology. Does not need extensive encouragement.
  • Late Majority: Requires more personal approach.
  • Laggard: Resistant to most enticements.

One-on-One

Tailored for individuals.

Abstract

One-on-one training sometimes is the only way to train if you have staff with special needs or who are performing unique tasks.
It is generally highly effective but inefficient as it only addresses individuals.

Advantages

  • Tailored to specific need(s)
  • Only relevant information addressed
  • Low stress environment

Disadvantages

  • Expensive
  • Possibility of inconsistent delivery
  • Personal conflict may render it ineffective

Best to worst candidates

  • Laggard: Encouragement and cajoling can be used during training.
  • Late Majority: Proof can be given of effectiveness of new product.
  • Early Majority: Effective, but not cost efficient.
  • Early Adopter: Effective, but not cost-efficient.
  • Innovator: Effective, but not cost-efficient.

Group Training

Similar roles, attitudes, and abilities.

Abstract

Group training is one of the most common methods to start people on their journey toward new technology. Its effectiveness with the two largest groups, Early Majority and Late Majority, make it a primary tool in technology adoption.

Advantages

  • Cost effective
  • Time effective
  • Good for team building

Disadvantages

  • Single method may not work for all
  • Difficult to create single learning pace for all

Best to worst candidates

  • Early Majority: Receptive. The formality of group training will give confidence.
  • Late Majority: Conservative attitude will be receptive to traditional training.
  • Early Adopter: Receptive and attentive. Excited about the change.
  • Innovator: Will tend to want to be ahead or want to move ahead of group.
  • Laggard: Laggards in group training may have a negative impact.

Force

The last resort.

Abstract

The transition can’t go on forever.

At some point the new technology needs to be fully adopted and if necessary, force may have to be used.

Advantages

  • Immediate full transition
  • Fixed delivery timeline

Disadvantages

  • Alienation of some staff
  • Loss of faith in product if there are issues

Best to worst candidates

  • Laggard: No choice but to adopt. Forces the issue.
  • Late Majority: Removes issue of reluctance to change.
  • Early Majority: Content, but worried about possible problems.
  • Early Adopter: Feel less personal involvement in change process.
  • Innovator: Feel less personal involvement in change process.

Contests

Abstract

Contests can generate excitement and create an explorative approach to new technology. People should not feel pressured. It should be enjoyable and not compulsory.

Advantages

  • Rapid improvement of skills
  • Bring excitement to the new technology
  • Good for team building

Disadvantages

  • Those less competitive or with lower skills may feel alienated
  • May discourage collaboration

Best to worst candidates

  • Early Adopter: Seeks personal success. Risk taker. Effective.
  • Innovator: Enthusiastic to explore limits of technology.
  • Early Majority: Less enthusiastic. Pragmatic. Less competitive.
  • Late Majority: Conservative. Not enthusiastic about new technology.
  • Laggard: Reluctant to get involved.

Incentives

Incentives don’t have to be large.

Abstract

For some staff, merely taking management’s lead is not enough. Using “Nudge” techniques to give that extra incentive is quite effective. Incentivizing staff either financially or through rewards, recognition, or promotion is a successful adoption technique for some.

Advantages

Encouragement to adopt from receiving tangible benefit

Draws more attention to the new technology

Disadvantages

Additional expense to business or project

Possible poor precedent for subsequent changes

Best to worst candidates

Early Adopter: Desire for personal success makes incentives enticing.

Early Majority: Prepared to change, but extra incentive will assist.

Late Majority: Conservative attitude means incentive may need to be larger.

Innovator: Enthusiasm for new technology means incentive not necessary.

Laggard: Sceptical about change. Only a large incentive likely to make a difference.

Champions

Strong internal advocates for your new technology are very powerful.

Abstract

Champions take on new technology and then use their influence to promote it in the organization. Using managers as champions to actively and vigorously promote the change is particularly effective.

Advantages

  • Infectious enthusiasm encourages those who tend to be reluctant
  • Use of trusted internal staff

Disadvantages

  • Removes internal staff from regular duties
  • Ineffective if champion not respected

Best to worst candidates

  • Early Majority: Champions as references of success provide encouragement.
  • Late Majority: Management champions in particular are effective.
  • Laggard: Close contact with champions may be effective.
  • Early Adopter: Receptive of technology, less effective.
  • Innovator: No encouragement or promotion required.

Herd Mentality

Follow the crowd.

Abstract

Herd behavior is when people discount their own information and follow others. Ideally all adopters would understand the reason and advantages in adopting new technology, but practically, the result is most important.

Advantages

  • New technology is adopted without question
  • Increase in velocity of adoption

Disadvantages

  • Staff may not have clear understanding of the reason for change and resent it later
  • Some may adopt the change before they are ready to do so

Best to worst candidates

  • Early Majority: Follow others’ success.
  • Late Majority: Likely follow an established proven standard.
  • Early Adopter: Less effective as they prefer to set trends rather than follow.
  • Innovator: Seeks new technology rather than following others.
  • Laggard: Suspicious and reluctant to change.

Proof of Concepts

Gain early input and encourage buy-in.

Abstract

Proof of concept projects give early indications of the viability of a new initiative. Involving the end users in these projects can be beneficial in gaining their support

Advantages

Involve adopters early on

Valuable feedback and indications of future issues

Disadvantages

If POC isn’t fully successful, it may leave lingering negativity

Usually, involvement from small selection of staff

Best to worst candidates

  • Innovator: Strong interest in getting involved in new products.
  • Early Adopter: Comfortable with new technology and are influencers.
  • Early Majority: Less interest. Prefer others to try first.
  • Late Majority: Conservative attitude makes this an unlikely option.
  • Laggard: Highly unlikely to get involved.

Match techniques to categories

What works for who?

This clustered column chart categorizes techniques by category

Follow the leader

Engage your technology enthusiasts early to help refine your product, train other staff, and act as champions. A combination of marketing and group training will develop a herd mentality. Finally, don’t neglect the laggards as they can prevent project completion.

This is an inverted funnel chart with the output of: Change Destination.  The inputs are: 16% Laggards; 34% Late Majority; 34% Early Majority; 13.3% Early Adopters; 2% Innovators

Info-Tech Insight

Although there are different size categories, none can be ignored. Consider your budget when dealing with smaller groups, but also consider their impact.

Refresh, retrain, restrain

We don’t want people to revert.

Don’t assume that because your staff have been trained and have access to the new technology that they will keep using it in the way they were trained. Or that they won’t revert back to their old methods or system.

Put in place methods to remove completely or remove access to old systems. Schedule refresh training or skill enhancement sessions and stay vigilant.

Research Authors

Paul Binns

Paul Binns

Principal Research Advisor, Info-Tech Research Group

With over 30 years in the IT industry, Paul brings to his work his experience as a Strategic Planner, Consultant, Enterprise Architect, IT Business Owner, Technologist, and Manager. Paul has worked with both small and large companies, local and international, and has had senior roles in government and the finance industry.

Scott Young

Scott Young

Principal Research Advisor, Info-Tech Research Group

Scott Young is a Director of Infrastructure Research at Info-Tech Research Group. Scott has worked in the technology field for over 17 years, with a strong focus on telecommunications and enterprise infrastructure architecture. He brings extensive practical experience in these areas of specialization, including IP networks, server hardware and OS, storage, and virtualization.

Related Info-Tech Research

User Group Analysis Workbook

Use Info-Tech’s workbook to gather information about user groups, business processes, and day-to-day tasks to gain familiarity with your adopters.

Governance and Management of Enterprise Software Implementation

Use our research to engage users and receive timely feedback through demonstrations. Our iterative methodology with a task list focused on the business’ must-have functionality allows staff to return to their daily work sooner.

Quality Management User Satisfaction Survey

This IT satisfaction survey will assist you with early information to use for categorizing your users.

Master Organizational Change Management Practices

Using a soft, empathetic approach to change management is something that all PMOs should understand. Use our research to ensure you have an effective OCM plan that will ensure project success.

Bibliography

Beylis, Guillermo. “COVID-19 accelerates technology adoption and deepens inequality among workers in Latin America and the Caribbean.” World Bank Blogs, 4 March 2021. Web.

Cleland, Kelley. “Successful User Adoption Strategies.” Insight Voices, 25 Apr. 2017. Web.

Hiatt, Jeff. “The Prosci ADKAR ® Model.” PROSCI, 1994. Web.

Malik, Priyanka. “The Kübler Ross Change Curve in the Workplace.” whatfix, 24 Feb. 2022. Web.

Medhaugir, Tore. “6 Ways to Encourage Software Adoption.” XAIT, 9 March 2021. Web.

Narayanan, Vishy. “What PwC Australia learned about fast tracking tech adoption during COVID-19” PWC, 13 Oct. 2020. Web.

Sridharan, Mithun. “Crossing the Chasm: Technology Adoption Lifecycle.” Think Insights, 28 Jun 2022. Web.

Maximize Value From Your Value-Added Reseller (VAR)

  • Buy Link or Shortcode: {j2store}215|cart{/j2store}
  • member rating overall impact (scale of 10): 10.0/10 Overall Impact
  • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
  • member rating average days saved: Read what our members are saying
  • Parent Category Name: Vendor Management
  • Parent Category Link: /vendor-management

Organizations need to understand their value-added reseller (VAR) portfolio and the greater VAR landscape to better:

  • Manage the VAR portfolio.
  • Understand additional value each VAR can provide.
  • Maximize existing VAR commitments.
  • Evaluate the VARs’ performance.

Our Advice

Critical Insight

VARs typically charge more for products because they are in some way adding value. If you’re not leveraging any of the provided value, you’re likely wasting money and should use a basic commodity-type reseller for procurement.

Impact and Result

This project will provide several benefits to Vendor Management and Procurement:

  • Defined VAR value and performance tracking.
  • Manageable portfolio of VARs that fully benefit the organization.
  • Added training, licensing advice, faster quoting, and invoicing resolution.
  • Reduced deployment and logistics costs.

Maximize Value From Your Value-Added Reseller (VAR) Research & Tools

Start here – read the Executive Brief

Read our informative Executive Brief to find out why you should maximize value from your value-added reseller, review Info-Tech’s methodology, and understand the three ways to better manage your VARs improve performance and reduce costs.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Organize and prioritize

Organize all your VARs and create a manageable portfolio detailing their value, specific, product, services, and certifications.

  • Maximize Value From Your Value-Added Reseller – Phase 1: Organize and Prioritize
  • VAR Listing and Prioritization Tool

2. “EvaluRate” your VARs

Create an in-depth evaluation of the VARs’ capabilities.

  • Maximize Value From Your Value-Added Reseller – Phase 2: EvaluRate Your VARs
  • VAR Features Checklist Tool
  • VAR Profile and EvaluRation Tool

3. Consolidate and reduce

Assess each VAR for low performance and opportunity to increase value or consolidate to another VAR and reduce redundancy.

  • Maximize Value From Your Value-Added Reseller – Phase 3: Consolidate and Reduce

4. Maximize their value

Micro-manage your primary VARs to ensure performance to commitments and maximize their value.

  • Maximize Value From Your Value-Added Reseller – Phase 4: Maximize Their Value
  • VAR Information and Scorecard Workbook
[infographic]

Identify and Reduce Agile Contract Risk

  • Buy Link or Shortcode: {j2store}232|cart{/j2store}
  • member rating overall impact (scale of 10): 8.0/10 Overall Impact
  • member rating average dollars saved: $10,000 Average $ Saved
  • member rating average days saved: 20 Average Days Saved
  • Parent Category Name: Vendor Management
  • Parent Category Link: /vendor-management
  • Customer maturity levels with Agile are low, with 67% of organizations using Agile for less than five years.
  • Customer competency levels with Agile are also low, with 84% of organizations stating they are below a high level of competency.
  • Contract disputes are the number one or two types of disputes faced by organizations across all industries.

Our Advice

Critical Insight

  • Agile contracts require different wording and protections than traditional or waterfall contracts.
  • Agile buzzwords by themselves do not create an Agile contract.
  • There is a delicate balance between being overly prescriptive in an Agile contract and too lax.

Impact and Result

  • Identify options for Agile contract provisions.
  • Manage Agile contract risk by selecting the appropriate level of protections for an Agile project.
  • Harness the power of Agile development and collaboration with the vendor while preserving contractual flexibility.
  • Focus on the correct contract clauses to manage Agile risk.

Identify and Reduce Agile Contract Risk Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should treat Agile contracts differently from traditional or waterfall contracts, and review Info-Tech’s methodology, and understand the twelve contract clauses that are different for Agile contracts.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Identify and evaluate options

Use the information in this blueprint and Info-Tech’s Agile Contract Playbook-Checklist to review and assess your Agile contracts, ensuring that the provisions and protections are suitable for Agile contracts specifically.

  • Agile Contracts Playbook-Checklist
[infographic]

Workshop: Identify and Reduce Agile Contract Risk

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Identify and Evaluate Options

The Purpose

To understand Agile-specific contract clauses, to improve risk identification, and to be more effective at negotiating Agile contract terms.

Key Benefits Achieved

Increased awareness of how Agile contract provisions are different from traditional or waterfall contracts in 12 key areas.

Understanding available options.

Understanding the impact of being too prescriptive.

Activities

1.1 Review the Agile Contract Playbook-Checklist.

1.2 Review 12 contract provisions and reinforce key learnings with exercises.

Outputs

Configured Playbook-Checklist as applicable

Exercise results and debrief

10 Secrets for Successful Disaster Recovery in the Cloud

  • Buy Link or Shortcode: {j2store}419|cart{/j2store}
  • member rating overall impact (scale of 10): 10.0/10 Overall Impact
  • member rating average dollars saved: $12,096 Average $ Saved
  • member rating average days saved: 20 Average Days Saved
  • Parent Category Name: DR and Business Continuity
  • Parent Category Link: /business-continuity
  • The pay-per-use pricing structure of cloud services make it a cheaper DR option, but there are gotchas you need to avoid, ranging from unexpected licensing costs to potential security vulnerabilities.
  • You likely started on the path to cloud DR with consideration of cloud storage for offsite retention of backups. Systems recovery in the cloud can be a real value-add to using cloud as a backup target.
  • Your cloud-based DR environment has to be secure and compliant, but performance also has to be “good enough” to operate the business.
  • Location still matters, and selecting the DR site that optimizes latency tolerance and geo-redundancy can be difficult.

Our Advice

Critical Insight

  • Keep your systems dormant until disaster strikes. Prepare as much of your environment as possible without tapping into compute resources. Enjoy the low at-rest costs, and leverage the reliability of the cloud in your failover.
  • Avoid failure on the failback! Bringing up your systems in the cloud is a great temporary solution, but an expensive long-term strategy. Make sure you have a plan to get back on premises.
  • Leverage cloud DR as a start for cloud migration. Cloud DR provides a gateway for broader infrastructure lift and shift to cloud IaaS, but this should only be the first phase of a longer-term roadmap that ends in multi-service hybrid cloud.

Impact and Result

  • Calculate the cost of your DR solution with a cloud vendor. Test your systems often to build out more accurate budgets and to define failover and failback action plans to increase confidence in your capabilities.
  • Define “good enough” performance by consulting with the business and setting correct expectations for the recovery state.
  • Dig deeper into the various flavors of cloud-based DR beyond backup and restore, including pilot light, warm standby, and multi-site recovery. Each of these has unique benefits and challenges when done in the cloud.

10 Secrets for Successful Disaster Recovery in the Cloud Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out the 10 secrets for success in cloud-based DR deployment, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

[infographic]

Spread Best Practices With an Agile Center of Excellence

  • Buy Link or Shortcode: {j2store}152|cart{/j2store}
  • member rating overall impact (scale of 10): 10.0/10 Overall Impact
  • member rating average dollars saved: $97,499 Average $ Saved
  • member rating average days saved: 26 Average Days Saved
  • Parent Category Name: Development
  • Parent Category Link: /development
  • Your organization is looking to create consistency across all Agile teams to drive greater business results and alignment.
  • You are seeking to organically grow Agile capabilities within the organization through a set of support structures and facilitated through shared learning and capabilities.

Our Advice

Critical Insight

  • Social capital can be an enabler, but also a barrier. People can only manage a finite number of relationships; ensure that the connections the Center of Excellence (CoE) facilitates are purposeful.
  • Don’t over govern. Empowerment is critical to enable improvements; set boundaries and let teams work inside them with autonomy.
  • Legitimize through listening. A CoE will not be leveraged unless it aligns with the needs of its users. Invest the time to align with the functional expectations of your Agile teams.

Impact and Result

  • Create a set of service offerings aligned with both corporate objectives and the functional expectations of its customers to ensure broad support and utility of the invested resources.
  • Understand some of the cultural and processual challenges you will face when forming a center of excellence, and address them using Info-Tech’s Agile adoption model.

Spread Best Practices With an Agile Center of Excellence Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should build an Agile Center of Excellence, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Strategically align the Center of Excellence

Create strategic alignment between the CoE and the organization’s goals, objectives, and vision.

  • Spread Best Practices With an Agile Center of Excellence – Phase 1: Strategically Align the Center of Excellence

2. Standardize the Center of Excellence’s service offerings

Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization.

  • Spread Best Practices With an Agile Center of Excellence – Phase 2: Standardize the Center of Excellence’s Service Offerings

3. Operate the Center of Excellence

Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change.

  • Spread Best Practices With an Agile Center of Excellence – Phase 3: Operationalize Your Agile Center of Excellence
  • ACE Satisfaction Survey
  • CoE Maturity Diagnostic Tool
  • ACE Benefits Tracking Tool
  • ACE Communications Deck
[infographic]

Workshop: Spread Best Practices With an Agile Center of Excellence

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Determine Vision of CoE

The Purpose

Create strategic alignment between the CoE and the organization’s goals, objectives, and vision.

Understand how your key stakeholders will impact the longevity of your CoE.

Determine your CoE structure and staff.

Key Benefits Achieved

Top-down alignment with strategic aims of the organization.

A set of high-level use cases to form the CoE’s service offerings around.

Visualization of key stakeholders, with their current and desired power and involvement documented.

Activities

1.1 Identify and prioritize organizational business objectives.

1.2 Form use cases for the points of alignment between your Agile Center of Excellence (ACE) and business objectives.

1.3 Prioritize your ACE stakeholders.

Outputs

Prioritized business objectives

Business-aligned use cases to form CoE’s service offerings

Stakeholder map of key influencers

2 Define Service Offerings of CoE

The Purpose

Document the functional expectations of the Agile teams.

Refine your business-aligned use cases with your collected data to achieve both business and functional alignment.

Create a capability map that visualizes and prioritizes your key service offerings.

Key Benefits Achieved

Understanding of some of the identified concerns, pain points, and potential opportunities from your stakeholders.

Refined use cases that define the service offerings the CoE provides to its customers.

Prioritization for the creation of service offerings with a capability map.

Activities

2.1 Classified pains and opportunities.

2.2 Refine your use cases to identify your ACE functions and services.

2.3 Visualize your ACE functions and service offerings with a capability map.

Outputs

Classified pains and opportunities

Refined use cases based on pains and opportunities identified during ACE requirements gathering

ACE Capability Map

3 Define Engagement Plans

The Purpose

Align service offerings with an Agile adoption model so that teams have a structured way to build their skills.

Standardize the way your organization will interact with the Center of Excellence to ensure consistency in best practices.

Key Benefits Achieved

Mechanisms put in place for continual improvement and personal development for your Agile teams.

Interaction with the CoE is standardized via engagement plans to ensure consistency in best practices and predictability for resourcing purposes.

Activities

3.1 Further categorize your use cases within the Agile adoption model.

3.2 Create an engagement plan for each level of adoption.

Outputs

Adoption-aligned service offerings

Role-based engagement plans

4 Define Metrics and Plan Communications

The Purpose

Develop a set of metrics for the CoE to monitor business-aligned outcomes with.

Key Benefits Achieved

The foundations of continuous improvement are established with a robust set of Agile metrics.

Activities

4.1 Define metrics that align with your Agile business objectives.

4.2 Define target ACE performance metrics.

4.3 Define Agile adoption metrics.

4.4 Assess the interaction and communication points of your Agile team.

4.5 Create a communication plan for change.

Outputs

Business objective-aligned metrics

CoE performance metrics

Agile adoption metrics

Assessment of organizational design

CoE communication plan

Further reading

Spread Best Practices With an Agile Center of Excellence

Achieve ongoing alignment between Agile teams and the business with a set of targeted service offerings.

ANALYST PERSPECTIVE

"Inconsistent processes and practices used across Agile teams is frequently cited as a challenge to adopting and scaling Agile within organizations. (VersionOne’s 13th Annual State of Agile Report [N=1,319]) Creating an Agile Center of Excellence (ACE) is a popular way to try to impose structure and improve performance. However, simply establishing an ACE does not guarantee you will be successful with Agile. When setting up an ACE you must: Define ACE services based on identified stakeholder needs. Staff the ACE with respected, “hands on” people, who deliver identifiable value to your Agile teams. Continuously evolve ACE service offerings to maximize stakeholder satisfaction and value delivered."

Alex Ciraco, Research Director, Applications Practice Info-Tech Research Group

Our understanding of the problem

This Research Is Designed For:

  • A CIO who is looking for a way to optimize their Agile capabilities and ensure ongoing alignment with business objectives.
  • An applications director who is looking for mechanisms to inject continuous improvement into organization-wide Agile practices.

This Research Will Help You:

  • Align your Agile support structure with business objectives and the functional expectations of its users.
  • Standardize the ways in which Agile teams develop and learn to create consistency in purpose and execution.
  • Track and communicate successes to ensure the long-term viability of an Agile Center of Excellence (ACE).

This Research Will Also Assist

  • Project managers who are tasked with managing Agile projects.
  • Application development managers who are struggling with establishing consistency, transparency, and collaboration across their teams.

This Research Will Help Them:

  • Provide service offerings to their team members that will help them personally and collectively to develop desired skills.
  • Provide oversight and transparency into Agile projects and outcomes through ongoing monitoring.

Executive summary

Situation

  • Your organization has had some success with Agile, but needs to drive consistency across Agile teams for better business results and alignment.
  • You are seeking to organically grow Agile capabilities within the organization through a set of support services and facilitated through shared learning and capabilities.

Complication

  • Organizational constraints, culture clash, and lack of continuous top-down support are hampering your Agile growth and maturity.
  • Attempts to create consistency across Agile teams and processes fail to account for the expectations of users and stakeholders, leaving them detached from projects and creating resistance.

Resolution

  • Align the service offerings of your ACE with both corporate objectives and the functional expectations of its stakeholders to ensure broad support and utilization of the invested resources.
  • Understand some of the culture and process challenges you will face when forming an ACE, and address them using Info-Tech’s Agile adoption journey model.
  • Track the progress of the ACE and your Agile teams. Use this data to find root causes for issues, and ideate to implement solutions for challenges as they arise over time.
  • Effectively define and propagate improvements to your Agile teams in order to drive business-valued results.
  • Communicate progress to interested stakeholders to ensure long-term viability of the Center of Excellence (CoE).

Info-Tech Insight

  1. Define ACE services based on stakeholder needs.Don’t assume you know what your stakeholders need without talking to them.
  2. Staff the ACE strategically. Choose those who are thought leaders and proven change agents.
  3. Continuously improve based on metrics and feedback.Constantly monitor how your ACE is performing and adjust to feedback.

Info-Tech’s Agile Journey related Blueprints

1. Stabilize

Implement Agile Practices That Work

Begin your Agile transformation with a comprehensive readiness assessment and a pilot project to adopt Agile development practices and behaviors that fit.

2. Sustain

YOU ARE HERE

Spread Best Practices with an Agile Center of Excellence

Form an ACE to support Agile development at all levels of the organization with thought leadership, strategic development support & process innovation.

3. Scale

Enable Organization-Wide Collaboration by Scaling Agile

Extend the benefits of your Agile pilot project into your organization by strategically scaling Agile initiatives that will meet stakeholders’ needs.

4. Satisfy

Transition to Product Delivery Introduce product-centric delivery practices to drive greater benefits and better delivery outcomes.

1.1 Determine the vision of your ACE

1.2 Define the service offerings of your ACE

2.1 Define an adoption plan for Agile teams

2.2 Create an ACE engagement plan

2.3 Define metrics to measure success

3.1 Optimize the success of your ACE

3.2 Plan change to enhance your Agile initiatives

3.3 Conduct ongoing retrospectives

Supporting Capabilities and Practices

Modernize Your SDLC

Remodel the stages of your lifecycle to standardize your definition of a successful product.

Build a Strong Foundation for Quality

Instill quality assurance practices and principles in each stage of your software development lifecycle.

Implement DevOps Practices That Work

Fix, deploy, and support applications quicker though development and operations collaboration.

What is an Agile Center of Excellence?

NOTE: Organizational change is hard and prone to failure. Determine your organization’s level of readiness for Agile transformation (and recommended actions) by completing Info-Tech’s Agile Transformation Readiness Tool.

An ACE amplifies good practices that have been successfully employed within your organization, effectively allowing you to extend the benefits obtained from your Agile pilot(s) to a wider audience.

From the viewpoint of the business, members of the ACE provide expertise and insights to the entire organization in order to facilitate Agile transformation and ensure standard application of Agile good practices.

From the viewpoint of your Agile teams, it provides a community of individuals that share experiences and lessons learned, propagate new ideas, and raise questions or concerns so that delivering business value is always top of mind.

An ACE provides the following:

  1. A mechanism to gather thought leadership to maximize the accessibility and reach of your Agile investment.
  2. A mechanism to share innovations and ideas to facilitate knowledge transfer and ensure broadly applicable innovations do not go to waste.
  3. Strategic alignment to ensure that Agile practices are driving value towards business objectives.
  4. Purposeful good practices to ensure that the service offerings provided align with expectations of both your Agile practitioners and stakeholders.

SIDEBAR: What is a Community of Practice? (And how does it differ from a CoE?)

Some organizations prefer Communities of Practice (CoP) to Centers of Excellence (CoE). CoPs are different from CoEs:

A CoP is an affiliation of people who share a common practice and who have a desire to further the practice itself … and of course to share knowledge, refine best practices, and introduce standards. CoPs are defined by their domain of interest, but the membership is a social structure comprised of volunteer practitioners

– Wenger, E., R. A. McDermott, et al. (2002) Cultivating communities of practice: A guide to managing knowledge, Harvard Business Press.

CoPs differ from a CoE mainly in that they tend to have no geographical boundaries, they hold no hierarchical power within a firm, and they definitely can never have structure determined by the company. However, one of the most obvious and telling differences lies in the stated motive of members – CoPs exist because they have active practitioner members who are passionate about a specific practice, and the goals of a CoP are to refine and improve their chosen domain of practice – and the members provide discretionary effort that is not paid for by the employer

– Matthew Loxton (June 1, 2011) CoP vs CoE – What’s the difference, and Why Should You Care?, Wordpress.com

What to know about CoPs:

  1. Less formal than a CoE
    • Loosely organized by volunteer practitioners who are interested in advancing the practice.
  2. Not the Authoritative Voice
    • Stakeholders engage the CoP voluntarily, and are not bound by them.
  3. Not funded by Organization
    • CoP members are typically volunteers who provide support in addition to their daily responsibilities.
  4. Not covered in this Blueprint
    • In depth analysis on CoPs is outside the scope of this Blueprint.

What does an ACE do? Six main functions derived from Info-Tech’s CLAIM+G Framework

  1. Learning
  • Provide training and development and enable engagement based on identified interaction points to foster organizational growth.
  • Tooling
    • Promote the use of standardized tooling to improve efficiency and consistency throughout the organization.
  • Supporting
    • Enable your Agile teams to access subject-matter expertise by facilitating knowledge transfer and documenting good practices.
  • Governing
    • Create operational boundaries for Agile teams, and monitor their progress and ability to meet business objectives within these boundaries.
  • Monitoring
    • Demonstrate the value the CoE is providing through effective metric setting and ongoing monitoring of Agile’s effectiveness.
  • Guiding
    • Provide guidance, methodology, and knowledge for teams to leverage to effectively meet organizational business objectives.
  • Many organizations encounter challenges to scaling Agile

    Tackle the following barriers to Agile adoption with a business-aligned ACE.

    List based on reported impediments from VersionOne’s 13th Annual State of Agile Report (N=1,319)

    1. Organizational culture at odds with Agile values
    • The ACE identifies and measures the value of Agile to build support from senior business leaders for shifting the organizational culture and achieving tangible business benefits.
  • General organizational resistance to change
    • Resistance comes from a lack of trust. Optimized value delivery from Info-Tech’s Agile adoption model will build the necessary social capital to drive cultural change.
  • Inadequate management support and sponsorship
    • Establishing an ACE will require senior management support and sponsorship. Its formation sends a strong signal to the organizational leadership that Agile is here to stay.
  • Lack of skills/experience with Agile methods
    • The ACE provides a vehicle to absorb external training into an internal development program so that Agile capabilities can be grown organically within the organization.
  • Inconsistent processes and practices across teams
    • The ACE provides support to individual Agile teams and will guide them to adopt consistent processes and practices which have a proven track record in the organization.
  • Insufficient training and education
    • The ACE will assist teams with obtaining the Agile skills training they need to be effective in the organization, and support a culture of continuous learning.
  • Overcome your Agile scaling challenges with a business aligned ACE

    An ACE drives consistency and transparency without sacrificing the ability to innovate. It can build on the success of your Agile pilot(s) by encouraging practices known to work in your organization.

    Support Agile Teams

    Provide services designed to inject evolving good practices into workflows and remove impediments or roadblocks from your Agile team’s ability to deliver value.

    Maintain Business Alignment

    Maintain alignment with corporate objectives without impeding business agility in the long term. The ACE functions as an interface layer so that changing expectations can be adapted without negatively impacting Agile teams.

    Facilitate Learning Events

    Avoid the risk of innovation and subject-matter expertise being lost or siloed by facilitating knowledge transfer and fostering a continuous learning environment.

    Govern Improvements

    Set baselines, monitor metrics, and run retrospectives to help govern process improvements and ensure that Agile teams are delivering expected benefits.

    Shift Culture

    Instill Agile thinking and behavior into the organization. The ACE must encourage innovation and be an effective agent for change.

    Use your ACE to go from “doing” Agile to “being” Agile

    Organizations that do Agile without embracing the changes in behavior will not reap the benefits.

    Doing what was done before

    • Processes and Tools
    • Comprehensive Documentation
    • Contract Negotiation
    • Following a Plan

    Being Prescriptive

    Going through the motions

    • Uses SCRUM and tools such as Jira
    • Plans multiple sprints in detail
    • Talks to stakeholders once in a release
    • Works off a fixed scope BRD

    Doing Agile

    Living the principles

    • Individuals and Interactions
    • Working Software
    • Customer Collaboration
    • Responding to Change

    Being Agile

    “(‘Doing Agile’ is) just some rituals but without significant change to support the real Agile approach as end-to-end, business integration, value focus, and team empowerment.” - Arie van Bennekum

    Establishing a CoE does not guarantee success

    Simply establishing a Center of Excellence for any discipline does not guarantee its success:

    The 2019 State of DevOps Report found that organizations which had established DevOps CoEs underperformed compared to organizations which adopted other approaches for driving DevOps transformation. (Accelerate State of DevOps Report 2019 [N=~1,000])

    Still, Agile Centers of Excellence can and do successfully drive Agile adoption in organizations. So what sets the successful examples apart from the others? Here’s what some have to say:

    The ACE must be staffed with qualified people with delivery experience! … [It is] effectively a consulting practice, that can evolve and continuously improve its services … These services are collectively about ‘enablement’ as an output, more than pure training … and above all, the ability to empirically measure the progress” – Paul Blaney, TD Bank

    “When leaders haven’t themselves understood and adopted Agile approaches, they may try to scale up Agile the way they have attacked other change initiatives: through top-down plans and directives. The track record is better when they behave like an Agile team. That means viewing various parts of the organization as their customers.” – HBR, “Agile at Scale”

    “the Agile CoE… is truly meant to be measured by the success of all the other groups, not their own…[it] is meant to be serving the teams and helping them improve, not by telling them what to do, but rather by listening, understanding and helping them adapt.” - Bart Gerardi, PMI

    The CoE must also avoid becoming static, as it’s crucial the team can adjust as quickly as business and customer needs change, and evolve the technology as necessary to remain competitive.” – Forbes, “RPA CoE (what you need to know)”

    "The best CoEs are formed from thought leaders and change agents within the CoE domain. They are the process and team innovators who will influence your CoE roadmap and success. Select individuals who feel passionate about Agile." – Hans Eckman, InfoTech

    To be successful with your ACE, do the following…

    Info-Tech Insight

    Simply establishing an Agile Center of Excellence does not guarantee its success. When setting up your ACE, optimize its impact on the organization by doing the following 3 things:

    1. Define ACE services based on stakeholder needs. Be sure to broadly survey your stakeholders and identify the ACE functions and services which will best meet their needs. ACE services must clearly deliver business value to the organization and the Agile teams it supports.
    2. Staff the ACE strategically. Select ACE team members who have real world, hands-on delivery experience, and are well respected by the Agile teams they will serve. Where possible, select internal thought leaders in your organization who have the credibility needed to effect positive change.
    3. Continuously improve ACE services based on metrics and feedback. The value your ACE brings to the organization must be clear and measurable, and do not assume that your functions and services will remain static. You must regularly monitor both your metrics and feedback from your Agile teams, and adjust ACE behavior to improve/maximize these over time.

    Spread Best Practices With an Agile Center of Excellence

    This blueprint will walk you through the steps needed to build the foundations for operational excellence within an Agile Center of Excellence.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Info-Tech’s Practice Adoption Journey

    Use Info-Tech’s Practice Adoption Journey model to establish your ACE. Building social capital (stakeholders’ trust in your ability to deliver positive outcomes) incrementally is vital to ensure that everyone is aligned to new mindsets and culture as your Agile practices scale.

    Trust & Competency ↓

    DEFINE

    Begin to document your development workflow or value chain, implement a tracking system for KPIs, and start gathering metrics and reporting them transparently to the appropriate stakeholders.

    ITERATE

    Use collected metrics and retrospectives to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.

    COLLABORATE

    Use information to support changes and adopt appropriate practices to make incremental improvements to the existing environment.

    EMPOWER

    Drive behavioral and cultural changes that will empower teams to be accountable for their own success and learning.

    INNOVATE

    Use your built-up trust and support practice innovation, driving the definition and adoption of new practices.

    Align your ACE with your organization’s strategy

    This research set will assist you with aligning your ACEs services to the objectives of the business in order to justify the resources and funding required by your Agile program.

    Business Objectives → Alignment ←ACE Functions

    Business justification to continue to fund a Center of Excellence can be a challenge, especially with traditional thinking and rigid stakeholders. Hit the ground running and show value to your key influencers through business alignment and metrics that will ensure that the ACE is worth continuous investment.

    Alignment leads to competitive advantage

    The pace of change in customer expectations, competitive landscapes, and business strategy is continuously increasing. It is critical to develop a method to facilitate ongoing alignment to shifting business and development expectations seamlessly and ensure that your Agile teams are able to deliver expected business value.

    Use Info-Tech’s CoE Operating Model to define the service offerings of your ACE

    Understand where your inputs and outputs lie to create an accessible set of service offerings for your Agile teams.

    The image shows a graphic of the COE Operating Model, showing the inputs and outputs, including Other CoEs (at top); Stakeholder Needs (at left); Metrics and Feedback (at bottom); and ACE Functions and Services (at right)

    Continuously improve the ACE to ensure long-term viability

    Improvement involves the continuous evaluation of the performance of your teams, using well-defined metrics and reasonable benchmarks that are supplemented by analogies and root-cause analysis in retrospectives.

    Monitor

    Monitor your metrics to ensure desired benefits are being realized. The ACE is responsible for ensuring that expected Agile benefits are achievable and on track. Monitor against your defined baselines to create transparency and accountability for desired outcomes.

    Iterate

    Run retrospectives to drive improvements and fixes into Agile projects and processes. Metrics falling short of expectations must be diagnosed and their root causes found, and fixes need to be communicated and injected back into the larger organization.

    Define

    Define metrics and set targets that align with the goals of the ACE. These metrics represent the ACEs expected value to the organization and must be measured against on a regular basis to demonstrate value to your key stakeholders.

    Beware the common risks of implementing your ACE

    Culture clash between Agile teams and larger organization

    Agile leverages empowered teams, meritocracy, and broad collaboration for success, but typical organizations are siloed and hierarchical with top down decision making. There needs to be a plan to enable a smooth transition from the current state towards the Agile target state.

    Persistence of tribal knowledge

    Agile relies on easy and open knowledge sharing, but organizational knowledge can sit in siloes. Employees may also try to protect their expertise for job security. It is important to foster knowledge sharing to ensure that critical know-how is accessible and doesn’t leave the organization with the individual.

    Rigid management structures

    Rigidity in how managers operate (performance reviews, human resource management, etc.) can result in cultural rejection of Agile. People need to be assessed on how they enable their teams rather than as individual contributors. This can help ensure that they are given sufficient opportunities to succeed. More support and less strict governance is key.

    Breakdown due to distributed teams

    When face-to-face interactions are challenging, ensure that you invest in the right communication technologies and remove cultural and process impediments to facilitate organization-wide collaboration. Alternative approaches like using documentation or email will not provide the same experience and value as a face-to-face conversation.

    The State of Maine used an ACE to foster positive cultural change

    CASE STUDY

    Industry - Government

    Source - Cathy Novak, Agile Government Leadership

    The State of Maine’s Agile Center of Excellence

    “The Agile CoE in the State of Maine is completely focused on the discipline of the methodology. Every person who works with Agile, or wants to work with Agile, belongs to the CoE. Every member of the CoE tells the same story, approaches the methodology the same way, and uses the same tools. The CoE also functions as an Agile research lab, experimenting with different standards and tools.

    The usual tools of project management – mission, goals, roles, and a high-level definition of done – can be found in Maine’s Agile CoE. For story mapping, teams use sticky notes on a large wall or whiteboard. Demonstrating progress this way provides for positive team dynamics and a psychological bang. The State of Maine uses a project management framework that serves as its single source of truth. Everyone knows what’s going on at all times and understands the purpose of what they are doing. The Agile team is continually looking for components that can be reused across other agencies and programs.”

    Results:

    • Realized positive culture change, leading to more collaborative and supportive teams.
    • Increased visibility of Agile benefits across functional groups.
    • Standardized methodology across Agile teams and increased innovation and experimentation with new standards and tools.
    • Improved traceability of projects.
    • Increased visibility and ability to determine root causes of problems and right the course when outcomes are not meeting expectations.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Spread Best Practices With an Agile Center of Excellence – project overview

    1. Strategically align the Center of Excellence 2. Standardize the CoEs service offerings 3. Operate the Center of Excellence
    Best-Practice Toolkit

    1.1 Determine the vision of your ACE.

    1.2 Define the service offerings of your ACE.

    2.1 Define an adoption plan for your Agile teams.

    2.2 Create an ACE engagement plan.

    2.3 Define metrics to measure success.

    3.1 Optimize the success of your ACE.

    3.2 Plan change to enhance your Agile initiatives.

    3.3 Conduct ongoing retrospectives of your ACE.

    Guided Implementations
    • Align your ACE with the business.
    • Align your ACE with its users.
    • Dissect the key attributes of Agile adoption.
    • Form engagement plans for your Agile teams.
    • Discuss effective ACE metrics.
    • Conduct a baseline assessment of your Agile environment.
    • Interface ACE with your change management function.
    • Build a communications deck for key stakeholders.
    Onsite Workshop Module 1: Strategically align the ACE Module 2: Standardize the offerings of the ACE Module 3: Prepare for organizational change
    Phase 1 Outcome: Create strategic alignment between the CoE and organizational goals.

    Phase 2 Outcome: Build engagement plans and key performance indicators based on a standardized Agile adoption plan.

    Phase 3 Outcome: Operate the CoEs monitoring function, identify improvements, and manage the change needed to continuously improve.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Module 1 Workshop Module 2 Workshop Module 3 Workshop Module 4
    Activities

    Determine vision of CoE

    1.1 Identify and prioritize organizational business objectives.

    1.2 Form use cases for the points of alignment between your ACE and business objectives.

    1.3 Prioritize your ACE stakeholders.

    Define service offerings of CoE

    2.1 Form a solution matrix to organize your pain points and opportunities.

    2.2 Refine your use cases to identify your ACE functions and services.

    2.3 Visualize your ACE functions and service offerings with a capability map.

    Define engagement plans

    3.1 Further categorize your use cases within the Agile adoption model.

    3.2 Create an engagement plan for each level of adoption.

    Define metrics and plan communications

    4.1 Define metrics that align with your Agile business objectives.

    4.2 Define target ACE performance metrics.

    4.3 Define Agile adoption metrics.

    4.4 Assess the interaction and communication points of your Agile team.

    4.5 Create a communication plan for change.

    Deliverables
    1. Prioritized business objectives
    2. Business-aligned use cases to form CoEs service offerings
    3. Prioritized list of stakeholders
    1. Classified pains and opportunities
    2. Refined use cases based on pains and opportunities identified during ACE requirements gathering
    3. ACE capability map
    1. Adoption-aligned service offerings
    2. Role-specific engagement plans
    1. Business objective-aligned metrics
    2. ACE performance metrics
    3. Agile adoption metrics
    4. Assessment of organization design
    5. ACE Communication Plan

    Phase 1

    Strategically Align the Center of Excellence

    Spread Best Practices With an Agile Center of Excellence

    Begin by strategically aligning your Center of Excellence

    The first step to creating a high-functioning ACE is to create alignment and consensus amongst your key stakeholders regarding its purpose. Engage in a set of activities to drill down into the organization’s goals and objectives in order to create a set of high-level use cases that will evolve into the service offerings of the ACE.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Strategically align the ACE

    Proposed Time to Completion (in weeks): 1

    Step 1.1: Determine the vision of your ACE

    Start with an analyst kick off call:

    • Align your ACE with the business.

    Then complete these activities…

    1.1.1 Optional: Baseline your ACE maturity.

    1.1.2 Identify and prioritize organizational business objectives.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives.

    1.1.4 Prioritize your ACE stakeholders.

    1.1.5 Select a centralized or decentralized model for your ACE.

    1.1.6 Staff your ACE strategically.

    Step 1.2: Define the service offerings of your ACE

    Start with an analyst kick off call:

    • Align your ACE with its users.

    Then complete these activities…

    1.2.1 Form the Center of Excellence.

    1.2.2 Gather and document your existing Agile practices for the CoE.

    1.2.3 Interview stakeholders to align ACE requirements with functional expectations.

    1.2.4 Form a solution matrix to organize your pain points and opportunities.

    1.2.5 Refine your use cases to identify your ACE functions and services.

    1.2.6 Visualize your ACE functions and service offerings with a capability map.

    Phase 1 Results & Insights:

    • Aligning your ACE with the functional expectations of its users is just as critical as aligning with the business. Invest the time to understand how the ACE fits at all levels of the organization to ensure its highest effectiveness.

    Phase 1, Step 1: Determine the vision of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    1.1.1 Optional: Baseline your ACE maturity.

    1.1.2 Identify and prioritize organizational business objectives.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives.

    1.1.4 Prioritize your ACE stakeholders.

    1.1.5 Select a centralized or decentralized model for your ACE.

    1.1.6 Staff your ACE strategically.

    Outcomes:

    • Gather your leadership to position the ACE and align it with business priorities.
    • Form a set of high-level use cases for services that will support the enablement of business priorities.
    • Map the stakeholders of the ACE to visualize expected influence and current support levels for your initiative.

    What does an ACE do? Six main functions derived from Info-Tech’s CLAIM+G Framework

    1. Learning
    • Provide training and development and enable engagement based on identified interaction points to foster organizational growth.
  • Tooling
    • Promote the use of standardized tooling to improve efficiency and consistency throughout the organization.
  • Supporting
    • Enable your Agile teams to access subject-matter expertise by facilitating knowledge transfer and documenting good practices.
  • Governing
    • Create operational boundaries for Agile teams, and monitor their progress and ability to meet business objectives within these boundaries.
  • Monitoring
    • Demonstrate the value the CoE is providing through effective metric setting and ongoing monitoring of Agile’s effectiveness.
  • Guiding
    • Provide guidance, methodology, and knowledge for teams to leverage to effectively meet organizational business objectives.
  • OPTIONAL: If you have an existing ACE, use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    1.1.1 Existing CoE Maturity Assessment

    Purpose

    If you already have established an ACE, use Info-Tech’s CoE Maturity Diagnostic Tool to baseline its current maturity level (this will act as a baseline for comparison after you complete this Blueprint). Assessing your ACEs maturity lets you know where you currently are, and where to look for improvements.

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your current Maturity score.
    3. Document the results in the ACE Communications Deck.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    The image is a screen capture of the CoE Maturity Diagnostic Tool

    Download the CoE Maturity Diagnostic Tool.

    Get your Agile leadership together and position the ACE

    Stakeholder Role Why they are essential players
    CIO/ Head of IT Program sponsor: Champion and set the tone for the Agile program. Critical in gaining and maintaining buy-in and momentum for the spread of Agile service offerings. The head of IT has insight and influence to drive buy-in from executive stakeholders and ensure the long-term viability of the ACE.
    Applications Director Program executor: Responsible for the formation of the CoE and will ensure the viability of the initial CoE objectives, use cases, and service offerings. Having a coordinator who is responsible for collating performance data, tracking results, and building data-driven action plans is essential to ensuring continuous success.
    Agile Subject-Matter Experts Program contributor: Provide information on the viability of Agile practices and help build capabilities on existing best practices. Agile’s success relies on adoption. Leverage the insights of people who have implemented and evangelized Agile within your organization to build on top of a working foundation.
    Functional Group Experts Program contributor: Provide information on the functional group’s typical processes and how Agile can achieve expected benefits. Agile’s primary function is to drive value to the business – it needs to align with the expected capabilities of existing functional groups in order to enhance them for the better.

    Align your ACE with your organization’s strategy

    This research set will assist you with aligning your ACEs services to the objectives of the business in order to justify the resources and funding required by your Agile program.

    Business Objectives → Alignment ←ACE Functions

    Business justification to continue to fund a Center of Excellence can be a challenge, especially with traditional thinking and rigid stakeholders. Hit the ground running and show value to your key influencers through business alignment and metrics that will ensure that the ACE is worth continuous investment.

    Alignment leads to competitive advantage

    The pace of change in customer expectations, competitive landscapes, and business strategy is continuously increasing. It is critical to develop a method to facilitate ongoing alignment to shifting business and development expectations seamlessly and ensure that your Agile teams are able to deliver expected business value.

    Activity: Identify and prioritize organizational business objectives

    1.1.2 2 Hours

    Input

    • Organizational business objectives

    Output

    • Prioritized business objectives

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. List the primary high-level business objectives that your organization aims to achieve over the course of the following year (focusing on those that ACE can impact/support).
    2. Prioritize these business objectives while considering the following:
    • Criticality of completion: How critical is the initiative in enabling the business to achieve its goals?
    • Transformational impact: To what degree is the foundational structure of the business affected by the initiative (rationale: Agile can support impact on transformational issues)?
  • Document the hypothesized role of Agile in supporting these business objectives. Take the top three prioritized objectives forward for the establishment of your ACE. While in future years or iterations you can inject more offerings, it is important to target your service offerings to specific critical business objectives to gain buy-in for long-term viability of the CoE.
  • Sample Business Objectives:

    • Increase customer satisfaction.
    • Reduce time-to-market of product releases.
    • Foster a strong organizational culture.
    • Innovate new feature sets to differentiate product. Increase utilization rates of services.
    • Reduce product delivery costs.
    • Effectively integrate teams from a merger.
    • Offer more training programs for personal development.
    • Undergo a digital transformation.

    Understand potential hurdles when attempting to align with business objectives

    While there is tremendous pressure to align IT functions and the business due to the accelerating pace of change and technology innovation, you need to be aware that there are limitations in achieving this goal. Keep these challenges at the top of mind as you bring together your stakeholders to position the service offerings of your ACE. It is beneficial to make your stakeholders self-aware of these biases as well, so they come to the table with an open mind and are willing to find common ground.

    The search for total alignment

    There are a plethora of moving pieces within an organization and total alignment is not a plausible outcome.

    The aim of a group should not be to achieve total alignment, but rather reframe and consider ways to ensure that stakeholders are content with the ways they interact and that misalignment does not occur due to transparency or communication issues.

    “The business” implies unity

    While it may seem like the business is one unified body, the reality is that the business can include individuals or groups (CEO, CFO, IT, etc.) with conflicting priorities. While there are shared business goals, these entities may all have competing visions of how to achieve them. Alignment means compromise and agreement more than it means accommodating all competing views.

    Cost vs. reputation

    There is a political component to alignment, and sometimes individual aspirations can impede collective gain.

    While the business side may be concerned with cost, those on the IT side of things can be concerned with taking on career-defining projects to bolster their own credentials. This conflict can lead to serious breakdowns in alignment.

    Panera Bread used Agile to adapt to changing business needs

    CASE STUDY

    Industry Food Services

    Source Scott Ambler and Associates, Case Study

    Challenge

    Being in an industry with high competition, Panera Bread needed to improve its ability to quickly deliver desired features to end customers and adapt to changing business demands from high internal growth.

    Solution

    Panera Bread engaged in an Agile transformation through a mixture of Agile coaching and workshops, absorbing best practices from these engagements to drive Agile delivery frameworks across the enterprise.

    Results

    Adopting Agile delivery practices resulted in increased frequency of solution delivery, improving the relationship between IT and the business. Business satisfaction increased both with the development process and the outcomes from delivery.

    The transparency that was needed to achieve alignment to rapidly changing business needs resulted in improved communication and broad-scale reduced risk for the organization.

    "Agile delivery changed perception entirely by building a level of transparency and accountability into not just our software development projects, but also in our everyday working relationships with our business stakeholders. The credibility gains this has provided our IT team has been immeasurable and immediate."

    – Mike Nettles, VP IT Process and Architecture, Panera Bread

    Use Info-Tech’s CoE Operating Model to define the service offerings of your ACE

    Understand where your inputs and outputs lie to create an accessible set of service offerings for your Agile teams.

    Functional Input

    • Application Development
    • Project Management
    • CIO
    • Enterprise Architecture
    • Data Management
    • Security
    • Infrastructure & Operations
    • Who else?

    The image shows a graphic of the COE Operating Model, showing the inputs and outputs, including Other CoEs (at top); Stakeholder Needs (at left); Metrics and Feedback (at bottom); and ACE Functions and Services (at right)

    Input arrows represent functional group needs, feedback from Agile teams, and collaboration with other CoEs and CoPs

    Output arrows represent the services the CoE delivers and the benefits realized across the organization.

    ACE Operating Model: Governance & Metrics

    Governance & Metrics involves enabling success through the management of the ACEs resources and services, and ensuring that organizational structures evolve in concert with Agile growth and maturity. Your focus should be on governing, measuring, implementing, and empowering improvements.

    Effective governance will function to ensure the long-term effectiveness and viability of your ACE. Changes and improvements will happen continuously and you need a way to decide which to adopt as best practices.

    "Organizations have lengthy policies and procedures (e.g. code deployment, systems design, how requirements are gathered in a traditional setting) that need to be addressed when starting to implement an Agile Center of Excellence. Legacy ideas that end up having legacy policy are the ones that are going to create bottlenecks, waste resources, and disrupt your progress." – Doug Birgfeld, Senior Partner, Agile Wave

    Governance & Metrics

    • Manage organizational Agile standards, policies, and procedures.
    • Define organizational boundaries based on regulatory, compliance, and cultural requirements.
    • Ensure ongoing alignment of service offerings with business objectives.
    • Adapt organizational change management policies to reflect Agile practices.
    • CoE governance functions include:
      • Policy Management
      • Change Management
      • Risk Management
      • Stakeholder Management
      • Metrics/Feedback Monitoring

    ACE Operating Model: Services

    Services refers to the ability to deliver resourcing, guidance, and assistance across all Agile teams. By creating a set of shared services, you enable broad access to specialized resources, knowledge, and insights that will effectively scale to more teams and departments as Agile matures in your organization.

    A Services model:

    • Supports the organization by standardizing and centralizing service offerings, ensuring consistency of service delivery and accessibility across functional groups.
    • Provides a mechanism for efficient knowledge transfer and on-demand support.
    • Helps to drive productivity and project efficiencies through the organization by disseminating best practices.

    Services

    • Provide reference, support, and re-assurance to implement and adapt organizational best practices.
    • Interface relevant parties and facilitate knowledge transfer through shared learning and communities of practice.
    • Enable agreed-upon service levels through standardized support structures.
    • Shared services functions include:
      • Engagement Planning
      • Knowledge Management
      • Subject-Matter Expertise
      • Agile Team Evaluation

    ACE Operating Model: Technology

    Technology refers to a broad range of supporting tools to enable employees to complete their day-to-day tasks and effectively report on their outcomes. The key to technological support is to strike the right balance between flexibility and control based on your organization's internal and external constraints (policy, equipment, people, regulatory, etc.).

    "We sometimes forget the obvious truth that technology provides no value of its own; it is the application of technology to business opportunities that produces return on investment." – Robert McDowell, Author, In Search of Business Value

    Technology

    • Provide common software tools to enable alignment to organizational best practices.
    • Enable access to locally desired tools while considering organizational, technical, and scaling constraints.
    • Enable communication with a technical subject matter expert (SME).
    • Enable reporting consistency through training and maintenance of reporting mechanisms.
    • Technology functions can include:
      • Vendor Management
      • Application Support
      • Tooling Standards
      • Tooling Use Cases

    ACE Operating Model: Staff

    Staff is all about empowerment. The ACE should support and facilitate the sharing of ideas and knowledge sharing. Create processes and spaces where people are encouraged to come together, learn from, and share with each other. This setting will bring up new ideas to enhance productivity and efficiency in day-to-day activities while maintaining alignment with business objectives.

    "An Agile CoE is legitimized by its ability to create a space where people can come together, share, and learn from one another. By empowering teams to grow by themselves and then re-connect with each other you allow the creativity of your employees to flow back into the CoE." – Anonymous, Founder, Agile consultancy group

    Staff

    • Develop and provide training and day-to-day coaching that are aligned with organizational engagement and growth plans.
    • Include workflow change management to assist traditional roles with accommodating Agile practices.
    • Support the facilitation of knowledge transfer from localized Agile teams into other areas of the organization.
    • Achieve team buy-in and engagement with ACE services and capabilities. Provide a forum for collaboration and innovation.
    • People functions can include:
      • Onboarding
      • Coaching
      • Learning Facilitation

    Form use cases to align your ACE with business objectives

    What is a use case?

    A use case tells a story about how a system will be used to achieve a goal from the perspective of a user of that system. The people or other systems that interact with the use case are called “actors.” Use cases describe what a system must be able to do, not how it will do it.

    How does a use case play a role in building your ACE?

    Use cases are used to guide design by allowing you to highlight the intended function of a service provided by the Center of Excellence while maintaining a business focus. Jumping too quickly to a solution without fully understanding user and business needs leads to the loss of stakeholder buy-in and the Centers of Excellence rejection by teams.

    Hypothesized ACE user needs →Use Case←Business objective

    Activity: Form use cases for the points of alignment between your ACE and business objectives

    1.1.3 2 Hours

    Input

    • Prioritized business objectives
    • ACE functions

    Output

    • ACE use cases

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives and the six functions of a CoE, create high-level use cases for each point of alignment that describe how the Center of Excellence will better facilitate the realization of that business objective.
    2. For each use case, define the following:
      • Name: Generalized title for the use case.
      • Description: A high-level description of the expected CoE action.
    AGILE CENTER OF EXCELLENCE FUNCTIONS:
    Guiding Learning Tooling Supporting Governing Monitoring
    BUSINESS OBJECTIVES Reduce time-to-market of product releases
    Reduce product delivery costs
    Effectively integrate teams from a merger

    Activity: Form use cases for the points of alignment between your ACE and business objectives (continued)

    1.1.3 2 Hours

    The image shows the Reduce time-to-market of product releases row from the table in the previous section, filled in with sample information.

    Your goal should be to keep these as high level and generally applicable as possible as they provide an initial framework to further develop your service offerings. Begin to talk about the ways in which the ACE can support the realization of your business objectives and what those interactions may look like to customers of the ACE.

    Involve all relevant stakeholders to discuss the organizational goals and objectives of your ACE

    Avoid the rifts in stakeholder representation by ensuring you involve the relevant parties. Without representation and buy-in from all interested parties, your ACE may omit and fail to meet long-term organizational goals.

    By ensuring every group receives representation, your service offerings will speak for the broad organization and in turn meet the needs of the organization as a whole.

    • Business Units: Any functional groups that will be expected to engage with the ACE in order to achieve their business objectives.
    • Team Leads: Representation from the internal Agile community who is aware of the backgrounds, capabilities, and environments of their respective Agile teams.
    • Executive Sponsors: Those expected to evangelize and set the tone and direction for the ACE within the executive ranks of the organization. These roles are critical in gaining buy-in and maintaining momentum for ACE initiatives.

    Organization

    • ACE
      • Executive Sponsors
      • Team Leads
      • Business Units

    Activity: Prioritize your ACE stakeholders

    1.1.4 1 Hour

    Input

    • Prioritized business objectives

    Output

    • Prioritized list of stakeholders

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives, brainstorm, as a group, the potential list of stakeholders (representatives from business units, team leads, and executive sponsors) that would need to be involved in setting the tone and direction of your ACE.
    2. Evaluate each stakeholder in terms of power, involvement, impact, and support.
    • Power: How much influence does the stakeholder have? Enough to drive the CoE forward or into the ground?
    • Involvement: How interested is the stakeholder? How involved is the stakeholder in the project already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
    • Support: Is the stakeholder a supporter of the project? Neutral? A resister?
  • Map each stakeholder to an area on the power map on the next slide based on his or her level of power and involvement.
  • Vary the size of the circle to distinguish stakeholders that are highly impacted by the ACE from those who are not. Color each circle to show each stakeholder’s estimated or gauged level of support for the project.
  • Prioritize your ACE stakeholders (continued)

    1.1.4 1 Hour

    The image shows a matrix on the left, and a legend on the right. The matrix is labelled with Involvement at the bottom, and Power on the left side, and has the upper left quadrant labelled Keep Satisfied, the upper right quadrant labelled Key players, the lower right quadrant labelled Keep informed, and the lower left quadrant labelled Minimal effort.

    Should your ACE be Centralized or Decentralized?

    An ACE can be organized differently depending on your organization’s specific needs and culture.

    The SAFe Model:©

    “For smaller enterprises, a single centralized [ACE] can balance speed with economies of scale. However, in larger enterprises—typically those with more than 500 – 1,000 practitioners—it’s useful to consider employing either a decentralized model or a hub-and-spoke model.”

    The image shows 3 models: centralized, represented by a single large circle; decentralized, represented by 5 smaller circles; and hub-and-spoke, represented by a central circle, connected to 5 surrounding circles.

    © Scaled Agile, Inc.

    The Spotify Model:

    Spotify avoids using an ACE and instead spreads agile practices using Squads, Tribes, Chapters, Guilds, etc.

    It can be a challenging model to adopt because it is constantly changing, and must be fundamentally supported by your organization’s culture. (Linders, Ben. “Don't Copy the Spotify Model.” InfoQ.com. 6 Oct. 2016.)

    Detailed analysis of The Spotify Model is out of scope for this Blueprint.

    The image shows the Spotify model, with two sections, each labelled Tribe, and members from within each Tribe gathered together in a section labelled Guild.

    Activity: Select a Centralized or Decentralized ACE Model

    1.1.5 30 minutes

    Input

    • Prioritized business objectives
    • Use Cases
    • Organization qualities

    Output

    • Centralized or decentralized ACE model

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives, your ACE use cases, your organization size, structure, and culture, brainstorm the relative pros and cons of a centralized vs decentralized ACE model.
    2. Consider this: to improve understanding and acceptance, ask participants who prefer a centralized model to brainstorm the pros and cons of a decentralized model, and vice-versa.
    3. Collectively decide whether your ACE should be centralized, decentralized or hub-and-spoke and document it.
    Centralized ACE Decentralized ACE
    Pros Cons Pros Cons
    Centralize Vs De-centralize Considerations Prioritized Business Objectives
    • Neutral (objectives don’t favor either model)
    • Neutral (objectives don’t favor either model)
    ACE Use Cases
    • Neutral (use cases don’t favor either model)
    • Neutral (use cases don’t favor either model)
    Organization Size
    • Org. is small enough for centralized ACE
    • Overkill for a small org. like ours
    Organization Structure
    • All development done in one location
    • Not all locations do development
    Organization Culture
    • All development done in one location
    • Decentralized ACE may have yield more buy-in

    SELECTED MODEL: Centralized ACE

    Activity: Staff your ACE strategically

    1.1.6 1 Hour

    Input

    • List of potential ACE staff

    Output

    • Rated list of ACE staff

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Identify your list of potential ACE staff (this may be a combination of full time and contract staff).
    2. Add/modify/delete the rating criteria to meet your specific needs.
    3. Discuss and adjust the relative weightings of the rating criteria to best suit your organization’s needs.
    4. Rate each potential staff member and compare results to determine the best suited staff for your ACE.
    Candidate: Jane Doe
    Rating Criteria Criteria Weighting Candidate's Score (1-5)
    Candidate has strong theoretical knowledge of Agile. 8% 4
    Candidate has strong hands on experience with Agile. 18% 5
    Candidate has strong hands on experience with Agile. 10% 4
    Candidate is highly respected by the Agile teams. 18% 5
    Candidate is seen as a thought leader in the organization. 18% 5
    Candidate is seen as a change agent in the organization. 18% 5
    Candidate has strong desire to be member of ACE staff. 10% 3
    Total Weighted Score 4.6

    Phase 1, Step 2: Define the service offerings of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    1.2.1 Form the Center of Excellence.

    1.2.2 Gather and document your existing Agile practices for the CoE.

    1.2.3 Interview stakeholders to align ACE requirements with functional expectations.

    1.2.4 Form a solution matrix to organize your pain points and opportunities.

    1.2.5 Refine your use cases to identify your ACE functions and services.

    1.2.6 Visualize your ACE functions and service offerings with a capability map.

    Outcomes:

    • Collect data regarding the functional expectations of the Agile teams.
    • Refine your business-aligned use cases with your collected data to achieve both business and functional alignment.
    • Create a capability map that visualizes and prioritizes your key service offerings.

    Structure your ACE with representation from all of your key stakeholders

    Now that you have a prioritized list of stakeholders, use their influence to position the ACE to ensure maximum representation with minimal bottlenecks.

    By operating within a group of your key players, you can legitimize your Center of Excellence by propagating the needs and interests of those who interface and evangelize the CoE within the larger organization.

    The group of key stakeholders will extend the business alignment you achieved earlier by refining your service offerings to meet the needs of the ACEs customers. Multiple representations at the table will generate a wide arrangement of valuable insights and perspectives.

    Info-Tech Insight

    While holistic representation is necessary, ensure that the list is not too comprehensive and will not lead to progress roadblocks. The goal is to ensure that all factors relevant to the organization are represented; too many conflicting opinions may create an obstruction moving forward.

    ACE

    • Executive Sponsors
    • Team Leads
    • Business Units

    Determine how you will fund your ACE

    Choose the ACE funding model which is most aligned to your current system based on the scenarios provided below. Both models will offer the necessary support to ensure the success of your Agile program going forward.

    Funding Model Funding Scenario I Funding Scenario II
    Funded by the CIO Funded by the CIO office and a stated item within the general IT budget. Charged back to supported functional groups with all costs allocated to each functional group’s budget.
    Funded by the PMO Charged back to supported functional groups with all costs allocated to each functional group’s budget. Charged back to supported functional groups with all costs allocated to each functional group’s budget.

    Info-Tech Insight

    Your funding model may add additional key influencers into the mix. After you choose your funding model, ensure that you review your stakeholder map and add anyone who will have a direct impact in the viability and stability of your ACE.

    Determine how you will govern your ACE

    An Agile Center of Excellence is unique in the way you must govern the actions of its customers. Enable “flexible governance” to ensure that Agile teams have the ability to locally optimize and innovate while still operating within expected boundaries.

    ACE Governing Body

    ↑ Agile Team → ACE ← Agile Team ↑

    Who should take on the governance role?

    The governing body can be the existing executive or standing committees, or a newly formed committee involving your key ACE influencers and stakeholders.

    Flexible governance means that your ACE set boundaries based on your cultural, regulatory, and compliance requirements, and your governance group monitors your Agile teams’ adherence to these boundaries.

    Governing Body Responsibilities

    • Review and approve ACE strategy annually and ensure that it is aligned with current business strategy.
    • Provide detailed quality information for board members.
    • Ensure that the ACE is adequately resourced and that the organization has the capacity to deliver the service offerings.
    • Assure that the ACE is delivering benefits and achieving targets.
    • Assure that the record keeping and reporting systems are capable of providing the information needed to properly assess the quality of service.

    Modify your resourcing strategy based on organizational need

    Your Agile Center of Excellence can be organized either in a dedicated or a virtual configuration, depending on your company’s organizational structure and complexity.

    There is no right answer to how your Center of Excellence should be resourced. Consider your existing organizational structure and culture, the quality of relationships between functional groups, and the typical budgetary factors that would weigh on choosing between a virtual and dedicated CoE structure.

    COE Advantages Disadvantages
    Virtual
    • No change in organization structure required, just additional task delegation to your Agile manager or program manager.
    • Less effort and cost to implement.
    • Investment in quality is proportional to return.
    • Resources are shared between practice areas, and initiatives will take longer to implement.
    • Development and enhancement of best practices can become difficult without a centralized knowledge repository.
    Dedicated
    • Demonstrates a commitment to the ACEs long-term existence.
    • Allows for dedicated maintenance of best practices.
    • Clear lines of accountability for Agile processes.
    • Ability to develop highly skilled employees as their responsibilities are not shared.
    • Requires dedicated resources that can in turn be more costly.
    • Requires strong relationships with the functional groups that interface with the ACE.

    Staffing the ACE: Understand virtual versus dedicated ACE organizational models

    Virtual CoE

    The image shows an organizational chart titled Virtual CoE, with Head of IT at the top, then PMO and CoE Lead/Apps Director at the next level. The chart shows that there is crossover between the CoE Lead's reports, and the PMO's, indicated through dotted lines that connect them.

    • Responsibilities for CoE are split and distributed throughout departments on a part-time basis.
    • CoE members from the PMO report to apps director who also functions as the CoE lead on a part-time basis.

    The image shows a organizational chart titled Dedicated CoE, with all CoE members under the CoE.

    • Requires re-organization and dedicated full-time staff to run the CoE with clear lines of responsibility and accountability.
    • Hiring or developing highly skilled employees who have a sole function to facilitate and monitor quality best practices within the IT department may be necessary.

    Activity: Form the Center of Excellence

    1.2.1 1 Hour

    Input

    • N/A

    Output

    • ACE governance and resourcing plan

    Materials

    • Whiteboard

    Participants

    • Agile leadership group
    1. As a group, discuss if there is an existing body that would be able to govern the Center of Excellence. This body will monitor progress on an ongoing basis and assess any change requests that would impact the CoEs operation or goals.
    • List current governing bodies that are closely aligned with your current Agile environment and determine if the group could take on additional responsibilities.
    • Alternatively, identify individuals who could form a new ACE governing body.
  • Using the results of Exercise 1.1.6 in Step 1, select the individuals who will participate in the Center of Excellence. As a rough rule of thumb for sizing, an ACE staffed with 3-5 people can support 8-12 Agile Teams.
  • Document results in the ACE Communications Deck.

    Leverage your existing Agile practices and SMEs when establishing the ACE

    The synergy between Agile and CoE relies on its ability to build on existing best practices. Agile cannot grow without a solid foundation. ACE gives you the way to disseminate these practices and facilitate knowledge transfer from a centralized sharing environment. As part of defining your service offerings, engage with stakeholders across the organization to evaluate what is already documented so that it can be accommodated in the ACE.

    Documentation

    • Are there any existing templates that can be leveraged (e.g. resource planning, sprint planning)?
    • Are there any existing process documents that can be leveraged (e.g. SIPOC, program frameworks)?
    • Are there any existing standards documents the CoE can incorporate (e.g. policies, procedures, guidelines)?

    SMEs

    • Interview existing subject-matter experts that can give you an idea of your current pains and opportunities.
    • You already have feedback from those in your workshop group, so think about the rest of the organization:
      • Agile practitioners
      • Business stakeholders
      • Operations
      • Any other parties not represented in the workshop group

    Metrics

    • What are the current metrics being used to measure the success of Agile teams?
    • What metrics are currently being used to measure the completion of business objectives?
    • What tools or mediums are currently used for recording and communicating metrics?

    Info-Tech Insight

    When considering existing practices, it is important to evaluate the level of adherence to these practices. If they have been efficiently utilized, injecting them into ACE becomes an obvious decision. If they have been underutilized, however, it is important to understand why this occurred and discuss how you can drive higher adherence.

    Examples of existing documents to leverage

    People

    • Agile onboarding planning documents
    • Agile training documents
    • Organizational Agile manifesto
    • Team performance metrics dashboard
    • Stakeholder engagement and communication plan
    • Development team engagement plan
    • Organizational design and structure
    • Roles and responsibilities chart (i.e. RACI)
    • Compensation plan Resourcing plan

    Process

    • Tailored Scrum process
    • Requirements gathering process
    • Quality stage-gate checklist (including definitions of ready and done)
    • Business requirements document
    • Use case document
    • Business process diagrams
    • Entity relationship diagrams
    • Data flow diagrams
    • Solution or system architecture
    • Application documentation for deployment
    • Organizational and user change management plan
    • Disaster recovery and rollback process
    • Test case templates

    Technology

    • Code review policies and procedures
    • Systems design policies
    • Build, test, deploy, and rollback scripts
    • Coding guidelines
    • Data governance and management policies
    • Data definition and glossary
    • Request for proposals (RFPs)
    • Development tool standards and licensing agreements
    • Permission to development, testing, staging, and production environments
    • Application, system, and data integration policies

    Build upon the lessons learned from your Agile pilots

    The success of your Center of Excellence relies on the ability to build sound best practices within your organization’s context. Use your previous lessons learned and growing pains as shared knowledge of past Agile implementations within the ACE.

    Implement Agile Practices That Work

    Draw on the experiences of your initial pilot where you learned how to adapt the Agile manifesto and practices to your specific context. These lessons will help onboard new teams to Agile since they will likely experience some of the same challenges.

    Download

    Documents for review include:

    • Tailored Scrum Process
    • Agile Pilot Metrics
    • Info-Tech’s Agile Pilot Playbook

    Enable Organization-Wide Collaboration by Scaling Agile

    Draw on previous scaling Agile experiences to help understand how to interface, facilitate, and orchestrate cross-functional teams and stakeholders for large and complex projects. These lessons will help your ACE teams develop collaboration and problem-solving techniques involving roles with different priorities and lines of thinking.

    Download

    Documents for review include:

    • Agile Program Framework
    • Agile Pilot Program Metrics
    • Scaled Agile Development Process
    • Info-Tech’s Scaling Agile Playbook

    Activity: Gather and document your existing Agile practices for the CoE

    1.2.2 Variable time commitment based on current documentation state

    Input

    • Existing practices

    Output

    • Practices categorized within operating model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Compile a list of existing practices that will be shared by the Center of Excellence. Consider any documents, templates, or tools that are used regularly by Agile teams.
    2. Evaluate the level of adherence to use of the practices (whether the practice is complied with regularly or not) with a high, medium, or low. Low compliance will need a root-cause analysis to understand why and how to remedy the situation.
    3. Determine the best fit for each practice under the ACE operational model.
    Name Type Adherence Level CoE Best Fit Source
    1 Tailored Scrum process Process High Shared Services Internal Wiki
    2
    3

    Activity: Interview stakeholders to understand the ACE functional expectations

    1.2.3 30-60 Minutes per interview

    Interview Stakeholders (from both Agile teams and functional areas) on their needs from the ACE. Ensure you capture both pain points and opportunities. Capture these as either Common Agile needs or Functional needs. Document using the tables below:

    Common Agile Needs
    Common Agile Needs
    • Each Agile Team interprets Agile differently
    • Need common approach to Agile with a proven track record within the organization
    • Making sure all Team members have a good understanding of Agile
    • Common set of tool(s) with a proven track record, along with a strong understanding of how to use the tool(s) efficiently and effectively
    • Help troubleshooting process related questions
    • Assistance with addressing the individual short comings of each Agile Team
    • Determining what sort of help each Agile Team needs most
    • Better understanding of the role played by Scrum Master and associated good practices
    • When and how do security/privacy/regulatory requirements get incorporated into Agile projects
    Functional Needs Ent Arch Needs
    • How do we ensure Ent Arch has insight and influence on Agile software design
    • Better understanding of Agile process
    • How to measure compliance with reference architectures

    PMO Needs

    • Better understanding of Agile process
    • Understanding role of PM in Agile
    • Project status reports that determine current level of project risk
    • How does project governance apply on Agile projects
    • What deliverables/artifacts are produced by Agile projects and when are they completed

    Operations Needs

    • Alignment on approaches for doing releases
    • Impact of Agile on change management and support desk processes
    • How and when will installation and operation instructions be available in Agile

    Activity: Form a solution matrix to organize your pain points and opportunities

    1.2.4 Half day

    Input

    • Identified requirements

    Output

    • Classified pains and opportunities

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Review the listed pain points from the data gathering process. Sort the pain points on sticky notes into technology, governance, people, and shared services.
    2. Consider opportunities under each defining element based on the identified business requirements.
    3. Document your findings.
    4. Discuss the results with the project team and prioritize the opportunities.
      • Where do the most pains occur?
      • What opportunities exist to alleviate pains?
    Governance Shared Services Technology People
    Pain Points
    Opportunities

    Document results in the ACE Communications Deck.

    Activity: Refine your use cases to identify your ACE functions and services

    1.2.5 1 Hour

    Input

    • Use cases from activity 1.1.2

    Output

    • Refined use cases based on data collection

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Refine your initial use cases for the points of alignment between your ACE and business objectives using your classified pain points and opportunities.
    2. Add use cases to address newly realized pain points.
    3. Determine the functions and services the CoE can offer to address the identified requirements.
    4. Evaluate the outputs in the form of realized benefits and extracted inefficiencies.

    Possible ACE use cases:

    • Policy Management
    • Change Management
    • Risk Management
    • Stakeholder Management
    • Engagement Planning
    • Knowledge Management
    • Subject-Matter Expertise
    • Agile Team Evaluation
    • Operations Support
    • Onboarding
    • Coaching
    • Learning Facilitation
    • Communications Training
    • Vendor Management
    • Application Support
    • Tooling Standards

    Document results in the ACE Communications Deck.

    Activity: Visualize your ACE functions and service offerings with a capability map

    1.2.6 1 Hour

    Input

    • Use cases from activity 1.2.4

    Output

    • ACE capability map

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Review the refined and categorized list of service offerings.
    2. Determine how these new capabilities will add, remove, or enhance your existing service and capabilities.
    3. Categorize the capabilities into the following groups:
    • Governance and Metrics
    • Services
    • Staff
    • Technology
  • Label the estimated impact of the service offering based on your business priorities for the year. This will guide your strategy for implementing your Agile Center of Excellence moving forward.
  • Document results in the ACE Communications Deck.

    Activity: Visualize your ACE functions and service offerings with a capability map (continued)

    Governance

    Policy Management (Medium Potential)

    Change Management (High Potential)

    Risk Management (High Potential)

    Stakeholder Management (High Potential)

    Metrics/Feedback Monitoring (High Potential)

    Shared Services

    Engagement Planning (High Potential)

    Knowledge Management (High Potential)

    Subject-Matter Expertise (High Potential)

    Agile Team Evaluation (High Potential)

    Operations Support (High Potential)

    People

    Onboarding (Medium Potential)

    Coaching (High Potential)

    Learning Facilitation (High Potential)

    Internal Certification Program (Low Potential)

    Communications Training (Medium Potential)

    Technology

    Vendor Management (Medium Potential)

    Application Support (Low Potential)

    Tooling Standards (High Potential)

    Checkpoint: Are you ready to standardize your CoEs service offerings?

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Self-Auditing Guidelines

    • Have you identified and prioritized the key business objectives for the upcoming year that the ACE will align with?
    • Do you have a high-level set of use cases for points of alignment between your ACE and business objectives?
    • Have you mapped your stakeholders and identified the key players that will have an influence over the future success of your ACE?
    • Have you identified how your organization will fund, resource, and govern the ACE?
    • Have you collected data to understand the functional expectations of the users the ACE is intended to serve?
    • Have you refined your use cases to align with both business objectives and functional expectations?

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.2 Identify and prioritize organizational business objectives

    Our analyst team will help you organize and prioritize your business objectives for the year in order to ensure that the service offerings the ACE offers are delivering consistent business value.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives

    Our analyst team will help you turn your prioritized business objectives into a set of high-level use cases that will provide the foundation for defining user-aligned services.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.1.4 Prioritize your ACE stakeholders

    Our analysts will walk you through an exercise of mapping and prioritizing your Centers of Excellence stakeholders based on impact and power within so you can ensure appropriate presentation of interests within the organization.

    1.2.4 Form a solution matrix to organize your pain points and opportunities

    Our analyst team will help you solidify the direction of your Center of Excellence by overlaying your identified needs, pain points, and potential opportunities in a matrix guided by Info-Tech’s CoE operating model.

    1.2.5 Refine your use cases to identify your ACE functions and services

    Our analyst team will help you further refine your business-aligned use cases with the functional expectations from your Agile teams and stakeholders, ensuring the ACEs long-term utility.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.2.6 Visualize your ACE functions and service offerings with a capability map

    Our analysts will walk you through creating your Agile Centers of Excellence capability map and help you to prioritize which service offerings are critical to the success of your Agile teams in meeting their objectives.

    Phase 2

    Standardize the Centers of Excellence Service Offerings

    Spread Best Practices With an Agile Center of Excellence

    The ACE needs to ensure consistency in service delivery

    Now that you have aligned the CoE to the business and functional expectations, you need to ensure its service offerings are consistently accessible. To effectively ensure accessibility and delegation of shared services in an efficient way, the CoE needs to have a consistent framework to deliver its services.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Standardize the CoEs Service Offerings

    Proposed Time to Completion (in weeks): 2

    Step 2.1: Define an adoption plan for your Agile teams

    Start with an analyst kick off call:

    • Dissect the key attributes of Agile adoption.

    Then complete these activities…

    2.1.1 Further categorize your use cases within the Agile adoption model.

    Step 2.2: Create an ACE engagement plan

    Start with an analyst kick off call:

    • Form engagement plans for your Agile teams.

    Then complete these activities…

    2.2.1 Create an engagement plan for each level of adoption.

    Step 2.3: Define metrics to measure success

    Finalize phase deliverable:

    • Discuss effective ACE metrics.

    Then complete these activities…

    2.3.1 Collect existing team-level metrics.

    2.3.2 Define metrics that align with your Agile business objectives.

    2.3.3 Define target ACE performance metrics.

    2.3.4 Define Agile adoption metrics.

    2.3.5 Consolidate metrics for stakeholder impact.

    2.3.6 Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value.

    Phase 2 Results & Insights:

    • Standardizing your service offerings allows you to have direct influence on the dissemination of best practices.

    Phase 2, Step 1: Define an adoption plan for your Agile teams

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.1.1 Further categorize your use cases within the Agile adoption model.

    Outcomes:

    • Refine your previously determined use cases within the Agile adoption model to ensure that teams can be assisted at any level of Agile adoption.
    • Understand the key attributes of Agile adoption and how they impact success.

    Understand the implementation challenges that the ACE may face

    Culture clash between ACE and larger organization

    It is important to carefully consider the compatibility between the current organizational culture and Agile moving forward. Agile compels empowered teams, meritocracy, and broad collaboration for success; while typical organizational structures are siloed and hierarchical and decisions are delegated from the top down.

    This is not to say that the culture of the ACE has to match the larger organizational culture; part of the overarching aim of the ACE is to evolve the current organizational culture for the better. The point is to ensure you enable a smooth transition with sufficient management support and a team of Agile champions.

    The changing role of middle management

    Very similar to the culture clash challenge, cultural rigidity in how middle managers operate (performance review, human resource management, etc.) can cause cultural rejection. They need to become enablers for high performance and give their teams the sufficient tools, skills, and opportunities to succeed and excel.

    What impedes Agile adoption?

    Based on a global survey of Agile practitioners (N=1,319)*:

    52% Organizational culture at odds with agile values

    44% Inadequate management support and sponsorship

    48% General organization resistance to change

    *Respondents were able to make multiple selections

    (13th Annual State of Agile Report, VersionOne, 2019)

    Build competency and trust through a structured Agile adoption plan

    The reality of cultural incompatibility between Agile and traditional organization structures necessitates a structured adoption plan. Systematically build competency so teams can consistently achieve project success and solidify trust in your teams’ ability to meet business needs with Agile.

    By incrementally gaining the trust of management as you build up your Agile capabilities, you enable a smooth cultural transition to an environment where teams are empowered, adapt quickly to changing needs, and are trusted to innovate and make successes out of their failures.

    Optimized value delivery occurs when there is a direct relationship between competency and trust. There will be unrealized value when competency or trust outweigh the other. That value loss increases as either dimension of adoption continues to grow faster than the other.

    The image shows a graph with Competency on the x-axis and Trust on the y-axis. There are 3 sections: Level 1, Level 2, and Level 3, in subsequently larger arches in the background of the graph. The graph shows two diagonal arrows, the bottom one labelled Current Value Delivery and the top one labelled Optimized Value Delivery. The space between the two arrows is labelled Value Loss.

    Use Info-Tech’s Practice Adoption Optimization Model to systematically increase your teams’ ability to deliver

    Using Info-Tech’s Practice adoption optimization model will ensure you incrementally build competency and trust to optimize your value delivery.

    Agile adoption at its core, is about building social capital. Your level of trust with key influencers increases as you continuously enhance your capabilities, enabling the necessary cultural changes away from traditional organizational structures.

    Trust & Competency ↓

    DEFINE

    Begin to document your development workflow or value chain, implement a tracking system for KPIs, and start gathering metrics and reporting them transparently to the appropriate stakeholders.

    ITERATE

    Use collected metrics and retrospectives to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.

    COLLABORATE

    Use information to support changes and adopt appropriate practices to make incremental improvements to the existing environment.

    EMPOWER

    Drive behavioral and cultural changes that will empower teams to be accountable for their own success and learning.

    INNOVATE

    Use your built-up trust and support practice innovation, driving the definition and adoption of new practices.

    Review these key attributes of Agile adoption

    Agile adoption is unique to every organization. Consider these key attributes within your own organizational context when thinking about levels of Agile adoption.

    Adoption Attributes

    Team Organization

    Considers the degree to which teams are able to self-organize based on internal organizational structures (hierarchy vs. meritocracy) and inter-team capabilities.

    Team Coordination

    Considers the degree to which teams can coordinate, both within and across functions.

    Business Alignment

    Considers the degree to which teams can understand and/or map to business objectives.

    Coaching

    Considers what kind of coaching/training is offered and how accessible the training is.

    Empowerment

    Considers the degree to which teams are able and capable to address project, process, and technical challenges without significant burden from process controls and bureaucracy.

    Failure Tolerance

    Considers the degree to which stakeholders are risk tolerant and if teams are capable of turning failures into learning outcomes.

    Why are these important?

    These key attributes function as qualities or characteristics that, when improved, will successively increase the degree to which the business trusts your Agile teams’ ability to meet their objectives.

    Systematically improving these attributes as you graduate levels of the adoption model allows the business to acclimatize to the increased capability the Agile team is offering, and the risk of culture clash with the larger organization decreases.

    Start to consider at what level of adoption each of your service offerings become useful. This will allow you to standardize the way your Agile teams interact with the CoE.

    Activity: Further categorize your use cases within the Agile adoption model

    2.1.1 1.5 Hours

    Input

    • List of service offerings

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. Gather the list of your categorized use cases.
    2. Based on Info-Tech’s Agile adoption model, categorize which use cases would be useful to help the Agile team graduate to the next level of adoption.
      • Conceptualize: Begin to document your workflow or value chain, implement a tracking system for KPIs, and gather metrics and report them transparently to the appropriate stakeholders.
      • Iterate: Use collected metrics to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.
      • Collaborate: Use information to drive changes and adopt appropriate Agile practices to make incremental improvements to the existing environment.
      • Empower: Drive behavioral and cultural changes that will empower teams to be accountable for their own successes given the appropriate resources.
      • Innovate: Use your built-up trust to begin to make calculated risks and innovate more, driving new best practices into the CoE.

    The same service offering could be offered at different levels of adoption. In these cases, you will need to re-visit the use case and differentiate how the service (if at all) will be delivered at different levels of adoption.

    1. Use this opportunity to brainstorm alternative or new use cases for any gaps identified. It is the CoEs goal to assist teams at every level of adoption to meet their business objectives. Use a different colored sticky note for these so you can re-visit and map out their inputs, outputs, metrics, etc.

    Activity: Further categorize your use cases within the Agile adoption model (continued)

    2.1.1 1.5 Hours

    Input

    • List of service offerings

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team

    Example:

    Service Offerings
    Level 5: Innovate
    Level 4: Empower
    Level 3: Collaborate Coaching -- Communications Training
    Level 2: Iterate Tooling Standards
    Level 1: Conceptualize

    Learning Facilitation

    Draw on the service offerings identified in activity 1.2.4

    Phase 2, Step 2: Create an ACE engagement plan

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.2.1 Create an engagement plan for each level of adoption.

    Outcomes:

    • Understand the importance of aligning with the functional expectations of your ACE customers.
    • Understand the relationship between engagement and continuous improvement.
    • Create an engagement plan for each level of adoption to standardize the way customers interact with the ACE.

    Enable Agile teams to interface with ACE service offerings to meet their business objectives

    A Center of Excellence aligned with your service offerings is only valuable if your CoEs customers can effectively access those services. At this stage, you have invested in ensuring that your CoE aligns to your business objectives and that your service offerings align to its customers. Now you need to ensure that these services are accessible in the day-to-day operation of your Agile teams.

    Engagement Process → Service Offering

    Use backwards induction from your delivery method to the service offering. This is an effective method to determine the optimal engagement action for the CoE, as it considers the end customer as the driver for best action for every possible situation.

    Info-Tech Insight

    Your engagement process should be largely informed by your ACE users. Teams have constraints as well as in-the-trenches concerns and issues. If your service offerings don’t account for these, it can lead to rejection of the culture you are trying to inspire.

    Show the way, do not dictate

    Do not fix problems for your Agile teams, give them the tools and knowledge to fix the problems themselves.

    Facilitate learning to drive success

    A primary function of your ACE is to transfer knowledge to Agile teams to increase their capability to achieve desired outcomes.

    While this can take the form of coaching, training sessions, libraries, and wikis, a critical component of ACE is creating interactions where individuals from Agile teams can come together and share their knowledge.

    Ideas come from different experiences. By creating communities of practice (CoP) around topics that the ACE is tasked with supporting (e.g. Agile business analysts), you foster social learning and decrease the likelihood that change will result in some sort of cultural rejection.

    Consider whether creating CoPs would be beneficial in your organization’s context.

    "Communities of practice are a practical way to frame the task of managing knowledge. They provide a concrete organizational infrastructure for realizing the dream of a learning organization." – Etienne Wenger, Digital Habitats: Stewarding technology for communities

    A lack of top-down support will result in your ACE being underutilized

    Top-down support is critical to validate the CoE to its customers and ensure they feel compelled to engage with its services. Relevancy is a real concern for the long-term viability of a CoE and championing its use from a position of authority will legitimize its function and deter its fading from relevancy of day-to-day use for Agile teams.

    Although you are aligning your engagement processes to the customers of your Agile Center of Excellence, you still need your key influencers to champion its lasting organizational relevancy. Don’t let your employees think the ACE is just a coordinating body or a committee that is convenient but non-essential – make sure they know that it drives their own personal growth and makes everyone better as a collective.

    "Even if a CoE is positioned to meet a real organizational need, without some measure of top-down support, it faces an uphill battle to remain relevant and avoid becoming simply one more committee in the eyes of the wider organization. Support from the highest levels of the organization help fight the tendency of the larger organization to view the CoE as a committee with no teeth and tip the scales toward relevancy for the CoE." – Joe Shepley, VP and Practice Lead, Doculabs

    Info-Tech Insight

    Stimulate top-down support with internal certifications. This allows your employees to gain accreditation while at the same time encouraging top-down support and creating a compliance check for the continual delivery and acknowledgement of your evolving best practices.

    Ensure that best practices and lessons learned are injected back into the ACE

    For your employees to continuously improve, so must the Center of Excellence. Ensure the ACE has the appropriate mechanisms to absorb and disseminate best practices that emerge from knowledge transfer facilitation events.

    Facilitated Learning Session →Was the localized adaption well received by others in similar roles? →Document Localized Adaptation →Is there broad applicability and benefit to the proposed innovation? →CoE Absorbs as Best Practice

    Continuous improvement starts with the CoE

    While facilitating knowledge transfer is key, it is even more important that the Center of Excellence can take localized adaptations from Agile teams and standardize them as best practices when well received. If an individual were to leave without sharing their knowledge, the CoE and the larger organization will lose that knowledge and potential innovation opportunities.

    Experience matters

    To organically grow your ACE and be cost effective, you want your teams to continuously improve and to share that knowledge. As individual team members develop and climb the adoption model, they should participate as coaches and champions for less experienced groups so that their knowledge is reaching the widest audience possible.

    Case study: Agile learning at Spotify

    CASE STUDY

    Industry Digital Media

    Source Henrik Kniberg & Anders Ivarsson, 2012

    Methods of Agile learning at Spotify

    Spotify has continuously introduced innovative techniques to facilitate learning and ensure that that knowledge gets injected back into the organization. Some examples are the following:

    • Hack days: Self-organizing teams, referred to as squads, come together, try new ideas, and share them with their co-workers. This facilitates a way to stay up to date with new tools and techniques and land new product innovations.
    • Coaching: Every squad has access to an Agile coach to help inject best practices into their workflow – coaches run retrospectives, sprint planning meetings, facilitate one-on-one coaching, etc.
    • Tribes: Collections of squads that hold regular gatherings to show the rest of the tribe what they’ve been working on so others can learn from what they are doing.
    • Chapters: People with similar skills within a tribe come together to discuss their area of expertise and their specific challenges.
    • Guilds: A wide-reaching community of interest where members from different tribes can come together to share knowledge, tools, and codes, and practice (e.g. a tester guild, an Agile coaching guild).

    The image shows the Spotify model, with two sections, each labelled Tribe, and members from within each Tribe gathered together in a section labelled Guild.

    "As an example of guild work, we recently had a ‘Web Guild Unconference,’ an open space event where all web developers at Spotify gathered up in Stockholm to discuss challenges and solutions within their field."

    Activity: Create an engagement plan for each level of adoption

    2.2.1 30 Minutes per role

    Input

    • Categorized use cases

    Output

    • Role-based engagement plans

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. On the top bar, define the role you are developing the engagement plan for. This will give you the ability to standardize service delivery across all individuals in similar roles.
    2. Import your categorized service offerings for each level of adoption that you think are applicable to the given role.
    3. Using backwards induction, determine the engagement processes that will ensure that those service offerings are accessible and fit the day-to-day operations of the role.
    4. Fill in the template available on the next slide with each role’s engagement plan.

    Document results in the ACE Communications Deck.

    Example engagement plan: Developer

    2.2.1 30 Minutes per role

    Role: Developer
    Level 1 Level 2 Level 3 Level 4 Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    3. Learning Facilitation
    1. Tooling Standards
    2. Learning Facilitation
    1. Communications Training
    2. Learning Facilitation
    1. Subject-Matter Expertise
    2. Coaching
    1. Knowledge Management
    Engagement Process
    1. Based on service request or need identified by dev. manager.
    2. Based on service request or need identified by dev. manager.
    3. Weekly mandatory community of practice meetings.
    1. When determined to have graduated to level 2, receive standard Agile tooling standards training.
    2. Weekly mandatory community of practice meetings.
    1. When determined to have graduated to level 3, receive standard Agile communications training.
    2. Weekly mandatory community of practice meetings
    1. Peer-based training on how to effectively self-organize.
    2. Based on service request or need identified by dev. manager.
    1. Review captured key learnings from last and have CoE review KPIs related to any area changed.

    Example engagement plan: Tester

    2.2.1 30 Minutes per role

    Role: Tester
    Level 1Level 2Level 3Level 4Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    1. Product Training
    2. Communications Training
    1. Communications Training
    2. Learning Facilitation
    1. Subject-Matter Expertise
    2. Coaching
    1. Tooling Standards
    2. Training
    3. Coaching
    Engagement Process
    1. Based on service request or need identified by dev. manager.
    1. Weekly mandatory community of practice meetings.
    2. Provide training on effective methods for communicating with development teams based on organizational best practices.
    1. When determined to have graduated to level 3, receive standard training based on organizational testing best practices. Weekly mandatory community of practice meetings.
    1. Peer-to-peer training with level 5 certified coach.
    2. Based on service request or need identified by dev. manager. .
    1. Periodic updates of organizational tooling standards based on community of practice results.
    2. Automation training.
    3. Provide coaching to level 1 developers on a rotating basis to develop facilitation skills.

    Example engagement plan: Product Owner

    2.2.1 30 Minutes per role

    Role: Product Owner
    Level 1 Level 2 Level 3 Level 4 Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    1. Coaching
    2. Learning Facilitation
    1. Coaching
    2. Communications Training
    3. Learning Facilitation
    1. Coaching
    2. Learning Facilitation
    1. Coaching
    2. Learning Facilitation
    Engagement Process
    1. Provide onboarding materials for Agile product owners.
    2. Provide bi-weekly reviews and subsequent guidance at the end of retrospective processes.
    1. Provide monthly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings
    1. When determined to have graduated to level 3, receive standard training based on organizational testing best practices.
    2. Bi-weekly mandatory community of practice meetings.
    1. Provide monthly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings
    1. Provide quarterly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings

    Phase 2, Step 3: Define metrics to measure success

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.3.1 Define existing team-level metrics.

    2.3.2 Define metrics that align with your Agile business objectives.

    2.3.3 Define target ACE performance metrics.

    2.3.4 Define Agile adoption metrics.

    2.3.5 Consolidate your metrics for stakeholder impact.

    2.3.6 Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value.

    Outcomes:

    • Understand the importance of aligning with the functional expectations of your ACE customers.
    • Understand the relationship between engagement and continuous improvement.
    • Create an engagement plan for each level of adoption to standardize the way customers interact with the ACE.

    Craft metrics that will measure the success of your Agile teams

    Quantify measures that demonstrate the effectiveness of your ACE by establishing distinct metrics for each of your service offerings. This will ensure that you have full transparency over the outputs of your CoE and that your service offerings maintain relevance and are utilized.

    Questions to Ask

    1. What are leading indicators of improvements that directly affect the mandate of the CoE?
    2. How do you measure process efficiency and effectiveness?

    Creating meaningful metrics

    Specific

    Measureable

    Achievable

    Realistic

    Time-bound

    Follow the SMART framework when developing metrics for each service offering.

    Adhering to this methodology is a key component of the lean management methodology. This framework will help you avoid establishing general metrics that aren’t relevant.

    "It’s not about telling people what they are doing wrong. It’s about constantly steering everyone on the team in the direction of success, and never letting any individual compromise the progress of the team toward success." – Mary Poppendieck, qtd. in “Questioning Servant Leadership”

    For important advice on how to avoid the many risks associated with metrics, refer to Info-Tech’s Select and Use SDLC Metrics Effectively.

    Ensure your metrics are addressing criteria from different levels of stakeholders and enterprise context

    There will be a degree of overlap between the metrics from your business objectives, service offerings, and existing Agile teams. This is a positive thing. If a metric can speak to multiple benefits it is that much more powerful in commuting successes to your key stakeholders.

    Existing metrics

    Business objective metrics

    Service offering metrics

    Agile adoption metrics

    Finding points of overlap means that you have multiple stakeholders with a vested interest in the positive trend of a specific metric. These consolidated metrics will be fundamental for your CoE as they will help build consensus through communicating the success of the ACE in a common language for a diverse audience.

    Activity: Define existing team-level metrics

    2.3.1 1 Hour

    Input

    • Current metrics

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. Gather any metrics related documentation that you collected during your requirements gathering in Phase 1.
    2. Collect team-level metrics for your existing Agile teams:
      • Examine outputs from any feedback mechanisms you have (satisfaction surveys, emails, existing SLAs, burndown charts, resourcing costs, licensing costs per sprint, etc.).
      • Look at historical trends and figures when available. Be careful of frequent anomalies as these may indicate a root cause that needs to be addressed.
      • Explore the definition of specific metrics across different functional teams to ensure consistency of measurement and reporting.
    Team Objective Expected Benefits Metrics
    Improve productivity
    • Improve transparency with business decisions
    • Team burndown and velocity
    • Number of releases per milestone
    Increase team morale and motivation
    • Teams are engaged and motivated to develop new opportunities to deliver more value quicker.
    • Team satisfaction with Agile environment
    • Degree of engagement in ceremonies
    Improve transparency with business decisions
    • Teams are engaged and motivated to develop new opportunities to deliver more value quicker.
    • Stakeholder satisfaction with completed product
    • Number of revisions to products in demonstrations

    Activity: Define metrics that align with your Agile business objectives

    2.3.2 1 Hour

    Input

    • Organizational business objectives from Phase 1

    Output

    • Metrics aligned to organizational business objectives

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. List the business objectives that you determined in 1.1.2.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of completing those business objectives, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your business objectives. While engaging in this process, ensure to document the collection method for each metrics.
    Business Objectives Expected Benefits Metrics
    Decrease time-to-market of product releases
    • Faster feedback from customers.
    • Increased customer satisfaction.
    • Competitive advantage.
    Decrease time-to-market of product releases
    • Alignment to organizational best practices.
    • Improved team productivity.
    • Greater collaboration across functional teams.
    • Policy and practice adherence and acknowledgement
    • Number of requests for ACE services
    • Number of suggestions to improve Agile best practices and ACE operations

    Activity: Define target ACE performance metrics

    2.3.3 1 Hour

    Input

    • Service offerings
    • Satisfaction surveys
    • Usage rates

    Output

    • CoE performance metrics

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. Define metrics to measure the success of each of your service offerings.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of those service offerings, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your service offerings.
    4. Compare these to your team performance metrics.
    Service Offering Expected Benefits Metrics
    Knowledge management
    • Comprehensive knowledgebase that accommodates various company products and office locations.
    • Easily accessible resources.
    • Number of practices extracted from ACE and utilized
    • Frequency of updates to knowledgebase
    Tooling standards
    • Tools adhere to company policies, security guidelines, and regulations.
    • Improved support of tools and technologies.
    • Tools integrate and function well with enterprise systems.
    • Number of teams and functional groups using standardized tools
    • Number of supported standardized tools
    • Number of new tools added to the standards list
    • Number of tools removed from standards list

    Activity: Define Agile adoption metrics

    2.3.4 1 Hour

    Input

    • Agile adoption model

    Output

    • Agile adoption metrics
    1. Define metrics to measure the success of each of your service offerings.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of those service offerings, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your service offerings.
    4. It is possible that you will need to adjust these metrics after baselines are established when you begin to operate the ACE. Keep this in mind moving forward.
    Adoption attributes Expected Benefits Metrics
    Team organization
    • Acquisition of the appropriate roles and skills to successfully deliver products.
    • Degree of flexibility to adjust team compositions on a per project basis
    Team coordination
    • Ability to successfully undertake large and complex projects involving multiple functional groups.
    • Number of ceremonies involving teams across functional groups
    Business alignment
    • Increased delivery of business value from process optimizations.
    • Number of business-objective metrics surpassing targets
    Coaching
    • Teams are regularly trained with new and better best practices.
    • Number of coaching and training requests
    Empowerment
    • Teams can easily and quickly modify processes to improve productivity without following a formal, rigorous process.
    • Number of implemented changes from team retrospectives
    Failure tolerance
    • Stakeholders trust teams will adjust when failures occur during a project.
    • Degree of stakeholder trust to address project issues quickly and effectively

    Activity: Consolidate your metrics for stakeholder impact

    2.3.5 30 Minutes

    Input

    • New and existing Agile metrics

    Output

    • Consolidated Agile metrics

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. Take all the metrics defined from the previous activities and compare them as a group.
    2. If there are overlapping metrics that are measuring similar outcomes or providing similar benefits, see if there is a way to merge them together so that a single metric can report outcomes to multiple stakeholders. This reduces the amount of resources invested in metrics gathering and helps to show consensus or alignment between multiple stakeholder interests.
    3. Compare these to your existing Agile metrics, and explore ways to consolidate existing metrics that are established with some of your new metrics. Established metrics are trusted and if they can be continued it can be viewed as beneficial from a consensus and consistency perspective to your stakeholders.

    Activity: Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value

    2.3.6 1 Hour

    Purpose

    The CoE governance team can use this tool to take ownership of the project’s benefits, track progress, and act on any necessary changes to address gaps. In the long term, it can be used to identify whether the team is ahead, on track, or lagging in terms of benefits realization.

    Steps

    1. Enter your identified metrics from the following activities into the ACE Benefits Tracking Tool.
    2. Input your baselines from your data collection (Phase 3) and a goal value for each metric.
    3. Document the results at key intervals as defined by the tool.
    4. Use the summary report to identify metrics that are not tracking well for root cause analysis and communicate with key stakeholders the outcomes of your Agile Center of Excellence based on your communication schedule from Phase 3, Step 3.

    INFO-TECH DELIVERABLE

    Download the ACE Benefits Tracking Tool.

    Checkpoint: Are you ready to operate your ACE?

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Self Auditing Guidelines

    • Have you categorized your ACE service offerings within Info-Tech’s Agile adoption model?
    • Have you formalized engagement plans to standardize the access to your service offerings?
    • Do you understand the function of learning events and their criticality to the function of the ACE?
    • Do you understand the key attributes of Agile adoption and how social capital leads to optimized value delivery?
    • Have you defined metrics for different goals (adoption, effective service offerings, business objectives) of the ACE?
    • Do your defined metrics align to the SMART framework?

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1 Further categorize your use cases within the Agile adoption model

    Our analyst team will help you categorize the Centers of Excellence service offerings within Info-Tech’s Agile adoption model to help standardize the way your organization engages with the Center of Excellence.

    2.2.1 Create an engagement plan for each level of adoption

    Our analyst team will help you structure engagement plans for each role within your Agile environment to provide a standardized pathway to personal development and consistency in practice.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    2.3.2 Define metrics that align with your Agile business objectives

    Our analysts will walk you through defining a set of metrics that align with your Agile business objectives identified in Phase 1 of the blueprint so the CoEs monitoring function can ensure ongoing alignment during operation.

    2.3.3 Define target ACE performance metrics

    Our analysts will walk you through defining a set of metrics that monitors how successful the ACE has been at providing its services so that business and IT stakeholders can ensure the effectiveness of the ACE.

    2.3.4 Define Agile adoption metrics

    Our analyst team will help you through defining a set of metrics that aligns with your organization’s fit of the Agile adoption model in order to provide a mechanism to track the progress of Agile teams maturing in capability and organizational trust.

    Phase 3

    Operationalize Your Agile Center of Excellence

    Spread Best Practices With an Agile Center of Excellence

    Operate your ACE to drive optimized value from your Agile teams

    The final step is to engage in monitoring of your metrics program to identify areas for improvement. Using metrics as a driver for operating your ACE will allow you to identify and effectively manage needed change, as well as provide you with the data necessary to promote outcomes to your stakeholders to ensure the long-term viability of the ACE within your organization.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Operate the CoE

    Proposed Time to Completion (in weeks): Variable depending on communication plan

    Step 3.1: Optimize the success of your ACE

    Start with an analyst kick off call:

    • Conduct a baseline assessment of your Agile environment.

    Then complete these activities…

    3.1.1 Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline.

    3.1.2 Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE.

    3.1.3 Prioritize ACE actions by monitoring your metrics.

    Step 3.2: Plan change to enhance your Agile initiatives

    Start with an analyst kick off call:

    • Interface with the ACE with your change management function.

    Then complete these activities…

    3.2.1 Assess the interaction and communication points of your Agile teams.

    3.2.2 Determine the root cause of each metric falling short of expectations.

    3.2.3 Brainstorm solutions to identified issues.

    3.2.4 Review your metrics program.

    3.2.5 Create a communication plan for change.

    Step 3.3: Conduct ongoing retrospectives of your ACE

    Finalize phase deliverable:

    • Build a communications deck for key stakeholders.

    Then complete these activities…

    3.3.1 Use the outputs from your metrics tracking tool to communicate progress.

    3.3.2 Summarize adjustments in areas where the ACE fell short.

    3.3.3 Review the effectiveness of your service offerings.

    3.3.4 Evaluate your ACE Maturity.

    3.3.5 Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders.

    Phase 3 Results & Insights:

    Inject improvements into your Agile environment with operational excellence. Plan changes and communicate them effectively, monitor outcomes on a regular basis, and keep stakeholders in the loop to ensure that their interests are being looked after to ensure long-term viability of the CoE.

    Phase 3, Step 1: Optimize the success of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Tools:

    3.1.1 Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline.

    3.1.2 Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE.

    3.1.3 Prioritize ACE actions by monitoring your metrics.

    Outcomes:

    • Conduct a baseline assessment of your ACE to measure against using a variety of data sources, including interviews, satisfaction surveys, and historical data.
    • Use the Benefits Tracking Tool to start monitoring the outcomes of the ACE and to keep track of trends.

    Ensure the CoE is able to collect the necessary data to measure success

    Establish your collection process to ensure that the CoE has the necessary resources to collect metrics and monitor progress, that there is alignment on what data sources are to be used when collecting data, and that you know which stakeholder is interested in the outcomes of that metric.

    Responsibility

    • Does the CoE have enough manpower to collect the metrics and monitor them?
    • If automated through technology, is it clear who is responsible for its function?

    Source of metric

    • Is the method of data collection standardized so that multiple people could collect the data in the same way?

    Impacted stakeholder

    • Do you know which stakeholder is interested in this metric?
    • How often should the interested stakeholder be informed of progress?

    Intended function

    • What is the expected benefit of increasing this metric?
    • What does the metric intend to communicate to the stakeholder?

    Conduct a baseline assessment of your ACE to measure success

    Establishing the baseline performance of the ACE allows you to have a reasonable understanding of the impact it is having on meeting business objectives. Use user satisfaction surveys, stakeholder interviews, and any current metrics to establish a concept of how you are performing now. Setting new metrics can be a difficult task so it is important to collect as much current data as possible. After the metrics have been established and monitored for a period of time, you can revisit the targets you have set to ensure they are realistic and usable.

    Without a baseline, you cannot effectively:

    • Establish reasonable target metrics that reflect the performance of your Center of Excellence.
    • Identify, diagnose, and resolve any data that deviates from expected outcomes.
    • Measure ongoing business satisfaction given the level of service.

    Info-Tech Insight

    Invest the needed time to baseline your activities. These data points are critical to diagnose successes and failures of the CoE moving forward, and you will need them to be able to refine your service offerings as business conditions or user expectations change. While it may seem like something you can breeze past, the investment is critical.

    Use a variety of sources to get the best picture of your current state; a combination of methods provides the richest insight

    Interviews

    What to do:

    • Conduct interviews (or focus groups) with key influencers and Agile team members.

    Benefits:

    • Data comes from key business decision makers.
    • Identify what is top of mind for your top-level stakeholders.
    • Ask follow-up questions for detail.

    Challenges:

    • This will only provide a very high-level view.
    • Interviewer biases may skew the results.

    Surveys

    What to do:

    • Distribute an Agile-specific stakeholder satisfaction survey. The survey should be specific to identify factors of your current environment.

    Benefits:

    • Every end user/business stakeholder will be able to provide feedback.
    • The survey will be simple to develop and distribute.

    Challenges:

    • Response rates can be low if stakeholders do not understand the value in their opinions.

    Historical Data

    What to do:

    • Collect and analyze existing Agile data such as past retrospectives, Agile team metrics, etc.

    Benefits:

    • Get a full overview of current service offerings, past issues, and current service delivery.
    • Allows you to get an objective view of what is really going on within your Agile teams.

    Challenges:

    • Requires a significant time investment and analytical skills to analyze the data and generate insights on business satisfaction and needs.

    Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline

    3.1.1 Baseline satisfaction survey

    Purpose

    Conduct a user satisfaction survey prior to setting your baseline for your ACE. This will include high-level questions addressing your overall Agile environment and questions addressing teams’ current satisfaction with their processes and technology.

    Steps

    1. Modify the satisfaction survey template to suit your organization and the service offerings you have defined for the Agile Center of Excellence.
    2. Distribute the satisfaction survey to any users who are expected to interface with the ACE.
    3. Document the results and communicate them with the relevant key stakeholders.
    4. Combine these results with historical data points (if available) and stakeholder interviews to get a holistic picture of your current state.

    INFO-TECH DELIVERABLE

    Download the ACE Satisfaction Survey.

    Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE

    3.1.2 CoE maturity assessment

    Purpose

    Assessing your ACEs maturity lets you know where they currently are and what to track to get them to the next step. This will help ensure your ACE is following good practices and has the appropriate mechanisms in place to serve your stakeholders.

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your maturity score.
    3. Document the results and communicate them with the relevant key stakeholders.
    4. Combine these results with historical data points (if available) and stakeholder interviews to get a holistic picture of your ACE maturity level.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    Download the CoE Maturity Diagnostic Tool.

    Activity: Prioritize ACE actions by monitoring your metrics

    3.1.3 Variable time commitment

    Input

    • Metrics from ACE Benefits Tracking Tool

    Output

    • Prioritized actions for the ACE

    Materials

    • ACE Benefits Tracking Tool

    Participants

    • ACE team
    1. Review your ACE Benefits Tracking Tool periodically (at the end of sprint cycles, quarterly, etc.) and document metrics that are trending or actively falling short of goals or expectations.
    2. Take the documented list and have the ACE staff consider what actions or decisions can be prioritized to help mend the identified gaps. Look for any trends that could potentially speak to a larger problem or a specific aspect of the ACE or the organizational Agile environment that is not functioning as expected.
    3. Take the opportunity to review metrics that are also tracking above expected value to see if there are any lessons learned that can be extended to other ACE service offerings (e.g. effective engagement or communication strategies) so that the organization can start to learn what is effective and what is not based on their internal struggles and challenges. Spreading successes is just as important as identifying challenges in a CoE model.

    Phase 3, Step 2: Plan change to enhance your Agile initiatives

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    3.2.1 Assess the interaction and communication points of your Agile teams.

    3.2.2 Determine the root cause of each metric falling short of expectations.

    3.2.3 Brainstorm solutions to identified issues

    3.2.4 Review your metrics program.

    3.2.5 Create a communication plan for change.

    Outcomes:

    • Understand how your existing change management process interfaces with the Center of Excellence.
    • Identify issues and ideate solutions to metrics falling short of expectations.
    • Create a communication plan to prepare groups for any necessary change.

    Manage the adaptation of teams as they adopt Agile capabilities

    As Agile spreads, be cognizant of your cultural tolerance to change and its ability to deliver on such change. Change will happen more frequently and continuously, and there may be conceptual (change tolerance) or capability (delivery tolerance) roadblocks along the way that will need to be addressed.

    The Agile adoption model will help to graduate both the tolerance to change and tolerance to deliver over time. As your level of competency to deliver change increases, organizational tolerance to change, especially amongst management, will increase as well. Remember that optimized value delivery comes from this careful balance of aptitude and trust.

    Tolerance to change

    Tolerance to change refers to the conceptual capacity of your people to consume and adopt change. Change tolerance may become a barrier to success because teams might be too engrained with current structures and processes and find any changes too disruptive and uncomfortable.

    Tolerance to deliver

    Tolerance to deliver refers to the capability to deliver on expected change. While teams may be tolerant, they may not have the necessary capacity, skills, or resources to deliver the necessary changes successfully. The ACE can help solve this problem with training and coaching, or possibly by obtaining outside help where necessary.

    Understand how the ACE interfaces with your current change management process

    As the ACE absorbs best practices and identifies areas for improvement, a change management process should be established to address the implementation and sustainability of change without introducing significant disruptions and costs.

    To manage a continuously changing environment, your ACE will need to align and coordinate with organizational change management processes. This process should be capable of evaluating and incorporating multiple change initiatives continuously.

    Desired changes will need to be validated, and localized adaptations will need to be disseminated to the larger organization, and current state policy and procedures will need to be amended as the adoption of Agile spreads and capabilities increase.

    The goal here is to have the ACE governance group identify and interface with parties relevant to successfully implementing any specific change.

    INFO-TECH RELATED RESEARCH:

    Strategy and Leadership: Optimize Change Management

    Optimize your stakeholder management process to identify, prioritize, and effectively manage key stakeholders.

    Where should your Agile change requests come from?

    Changes to the services, structure, or engagement model of your ACE can be triggered from various sources in your organization. You will see that proposed changes may be requested with the best intentions; however, the potential impacts they may have to other areas of the organization can be significant. Consult all sources of ACE change requests to obtain a consensus that your change requests will not deteriorate the ACEs performance and use.

    ACE Governance

    • Sources of ACE Change Requests
      • ACE Policies/Stakeholders
        • Triggers for Change:
          • Changes in business and functional group objectives.
          • Dependencies and legacy policies and procedures.
      • ACE Customers
        • Triggers for Change:
          • Retrospectives and post-mortems.
          • Poor fit of best practices to projects.
      • Metrics
        • Triggers for Change:
          • Performance falling short of expectations.
          • Lack of alignment with changing objectives.
      • Tools and Technologies
        • Triggers for Change:
          • New or enhanced tools and technologies.
          • Changes in development and technology standards.

    Note: Each source of ACE change requests may require a different change management process to evaluate and implement the change.

    Activity: Assess the interaction and communication points of your Agile teams

    3.2.1 1.5 Hours

    Input

    • Understanding of team and organization structure

    Output

    • Current assessment of organizational design

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Development team
    1. Identify everyone who is directly or indirectly involved in projects completed by Agile teams. This can include those that are:
    • Informed of a project’s progress.
    • Expected to interface with the Agile team for solution delivery (e.g. DevOps).
    • Impacted by the success of the delivered solutions.
    • Responsible for the removal of impediments faced by the Agile team.
  • Indicate how each role interacts with the others and how frequently these interactions occur for a typical project. Do this by drawing a diagram on a whiteboard using labelled arrows to indicate types and frequency of interactions.
  • Identify the possible communication, collaboration, and alignment challenges the team will face when working with other groups.
  • Agile Team n
    Group Type of Interaction Potential challenges
    Operations
    • Release management
    • Past challenges transitioning to DevOps.
    • Communication barrier as an impediment.
    PMO
    • Planning
    • Product owner not located with team in organization.
    • PMO still primarily waterfall; need Agile training/coaching

    Activity: Determine the root cause of each metric falling short of expectations

    3.2.2 30 Minutes per metric

    Input

    • Metrics from Benefits Tracking Tool

    Output

    • Root causes to issues

    Materials

    • Whiteboard
    • Markers

    Participants

    • ACE team
    1. Take each metric from the ACE Benefits Tracking Tool that is lagging behind or has missed expectations and conduct an analysis of why it is performing that way.
    2. Conduct individual webbing sessions to clarify the issues. The goal is to drive out the reasons why these issues are present or why scaling Agile may introduce additional challenges.
    3. Share and discuss these findings with the entire team.

    Example:

    • Lack of best-practice documentation
      • Why?
        • Knowledge siloed within teams
        • No centralized repository for best practices
          • Why?
            • No mechanisms to share between teams
              • Why? Root causes
                • Teams are not sharing localized adaptations
                • CoE is not effectively monitoring team communications
            • Access issues at team level to wiki
              • Why? Root causes
                • Administration issues with best-practice wiki
                • Lack of ACE visibility into wiki access

    Activity: Brainstorm solutions to identified issues

    3.2.3 30 Minutes per metric

    Input

    • Root causes of issues

    Output

    • Fixes and solutions to scaling Agile issues

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Development team
    1. Using the results from your root-cause analysis, brainstorm potential solutions to the identified problems. Frame your brainstorming within the following perspectives: people, process, and technology. Map these solutions using the matrix below.
    2. Synthesize your ideas to create a consolidated list of initiatives.
      1. Highlight the solutions that can address multiple issues.
      2. Collaborate on how solutions can be consolidated into a single initiative.
    3. Write your synthesized solutions on sticky notes.
    SOLUTION CATEGORY
    People Process Technology
    ISSUES Poor face-to-face communication
    Lack of best-practice documentation

    Engage those teams affected by change early to ensure they are prepared

    Strategically managing change is an essential component to ensure that the ACE achieves its desired function. If the change that comes with adopting Agile best practices is going to impact other functions and change their expected workflows, ensure they are well prepared and the benefits for said changes are clearly communicated to them.

    Necessary change may be identified proactively (dependency assessments, system integrity, SME indicates need, etc.) or reactively (through retrospectives, discussions, completing root-cause analyses, etc.), but both types need to be handled the same way – through proper planning and communication with the affected parties.

    Plan any necessary change

    Understand the points where other groups will be affected by the adoption of Agile practices and recognize the potential challenges they may face. Plan changes to accommodate interactions between these groups without roadblocks or impediments.

    Communicate the change

    Structure a communication plan based on your identified challenges and proposed changes so that groups are well prepared to make the necessary adjustments to accommodate Agile workflows.

    Review and modify your metrics and baselines to ensure they are achievable in changing environments

    Consider the possible limitations that will exist from environmental complexities when measuring your Agile teams. Dependencies and legacy policies and procedures that pose a bottleneck to desired outcomes will need to be changed before teams can be measured justifiably. Take the time to ensure the metrics you crafted earlier are plausible in your current environment and there is not a need for transitional metrics.

    Are your metrics achievable?

    Specific

    Measureable

    Achievable

    • Adopting Agile is a journey, not just a destination. Ensure that the metrics a team is measured against reflect expectations for the team’s current level of Agile adoption and consider external dependencies that may limit their ability to achieve intended results.

    Realistic

    Time-bound

    Info-Tech Insight

    Use metrics as diagnostics, not as motivation. Teams will find ways to meet metrics they are measured by making sacrifices and taking unneeded risk to do so. To avoid dysfunction in your monitoring, use metrics as analytical tools to inform decision making, not as a yardstick for judgement.

    Activity: Review your metrics program

    3.2.4 Variable time commitment

    Input

    • Identified gaps
    • Agile team interaction points

    Output

    • ACE baselines
    • Past measurements

    Materials

    • ACE Benefits Tracking Tool

    Participants

    • ACE
    1. Now that you have identified gaps in your current state, see if those will have any impact on the achievability of your current metrics program.
    2. Review your root-cause analyses and brainstormed solutions, and hypothesize whether or not they will have any downstream impact to goal attainment. It is possible that there is no impact, but as cross-functional collaboration increases, the likelihood that groups will act as bottlenecks or impediments to expected performance will increase.
    3. Consider how any changes will impact the interaction points between teams based on the results from activity 3.2.1: Assess the interaction and communication points of your Agile teams. If there are too many negative impacts it may be a sign to re-consider the hypothesized solution to the problem and consider alternatives.
    4. In any cases where a metric has been altered, adjust its goal measurement to reflect its changes in the ACE Benefits Tracking Tool.

    Case study: Agile change at the GSA

    CASE STUDY

    Industry Government

    Source Navin Vembar, Agile Government Leadership

    Challenge

    The GSA is tasked with completed management of the Integrated Award Environment (IAE).

    • The IAE manages ten federal information technology systems that enable registering, searching, and applying for federal awards, as well as tracking them.
    • The IAE also manages the Federal Service Desk.

    The IAE staff had to find a way to break down the problem of modernization into manageable chunks that would demonstrate progress, but also had to be sure to capture a wide variety of user needs with the ability to respond to those needs throughout development.

    Had to work out the logistics of executing Agile change within the GSA, an agency that relies heavily on telework. In the case of modernization, they had a product owner in Florida while the development team was spread across the metro Washington, DC area.

    Solution

    Agile provided the ability to build incremental successes that allowed teams successful releases and built enthusiasm around the potential of adopting Agile practices offered.

    • GSA put in place an organization framework that allowed for planning of change at the portfolio level to enable the change necessary to allow for teams to execute tasks at the project level.
    • A four-year plan with incremental integration points allowed for larger changes on a quarterly basis while maintaining a bi-weekly sprint cycle.
    • They adopted IBM’s RTC tool for a Scrum board and on Adobe Connect for daily Scrum sessions to ensure transparency and effectiveness of outcomes across their collocated teams.

    Create a clear, concise communication plan

    Communication is key to avoid surprises and lost productivity created by the implementation of changes.

    User groups and the business need to be given sufficient notice of an impending change. Be concise, be comprehensive, and ensure that the message is reaching the right audience so that no one is blindsided and unable to deliver what is needed. This will allow them to make appropriate plans to accept the change, minimizing the impact of the change on productivity.

    Key Aspects of a Communication Plan

    • The method of communication (email, meetings, workshops, etc.).
    • The delivery strategy (who will deliver the message?).
    • The communication responsibility structure.
    • The communication frequency.
    • A feedback mechanism that allows you to review the effectiveness of your plan.
    • The message that you need to present.

    Communicating change

    • What is the change?
    • Why are we doing it?
    • How are we going to go about it?
    • What are we trying to achieve?
    • How often will we be updated?

    (Cornelius & Associates, The Qualities of Leadership: Leading Change)

    Apply the following principles to enhance the clarity of your message

    1. Be Consistent
    • "This is important because..."
      • The core message must be consistent regardless of audience, channel, or medium.
      • Test your communication and obtain feedback before delivering your message.
      • A lack of consistency can be perceived as deception.
  • Be Clear
    • "This means..."
      • Say what you mean and mean what you say.
      • Choice of language is important.
      • Don’t use jargon.
  • Be Relevant
    • "This affects you because..."
      • Talk about what matters to the audience.
      • Talk about what matters to the change initiative.
      • Tailor the details of the message to each audience’s specific concerns.
      • Communicate truthfully; do not make false promises or hide bad news.
  • Be Concise
    • "In summary..."
      • Keep communication short and to the point so key messages are not lost in the noise.
  • Activity: Create a communication plan for change

    3.2.5 1.5 Hours

    Input

    • Desired messages
    • Stakeholder list

    Output

    • Communication plan

    Materials

    • Whiteboard
    • Markers

    Participants

    • CoE
    1. Define the audience(s) for your communications. Consider who needs to be the audience of your different communication events and how it will impact them.
    2. Identify who the messenger will be to deliver the message.
    3. Identify your communication methods. Decide on the methods you will use to deliver each communication event. Your delivery method may vary depending on the audience it is targeting.
    4. Establish a timeline for communication releases. Set dates for your communication events. This can be recurring (weekly, monthly, etc.) or one-time events.
    5. Determine what the content of the message must include. Use the guidelines on the following slide to ensure the message is concise and impactful.

    Note: It is important to establish a feedback mechanism to ensure that the communication has been effective in communicating the change to the intended audiences. This can be incorporated into your ACE satisfaction surveys.

    Audience Messenger Format Timing Message
    Operations Development team Email
    • Monthly (major release)
    • Ad hoc (minor release and fixes)
    Build ready for release
    Key stakeholders CIO Meeting
    • Monthly unless dictated otherwise
    Updates on outcomes from past two sprint cycles

    Phase 3, Step 3: Conduct ongoing retrospectives of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities/Tools:

    3.3.1 Use the outputs from your metrics tracking tool to communicate progress.

    3.3.2 Summarize adjustments in areas where the ACE fell short.

    3.3.3 Re-conduct satisfaction surveys and compare against your baseline.

    3.3.4 Use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    3.3.5 Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders.

    Outcomes:

    • Conduct a retrospective of your ACE to enable the continuous improvement of your Agile program.
    • Structure a communications deck to communicate with stakeholders the outcomes from introducing the ACE to the organization.

    Reflect on your ACEs performance to lead the way to enterprise agility

    After functioning for a period of time, it is imperative to review the function of your ACE to ensure its continual alignment and see in what ways it can improve.

    At the end of the year, take the time to deliberately review and discuss:

    1. The effectiveness and use of your ACEs service offerings.
    2. What went well or wrong during the ACEs operation.
    3. What can be done differently to improve reach, usability, and effectiveness.
    4. Bring together Agile teams and discuss the processes they follow and inquire about suggestions for improvement.

    What is involved?

    • Use your metrics program to diagnose areas of issue and success. The diagnostic value of your metrics can help lead conversations with your Agile teams when attempting to inquire about suggestions for improvement.
    • Leverage your satisfaction surveys from the creation of your ACE and compare them against satisfaction surveys run after a year of operation. What are the lessons learned between then and now?
    • While it is primarily conducted by the ACE team, keep in mind it is a collaborative function and should involve all members, including Agile teams, product owners, Scrum masters, etc.

    Communicating with your key influencers is vital to ensure long-term operation of the ACE

    To ensure the long-term viability of your ACE and that your key influencers will continue funding, you need to demonstrate the ROI the Center of Excellence has provided.

    The overlying purpose of your ACE is to effectively align your Agile teams with corporate objectives. This means that there have to be communicable benefits that point to the effort and resources invested being valuable to the organization. Re-visit your prioritized stakeholder list and get ready to show them the impact the ACE has had on business outcomes.

    Communication with stakeholders is the primary method of building and developing a lasting relationship. Correct messaging can build bridges and tear down barriers, as well as soften opposition and bolster support.

    This section will help you to prepare an effective communication piece that summarizes the metrics stakeholders are interested in, as well as some success stories or benefits that are not communicable through metrics to provide extra context to ongoing successes of the ACE.

    INFO-TECH RELATED RESEARCH:

    Strategy and Leadership: Manage Stakeholder Relations

    Optimize your stakeholder management process to identify, prioritize, and effectively manage key stakeholders.

    Involve key stakeholders in your retrospectives to justify the funding for your ACE

    Those who fund the ACE have a large influence on the long-term success of your ACE. If you have not yet involved your stakeholders, you need to re-visit your organizational funding model for the ACE and ensure that your key stakeholders include the key decision makers for your funding. While they may have varying levels of interest and desires for granularity of data reporting, they need to at least be informed on a high level and kept as champions of the ACE so that there are no roadblocks to the long-term viability of this program.

    Keep this in mind as the ACE begins to demonstrate success, as it is not uncommon to have additional members added to your funding model as your service scales, especially in the chargeback models.

    As new key influencers are included, the ACEs governing group must ensure that collective interests may align and that more priorities don’t lead to derailment.

    The image shows a matrix. The matrix is labelled with Involvement at the bottom, and Power on the left side, and has the upper left quadrant labelled Keep Satisfied, the upper right quadrant labelled Key players, the lower right quadrant labelled Keep informed, and the lower left quadrant labelled Minimal effort. In the matric, there are several roles shown, with roles such as CFO, Apps Director, Funding Group, and CIO highlighted in the Key players section.

    Use the outputs from your metrics tracking tool to communicate progress

    3.3.1 1 Hour

    Use the ACE Benefits Tracking Tool to track the progress of your Agile environment to monitor whether or not the ACE is having a positive impact on the business’ ability to meet its objectives. The outputs will allow you to communicate incremental benefits that have been realized and point towards positive trends that will ensure the long-term buy-in of your key influencers.

    For communication purposes, use this tool to:

    • Re-visit who the impacted or interested stakeholders are so you can tailor your communications to be as impactful as possible for each key influencer of the ACE.

    The image shows a screen capture of the Agile CoE Metrics Tracking sheet.

    • Collate the benefits of the current projects undertaken by the Center of Excellence to give an overall recap of the ACEs impact.

    The image is a screen capture of the Summary Report sheet.

    Communicate where the ACE fell short

    Part of communicating the effectiveness of your ACE is to demonstrate that it is able to remedy projects and processes when they fall short of expectations and brainstorm solutions that effectively address these challenges. Take the opportunity to summarize where results were not as expected, and the ways in which the ACE used its influence or services to drive a positive outcome from a problem diagnosis. Stakeholders do not want a sugar-coated story – they want to see tangible results based on real scenarios.

    Summarizing failures will demonstrate to key influencers that:

    • You are not cherry-picking positive metrics to report and that the ACE faced challenges that it was able to overcome to drive positive business outcomes.
    • You are being transparent with the successes and challenges faced by the ACE, fostering increased trust within your stakeholders regarding the capabilities of Agile.
    • Resolution mechanisms are working as intended, successfully building failure tolerance and trust in change management policies and procedures.

    Activity: Summarize adjustments in areas where the ACE fell short

    3.3.2 15 Minutes per metric

    Input

    • Diagnosed problems from tracking tool
    • Root-cause analyses

    Output

    • Summary of change management successes

    Materials

    • Whiteboard
    • Markers

    Participants

    • ACE
    1. Create a list of items from the ACE Benefits Tracking Tool that fell short of expectations or set goals.
    2. For each point, create a brief synopsis of the root-cause analysis completed and summarize the brainstormed solution and its success in remedying the issue. If this process is not complete, create a to-date summary of any progress.
    3. Choose two to three pointed success stories from this list that will communicate broad success to your set of stakeholders.
    Name of metric that fell short
    Baseline measurement 65% of users satisfied with ACE services.
    Goal measurement 80% of users satisfied with ACE services.
    Actual measurement 70% of users satisfied with ACE services.
    Results of root-cause analysis Onboarding was not extensive enough; teams were unaware of some of the services offered, rendering them unsatisfied.
    Proposed solution Revamp onboarding process to include capability map of service offered.
    Summary of success TBD

    Re-conduct surveys with the ACE Satisfaction Survey to review the effectiveness of your service offerings

    3.3.3 Re-conduct satisfaction surveys and compare against your baseline

    Purpose

    This satisfaction survey will give you a template to follow to monitor the effectiveness of your ACEs defined service offerings. The goal is to understand what worked, and what did not, so you can add, retract, or modify service offerings where necessary.

    Steps

    1. Re-use the satisfaction survey to measure the effectiveness of the service offerings. Add questions regarding specific service offerings where necessary.
    2. Cross-analyze your satisfaction survey with metrics tied to your service offerings to help understand the root cause of the issues.
    3. Use the root-cause analysis exercises from step 3.2 to find the root causes of issues.
    4. Create a set of recommendations to add, amend, or improve any existing service offerings.

    INFO-TECH DELIVERABLE

    Download the ACE Satisfaction Survey.

    Use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    3.3.4 ACE Maturity Assessment

    Purpose

    Assess your ACEs maturity by using Info-Tech’s CoE Maturity Diagnostic Tool. Assessing your ACEs maturity lets you know where you currently are, and where to look for improvements. Note that your optimal Maturity Level will depend on organizational specifics (e.g. a small organization with a handful of Agile Teams can be less mature than a large organization with hundreds of Agile Teams).

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your current Maturity score.
    3. Document the results in the ACE Communications Deck.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    Download the CoE Maturity Diagnostic Tool.

    Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders

    3.3.5 Structure communications to each of your key stakeholders

    Purpose

    The ACE Communications Deck will give you a template to follow to effectively communicate with your stakeholders and ensure the long-term viability of your Agile Center of Excellence. Fill in the slides as instructed and provide each stakeholder with a targeted view of the successes of the ACE.

    Steps

    1. Determine who your target audience is for the Communications Deck – you may desire to create one for each of your key stakeholders as they may have different sets of interests.
    2. Fill out the ACE Communications Deck with the suggested inputs from the exercises you have completed during this research set.
    3. Review communications with members of the ACE to ensure that there are no communicable benefits that have been missed or omitted in the deck.

    INFO-TECH DELIVERABLE

    Download the ACE Communications Deck.

    Summary of accomplishment

    Knowledge Gained

    • An understanding of social capital as the key driver for organizational Agile success, and how it optimizes the value delivery of your Agile teams.
    • Importance of flexible governance to balance the benefits of localized adaptation and centralized control.
    • Alignment of service offerings with both business objectives and functional expectations as critical to ensuring long-term engagement with service offerings.

    Processes Optimized

    • Knowledge management and transfer of Agile best practices to new or existing Agile teams.
    • Optimization of service offerings for Agile teams based on organizational culture and objectives.
    • Change request optimization via interfacing ACE functions with existing change management processes.
    • Communication planning to ensure transparency during cross-functional collaboration.

    Deliverables Completed

    • A set of service offerings offered by the Center of Excellence that are aligned with the business, Agile teams, and related stakeholders.
    • Engagement plans for Agile team members based on a standardized adoption model to access the ACEs service offerings.
    • A suite of Agile metrics to measure effectiveness of Agile teams, the ACE itself, and its ability to deliver positive outcomes.
    • A communications plan to help create cross-functional transparency over pending changes as Agile spreads.
    • A communications deck to communicate Agile goals, actions, and outcomes to key stakeholders to ensure long-term viability of the CoE.

    Research contributors and experts

    Paul Blaney, Technology Delivery Executive, Thought Leader and passionate Agile Advocate

    Paul has been an Agile practitioner since the manifesto emerged some 20 years ago, applying and refining his views through real life experience at several organizations from startups to large enterprises. He has recently completed the successful build out of the inaugural Agile Delivery Centre of Excellence at TD bank in Toronto.

    John Munro, President Scrum Masters Inc.

    John Munro is the President of Scrum Masters Inc., a software optimization professional services firm using Agile, Scrum, and Lean to help North American firms “up skill” their software delivery people and processes. Scrum Masters’ unique, highly collaborative “Master Mind” consulting model leverages Agile/Lean experts on a biweekly basis to solve clients’ technical and process challenges.

    Doug Birgfeld, Senior Partner Agile Wave

    Doug has been a leader in building great teams, Agile project management, and business process innovation for over 20 years. As Senior Partner and Chief Evangelist at Agile Wave, his mission is to educate and to learn from all those who care about effective government delivery, nationally.

    Related Info-Tech research

    Implement Agile Practices That Work

    Agile is a cultural shift. Don't just do Agile, be Agile.

    Enable Organization-Wide Collaboration by Scaling Agile

    Execute a disciplined approach to rolling out Agile methods in the organization.

    Improve Application Development Throughput

    Drive down your delivery time by eliminating development inefficiencies and bottlenecks while maintaining high quality.

    Implement DevOps Practices That Work

    Accelerate software deployment through Dev and Ops collaboration.

    Related Info-Tech research (continued)

    Maximize the Benefits from Enterprise Applications with a Center of Excellence

    Optimize your organization’s enterprise application capabilities with a refined and scalable methodology.

    Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program

    Be proactive; it costs exponentially more to fix a problem the longer it goes unnoticed.

    Optimize the Change Management Process

    Right-size your change management process.

    Improve Requirements Gathering

    Back to basics: great products are built on great requirements.

    Bibliography

    Ambler, Scott. “Agile Requirements Change Management.” Agile Modeling. Scott Amber + Associates, 2014. Web. 12 Apr. 2016.

    Ambler, Scott. “Center of Excellence (CoEs).” Disciplined Agile 2.0: A Process Decision Framework for Enterprise I.T. Scott Amber + Associates. Web. 01 Apr. 2016.

    Ambler, Scott. “Transforming From Traditional to Disciplined Agile Delivery.” Case Study: Disciplined Agile Delivery Adoption. Scott Amber + Associates, 2013. Web.

    Beers, Rick. “IT – Business Alignment Why We Stumble and the Path Forward.” Oracle Corporation, July 2013. Web.

    Cornelius & Associates. “The Qualities of Leadership: Leading Change.” Cornelius & Associates, n.d. Web.

    Craig, William et al. “Generalized Criteria and Evaluation Method for Center of Excellence: A Preliminary Report.” Carnegie Mellon University Research Showcase @ CMU – Software Engineering Institute. Dec. 2009. Web. 20 Apr. 2016.

    Forsgren, Dr. Nicole et al (2019), Accelerate: State of DevOps 2019, Google, https://services.google.com/fh/files/misc/state-of-devops-2019.pdf

    Gerardi, Bart (2017), Agile Centers of Excellence, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/405819/Agile-Centers-of-Excellence

    Gerardi, Bart (2017), Champions of Agile Adoption, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/418151/Champions-of-Agile-Adoption

    Gerardi, Bart (2017), The Roles of an Agile COE, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/413346/The-Roles-of-an-Agile-COE

    Hohl, P. et al. “Back to the future: origins and directions of the ‘Agile Manifesto’ – views of the originators.” Journal of Software Engineering Research and Development, vol. 6, no. 15, 2018. https://link.springer.com/article/10.1186/s40411-0...

    Kaltenecker, Sigi and Hundermark, Peter. “What Are Self-Organising Teams?” InfoQ. 18 July 2014. Web. 14 Apr. 2016.

    Kniberg, Henrik and Anderson Ivarsson. “Scaling Agile @ Spotify with Tribes, Squads, Chapters & Guilds.” Oct. 2012. Web. 30 Apr. 2016.

    Kumar, Alok et al. “Enterprise Agile Adoption: Challenges and Considerations.” Scrum Alliance. 30 Oct. 2014. Web. 30 May 2016.

    Levison, Mark. “Questioning Servant Leadership.” InfoQ, 4 Sept. 2008. Web. https://www.infoq.com/news/2008/09/servant_leadership/

    Linders, Ben. “Don't Copy the Spotify Model.” InfoQ.com. 6 Oct. 2016.

    Loxton, Matthew (June 1, 2011), CoP vs CoE – What’s the difference, and Why Should You Care?, Wordpress.com

    McDowell, Robert, and Bill Simon. In Search of Business Value: Ensuring a Return on Your Technology Investment. SelectBooks, 2010

    Novak, Cathy. “Case Study: Agile Government and the State of Maine.” Agile Government Leadership, n.d. Web.

    Pal, Nirmal and Daniel Pantaleo. “Services are the Language and Building Blocks of an Agile Enterprise.” The Agile Enterprise: Reinventing your Organization for Success in an On-Demand World. 6 Dec. 2015. Springer Science & Business Media.

    Rigby, Darrell K. et al (2018), Agile at Scale, Harvard Business Review, https://hbr.org/2018/05/agile-at-scale

    Scaledagileframework.com, Create a Lean-Agile Center of Excellence, Scaled Agile, Inc, https://www.scaledagileframework.com/lace/

    Shepley, Joe. “8 reasons COEs fail (Part 2).” Agile Ramblings, 22 Feb. 2010. https://joeshepley.com/2010/02/22/8-reasons-coes-fail-part-2/

    Stafford, Jan. “How upper management misconceptions foster Agile failures.” TechTarget. Web. 07 Mar. 2016.

    Taulli, Tom (2020), RPA Center Of Excellence (CoE): What You Need To Know For Success, Forbes.com, https://www.forbes.com/sites/tomtaulli/2020/01/25/rpa-center-of-excellence-coe-what-you-need-to-know-for-success/#24364620287a

    Telang, Mukta. “The CMMI Agile Adoption Model.” ScrumAlliance. 29 May 2015. Web. 15 Apr. 2016.

    VersionOne. “13th Annual State of Agile Report.” VersionOne. 2019. Web.

    Vembar, Navin. “Case Study: Agile Government and the General Services Administration (Integrated Award Environment).” Agile Government Leadership, n.d. Web.

    Wenger, E., R. A. McDermott, et al. (2002), Cultivating communities of practice: A guide to managing knowledge, Harvard Business Press.

    Wenger, E., White, N., Smith, J.D. Digital Habitats; Stewarding Technology for Communities. Cpsquare (2009).

    Aimbetter Performance Control Management

    Aimbetter
    data monitoring
    solutions
    as a service.

    Why you should get a High-clarity Server with Aimbetter

    Data processing has come a long way since the dawn of the digital revolution. We’re moving our platforms to the cloud, private or public. Enterprise resource management (ERM), resource planning (ERP), and other systems are growing in complexity.

    The days of simple database systems are also over. Today’s complex systems consist of thousands, if not hundreds of thousands, queries and updates every minute of the day.

    To handle this, you must have a scalable and reliable infrastructure and application landscape in place. 

    The only way to handle this is to have a software solution in place that proactively monitors, detects issues, problems, bottlenecks, and more.

    You want that system to help with root cause identification, give proper alerting, and even propose faster issue resolution options.

    Highlights of the Aimbetter Performance Control Management Suite

    The performance control monitoring (PCM) suite by Aimbetter handles the management of SQL Server database installations, including underlying and upstream components, such as Microsoft Server and IIS. PCM can manage both on-premise and cloud-based patterns.

    Built with Microsoft technology, the solution provides complete visibility of your database environment via traditional interfaces, as well as on your mobile device. That allows you to ensure operational efficiency and business continuity. 

    Our SaaS solution is easy to install and requires no local storage or computing resources. And, it guarantees the highest level of security via zero-trust, ISO-compliant access control.

    • Our dashboard enables rapid and comprehensive single-screen visibility of the organization’s database alerts and insight into performance problems.
    • You can quickly identify the source of performance issues, be they application code errors, database trouble, or at the operating system level like CPU, storage, or memory deficiencies.
    • The Aimbetter expert team provides you with continuous help desk and customer support services.
    • We help you to deliver maximum system performance and minimum downtime for your clients and users.
    • SQL Server DPM

      Read over 400 individual metrics

    • Windows Server

      Read over 100 core Windows server metrics

    • Internet Information Services

      Track 20 different network performance metrics

    • DBA Support

      A-Z assistance, 24/7

    • Manager App

      Work remote, even from your cell phone

    • 12 Countries

    • 660 Companies

    • 30000 Databases

    • 1500 Servers

    System Display
    Manager App
    PCM Mini Demo

    Some Aimbetter clients

    Continue reading

    Optimize the IT Operating Model

    • Buy Link or Shortcode: {j2store}392|cart{/j2store}
    • member rating overall impact (scale of 10): 9.4/10 Overall Impact
    • member rating average dollars saved: $89,374 Average $ Saved
    • member rating average days saved: 31 Average Days Saved
    • Parent Category Name: Organizational Design
    • Parent Category Link: /organizational-design
    • Organizations have to adapt to a growing number of trends, putting increased pressure on IT to move at the same speed as the business.
    • The business, seeing that IT is slower to react, looks to external solutions to address its challenges and capitalize on opportunities.
    • IT and business leaders don’t have a clear and unified understanding or definition of an operating model.

    Our Advice

    Critical Insight

    • The IT operating model is not a static entity and should evolve according to changing business needs.
    • However, business needs are diverse, and the IT organization must recognize that the business includes groups that consume technology in different patterns. The IT operating model needs to support and enable multiple groups, while continuously adapting to changing business conditions.

    Impact and Result

    • Determine how each technology consumer group interacts with IT. Use consumer experience maps to determine what kind of services consumer groups use and if there are opportunities to improve the delivery of those services.
    • Identify how changing business conditions will affect the consumption of technology services. Classify your consumers based on business uncertainty and reliance on IT to plan for the future delivery of services.
    • Optimize the IT operating model. Create a target IT operating model based on the gathered information about technology service consumers. Select different implementations of common operating model elements: governance, sourcing, process, and structure.

    Optimize the IT Operating Model Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how implementing an IT operating model based on the needs of technology service consumers will improve the delivery of IT services and alignment with IT and business strategy.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Construct the IT services consumer experience maps

    Assess the current situation by identifying technology service consumers in the organization, their interfaces with IT, the level of service they require, and their sentiment toward IT.

    • Optimize the IT Operating Model – Phase 1: Construct the IT Services Consumer Experience Maps
    • Consumer Experience Map and Profiles

    2. Classify IT service consumers based on business needs

    Categorize the technology consumer groups into four business profiles based on their characteristics to identify implications based on technology consumption patterns for the target IT operating model.

    • Optimize the IT Operating Model – Phase 2: Classify IT Service Consumers Based on Business Needs

    3. Determine the target IT operating model

    Select implementation models for the four core elements of the IT operating model and optimize governance, sourcing, process, and organizational structure to create the target IT operating model.

    • Optimize the IT Operating Model – Phase 3: Determine the Target IT Operating Model
    • Target IT Operating Model

    4. Create a roadmap to develop the target IT operating model

    Create, assess, and prioritize initiatives to reach the target IT operating model. Construct a roadmap to show initiative execution.

    • Optimize the IT Operating Model – Phase 4: Create a Roadmap to Develop the Target IT Operating Model
    • IT Operating Model Roadmap
    [infographic]

    Workshop: Optimize the IT Operating Model

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Organizational Strategy and Technology Consumer Groups

    The Purpose

    Identify the IT and business strategies, so that the target IT operating model can be constructed to support them.

    Key Benefits Achieved

    Identify the implications for the IT operating model and understand how to optimally construct it.

    Create consumer groups for consumer experience mapping and consumer profile classification.

    Activities

    1.1 Review business and IT strategies.

    1.2 Identify implications for the IT operating model.

    1.3 Identify internal technology consumer groups.

    1.4 Identify external technology consumer groups.

    Outputs

    Implications for the IT operating model

    List of internal and external technology service consumer groups

    2 Map the Consumer Experience and Identify Consumption Patterns (Consumer Group 1)

    The Purpose

    Identify the interfaces with IT for the consumer group, its level of technology service requirement, its sentiment toward IT, and its needs from IT.

    Key Benefits Achieved

    Consumer group needs from IT and feelings toward IT are identified.

    Activities

    2.1 Identify interview candidates for the consumer groups.

    2.2 Complete consumer group questionnaire.

    2.3 Complete consumer experience map.

    2.4 Classify the consumer group into a business profile.

    Outputs

    Consumer experience map for first group

    Business profile classification

    3 Map the Consumer Experience and Identify Consumption Patterns (Consumer Group 2)

    The Purpose

    Continue mapping the experience of consumer groups and classify them into profiles based on their needs to draw implications for the target IT operating model.

    Key Benefits Achieved

    Consumption patterns from the consumer groups are defined and implications for the target IT operating model are drawn.

    Activities

    3.1 Continue interviews for consumer groups.

    3.2 Complete consumer experience map.

    3.3 Classify the consumer group into a business profile.

    3.4 Aggregate the consumption patterns for the business profile and document implications.

    Outputs

    Consumer experience map for second group

    Business profile classification

    Aggregated consumption patterns

    Implications for consumption patterns

    4 Create the Target IT Operating Model

    The Purpose

    Map the target operating model to show how each element of the IT operating model supports the delivery of IT services to the consumer groups.

    Key Benefits Achieved

    Identify whether the current IT operating model is optimally supporting the delivery of IT services to consumer groups from the four core IT operating model elements.

    Activities

    4.1 Determine the approach to IT governance.

    4.2 Select the optimal mix of sourcing models.

    4.3 Customize the approach to process implementation.

    4.4 Identify the target organizational structure.

    Outputs

    Target IT operating model

    5 Build a Roadmap and Create Initiatives to Reach the Target

    The Purpose

    Create initiatives and communicate them with a roadmap to show how the organization will arrive at the target IT operating model.

    Key Benefits Achieved

    The steps to reach the IT operating model are created, assessed, and prioritized.

    Steps are ordered for presentation.

    Activities

    5.1 Identify initiatives to reach the target IT operating model.

    5.2 Create initiative profiles to assess initiative quality.

    5.3 Prioritize initiatives based on business conditions.

    5.4 Create a roadmap to communicate initiative execution.

    Outputs

    Initiative profiles

    Sunshine diagram

    Achieve Digital Resilience by Managing Digital Risk

    • Buy Link or Shortcode: {j2store}375|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $123,999 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance

    Businesses are expected to balance achieving innovation through initiatives that transform the organization with effective risk management. While this is nothing new, added challenges arise due to:

    • An increasingly large vendor ecosystem within which to manage risk.
    • A fragmented approach to risk management that separates cyber and IT risk from enterprise risk.
    • A rapidly growing number of threat actors and a larger attack surface.

    Our Advice

    Critical Insight

    • All risks are digital risks.
    • Manage digital risk with a collaborative approach that supports digital transformation, ensures digital resilience, and distributes responsibility for digital risk management across the organization.

    Impact and Result

    Address digital risk to build digital resilience. In the process, you will drive transformation and maintain digital trust among your employees, end users, and consumers by:

    • Defining digital risk, including primary risk categories and prevalent risk factors.
    • Leveraging industry examples to help identify external risk considerations.
    • Building a digital risk profile, addressing core risk categories, and creating a correlating plan for digital risk management.

    Achieve Digital Resilience by Managing Digital Risk Research & Tools

    Start here – read the Executive Brief

    Risk does not exist in isolation and must extend beyond your cyber and IT teams. Read our concise Executive Brief to find out how to manage digital risk to help drive digital transformation and build your organization's digital resilience.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Redefine digital risk and resilience

    Discover an overview of what digital risk is, learn how to assess risk factors for the five primary categories of digital risk, see several industry-specific scenarios, and explore how to plan for and mitigate identified risks.

    • Achieve Digital Resilience by Managing Digital Risk – Phases 1-2
    • Digital Risk Management Charter

    2. Build your digital risk profile

    Begin building the digital risk profile for your organization, identify where your key areas of risk exposure exist, and assign ownership and accountability among the organization’s business units.

    • Digital Risk Profile Tool
    • Digital Risk Management Executive Report
    [infographic]

    Workshop: Achieve Digital Resilience by Managing Digital Risk

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Scope and Define Digital Risk

    The Purpose

    Develop an understanding and standard definition of what digital risk is, who it impacts, and its relevance to the organization.

    Key Benefits Achieved

    Understand what digital risk means and how it differs from traditional enterprise or cybersecurity risk.

    Develop a definition of digital risk that recognizes the unique external and internal considerations of your organization.

    Activities

    1.1 Review the business context

    1.2 Review the current roles of enterprise, IT, and cyber risk management within the organization

    1.3 Define digital transformation and list transformation initiatives

    1.4 Define digital risk in the context of the organization

    1.5 Define digital resilience in the context of the organization

    Outputs

    Digital risk drivers

    Applicable definition of digital risk

    Applicable definition of digital resilience

    2 Make the Case for Digital Risk Management

    The Purpose

    Understand the roles digital risk management and your digital risk profile have in helping your organization achieve safe, transformative growth.

    Key Benefits Achieved

    An overview and understanding of digital risk categories and subsequent individual digital risk factors for the organization

    Industry considerations that highlight the importance of managing digital risk

    A structured approach to managing the categories of digital risk

    Activities

    2.1 Review and discuss industry case studies and industry examples of digital transformation and digital risk

    2.2 Revise the organization's list of digital transformation initiatives (past, current, and future)

    2.3 Begin to build your organization's Digital Risk Management Charter (with inputs from Module 1)

    2.4 Revise, customize, and complete a Digital Risk Management Charter for the organization

    Outputs

    Digital Risk Management Charter

    Industry-specific digital risks, factors, considerations, and scenarios

    The organization's digital risks mapped to its digital transformation initiatives

    3 Build Your Digital Risk Profile

    The Purpose

    Develop an initial digital risk profile that identifies the organization’s core areas of focus in managing digital risk.

    Key Benefits Achieved

    A unique digital risk profile for the organization

    Digital risk management initiatives that are mapped against the organization's current strategic initiatives and aligned to meet your digital resilience objectives and benchmarks

    Activities

    3.1 Review category control questions within the Digital Risk Profile Tool

    3.2 Complete all sections (tabs) within the Digital Risk Profile Tool

    3.3 Assess the results of your Digital Risk Profile Tool

    3.4 Discuss and assign initial weightings for ownership of digital risk among the organization's stakeholders

    Outputs

    Completion of all category tabs within the Digital Risk Profile Tool

    Initial stakeholder ownership assignments of digital risk categories

    4 Manage Your Digital Risk

    The Purpose

    Refine the digital risk management plan for the organization.

    Key Benefits Achieved

    A targeted, organization-specific approach to managing digital risk as a part of the organization's projects and initiatives on an ongoing basis

    An executive presentation that outlines digital risk management for your senior leadership team

    Activities

    4.1 Conduct brief information sessions with the relevant digital risk stakeholders identified in Module 3.

    4.2 Review and revise the organization's Digital Risk Profile as necessary, including adjusting weightings for the digital risk categories

    4.3 Begin to build an actionable digital risk management plan

    4.4 Present your findings to the organization's relevant risk leaders and executive team

    Outputs

    A finalized and assessed Digital Risk Profile Tool

    Stakeholder ownership for digital risk management

    A draft Digital Risk Management plan and Digital Risk Management Executive Report

    Implement Lean Management Practices That Work

    • Buy Link or Shortcode: {j2store}116|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Performance Measurement
    • Parent Category Link: /performance-measurement
    • Service delivery teams do not measure, or have difficulty demonstrating, the value they provide.
    • There is a lack of continuous improvement.
    • There is low morale within the IT teams leading to low productivity.

    Our Advice

    Critical Insight

    • Create a problem-solving culture. Frequent problem solving is the differentiator between sustaining Lean or falling back to old management methods.
    • Commit to employee growth. Empower teams to problem solve and multiply your organizational effectiveness.

    Impact and Result

    • Apply Lean management principles to IT to create alignment and transparency and drive continuous improvement and customer value.
    • Implement huddles and visual management.
    • Build team capabilities.
    • Focus on customer value.
    • Use metrics and data to make better decisions.
    • Systematically solve problems and improve performance.
    • Develop an operating rhythm to promote adherence to Lean.

    Implement Lean Management Practices That Work Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how a Lean management system can help you increase transparency, demonstrate value, engage your teams and customers, continuously improve, and create alignment.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand Lean concepts

    Understand what a Lean management system is, review Lean philosophies, and examine simple Lean tools and activities.

    • Implement Lean Management Practices That Work – Phase 1: Understand Lean Concepts
    • Lean Management Education Deck

    2. Determine the scope of your implementation

    Understand the implications of the scope of your Lean management program.

    • Implement Lean Management Practices That Work – Phase 2: Determine the Scope of Your Implementation
    • Lean Management Scoping Tool

    3. Design huddle board

    Examine the sections and content to include in your huddle board design.

    • Implement Lean Management Practices That Work – Phase 3: Design Huddle Board
    • Lean Management Huddle Board Template

    4. Design Leader Standard Work and operating rhythm

    Determine the actions required by leaders and the operating rhythm.

    • Implement Lean Management Practices That Work – Phase 4: Design Leader Standard Work and Operating Rhythm
    • Leader Standard Work Tracking Template
    [infographic]

    Workshop: Implement Lean Management Practices That Work

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Lean Concepts

    The Purpose

    Understand Lean management.

    Key Benefits Achieved

    Gain a common understanding of Lean management, the Lean management thought model, Lean philosophies, huddles, visual management, team growth, and voice of customer.

    Activities

    1.1 Define Lean management in your organization.

    1.2 Create training materials.

    Outputs

    Lean management definition

    Customized training materials

    2 Understand Lean Concepts (Continued) and Determine Scope

    The Purpose

    Understand Lean management.

    Determine the scope of your program.

    Key Benefits Achieved

    Understand metrics and performance review.

    Understand problem identification and continuous improvement.

    Understand Kanban.

    Understand Leader Standard Work.

    Define the scope of the Lean management program.

    Activities

    2.1 Develop example operational metrics

    2.2 Simulate problem section.

    2.3 Simulate Kanban.

    2.4 Build scoping tool.

    Outputs

    Understand how to use operational metrics

    Understand problem identification

    Understand Kanban/daily tasks section

    Defined scope for your program

    3 Huddle Board Design and Huddle Facilitation Coaching

    The Purpose

    Design the sections and content for your huddle board.

    Key Benefits Achieved

    Initial huddle board design.

    Activities

    3.1 Design and build each section in your huddle board.

    3.2 Simulate coaching conversations.

    Outputs

    Initial huddle board design

    Understanding of how to conduct a huddle

    4 Design and Build Leader Standard Work

    The Purpose

    Design your Leader Standard Work activities.

    Develop a schedule for executing Leader Standard Work.

    Key Benefits Achieved

    Standard activities identified and documented.

    Sample schedule developed.

    Activities

    4.1 Identify standard activities for leaders.

    4.2 Develop a schedule for executing Leader Standard Work.

    Outputs

    Leader Standard Work activities documented

    Initial schedule for Leader Standard Work activities

    Position and Agree on ROI to Maximize the Impact of Data and Analytics

    • Buy Link or Shortcode: {j2store}341|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Because ROI is a financial concept, it can be difficult to apply ROI to anything that produces intangible value.
    • It is a lot harder to apply ROI to functions like data and analytics than it is to apply it to functions like sales without misrepresenting its true purpose.

    Our Advice

    Critical Insight

    • The standard ROI formula cannot be easily applied to data and analytics and other critical functions across the organization.
    • Data and analytics ROI strategy is based on the business problem being solved.
    • The ROI score itself doesn’t have to be perfect. Key decision makers need to agree on the parameters and measures of success.

    Impact and Result

    • Agreed-upon ROI parameters
    • Defined measures of success
    • Optimized ROI program effectiveness by establishing an appropriate cadence between key stakeholders

    Position and Agree on ROI to Maximize the Impact of Data and Analytics Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Data and Analytics ROI Strategy Deck – A guide for positioning ROI to maximize the value of data and analytics.

    This research is meant to ensure that data and analytics executives are aligned with the key business decision makers. Focus on the value you are trying to achieve rather than perfecting the ROI score.

    • Position and Agree on ROI to Maximize the Impact of Data and Analytics Storyboard

    2. Data and Analytics Service to Business ROI Map – An aligned ROI approach between key decision makers and data and analytics.

    A tool to be used by business and data and analytics decision makers to facilitate discussions about how to approach ROI for data and analytics.

    • Data and Analytics Service to Business ROI Map
    [infographic]

    Further reading

    Position and Agree on ROI to Maximize the Impact of Data and Analytics

    Data and analytics ROI strategy is based on the business problem being solved and agreed-upon value being generated.

    Analyst Perspective

    Missing out on a significant opportunity for returns could be the biggest cost to the project and its sponsor.

    This research is directed to the key decision makers tasked with addressing business problems. It also informs stakeholders that have any interest in ROI, especially when applying it to a data and analytics platform and practice.

    While organizations typically use ROI to measure the performance of their investments, the key to determining what investment makes sense is opportunity cost. Missing out on a significant opportunity for return could be the biggest cost to the project and its sponsor. By making sure you appropriately estimate costs and value returned for all data and analytics activities, you can prioritize the ones that bring in the greatest returns.

    Ibrahim Abdel-Kader
    Research Analyst,
    Data & Analytics Practice
    Info-Tech Research Group
    Ben Abrishami-Shirazi
    Technical Counselor
    Info-Tech Research Group

    Executive Summary – ROI on Data and Analytics

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    Return on investment (ROI) is a financial term, making it difficult to articulate value when trying to incorporate anything that produces something intangible.

    The more financial aspects there are to a professional function (e.g. sales and commodity-related functions), the easier it is to properly assess the ROI.

    However, for functions that primarily enable or support business functions (such as IT and data and analytics), it is a lot harder to apply ROI without misrepresenting its true purpose.

    • Apples and oranges – There is no simple way to apply the standard ROI formula to data and analytics among other critical functions across the organization.
    • Boiling the ocean – Obsession with finding a way to calculate a perfect ROI on data and analytics.
    • Not getting the big picture – Data and analytics teams suffer a skill set deficit when it comes to commercial acumen.
    • Not seeing eye to eye – ROI does not account for time in its calculation, making it prone to misalignment between stakeholders.

    Approach ROI for data and analytics appropriately:

    • Answer the following questions:
      • What is the business problem?
      • Whose business problem is it?
      • What is the objective?
    • Define measures of success based on the answers to the questions above.
    • Determine an appropriate cadence to continuously optimize the ROI program for data and analytics in collaboration with business problem owners.

    Info-Tech Insight

    ROI doesn’t have to be perfect. Parameters and measures of success need to be agreed upon with the key decision makers.

    Glossary

    Return on Investment (ROI): A financial term used to determine how much value has been or will be gained or lost based on the total cost of investment. It is typically expressed as a percentage and is supported by the following formula:

    Payback: How quickly money is paid back (or returned) on the initial investment.
    Business Problem Owner (BPO): A leader in the organization who is accountable and is the key decision maker tasked with addressing a business problem through a series of investments. BPOs may use ROI as a reference for how their financial investments have performed and to influence future investment decisions.
    Problem Solver: A key stakeholder tasked with collaborating with the BPO in addressing the business problem at hand. One of the problem solver’s responsibilities is to ensure that there is an improved return on the BPO’s investments.
    Return Enhancers: A category for capabilities that directly or indirectly enhance the return of an investment.
    Cost Savers: A category for capabilities that directly or indirectly save costs in relation of an investment.
    Investment Opportunity Enablers: A category for capabilities that create or enable a new investment opportunity that may yield a potential return.
    Game Changing Components: The components of a capability that directly yield value in solving a business problem.

    ROI strategy on data and analytics

    The image contains a screenshot of a diagram that demonstrates the ROI strategy on data and analytics.

    ROI roles

    Typical roles involved in the ROI strategy across the organization

    CDOs and CAOs typically have their budget allocated from both IT and business units.

    This is evidenced by the “State of the CIO Survey 2023” reporting that up to 63% of CDOs and CAOs have some budget allocated from within IT; therefore, up to 37% of budgets are entirely funded by business executives.

    This signifies the need to be aligned with peer executives and to use mechanisms like ROI to maximize the performance of investments.

    Source: Foundry, “State of the CIO Survey 2023.”

    Data security consultancy

    Data security consultancy

    Based on experience
    Implementable advice
    human-based and people-oriented

    Data security consultancy makes up one of Tymans Group’s areas of expertise as a corporate consultancy firm. We are happy to offer our insights and solutions regarding data security and risk to businesses, both through online and offline channels. Read on and discover how our consultancy company can help you set up practical data security management solutions within your firm.

    How our data security consultancy services can help your company

    Data security management should be an important aspect of your business. As a data security consultancy firm, Tymans Group is happy to assist your small or medium-sized enterprise with setting up clear protocols to keep your data safe. As such, we can advise on various aspects comprising data security management. This ranges from choosing a fit-for-purpose data architecture to introducing IT incident management guidelines. Moreover, we can perform an external IT audit to discover which aspects of your company’s data security are vulnerable and which could be improved upon.

    Security and risk management

    Our security and risk services

    Security strategy

    Security Strategy

    Embed security thinking through aligning your security strategy to business goals and values

    Read more

    Disaster Recovery Planning

    Disaster Recovery Planning

    Create a disaster recovey plan that is right for your company

    Read more

    Risk Management

    Risk Management

    Build your right-sized IT Risk Management Program

    Read more

    Check out all our services

    Discover our practical data security management solutions

    Data security is just one aspect with which our consultancy firm can assist your company. Tymans Group offers its extensive expertise in various corporate management domains, such as quality management and risk management. Our solutions all stem from our vast expertise and have proven their effectiveness. Moreover, when you choose to employ our consultancy firm for your data security management, you benefit from a holistic, people-oriented approach.

    Set up an appointment with our experts

    Do you wish to learn more about our data security management solutions and services for your company? We are happy to analyze any issues you may be facing and offer you a practical solution if you contact us for an appointment. You can book a one-hour online talk or elect for an on-site appointment with our experts. Contact us to set up your appointment now.

    Continue reading

    Develop an IT Strategy to Support Customer Service

    • Buy Link or Shortcode: {j2store}528|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Customer expectations regarding service are rapidly evolving. As your current IT systems may be viewed as ineffective at delivering upon these expectations, a transformation is called for.
    • It is unclear whether IT has the system architecture/infrastructure to support modern Customer Service channels and technologies.
    • The relationship between Customer Service and IT is strained. Strategic system-related decisions are being made without the inclusions of IT, and IT is only engaged post-purchase to address integration or issues as they arise.
    • Scope: An ABPM-centric approach is taken to model the desired future state, and retrospectively look into the current state to derive gaps and sequential requirements. The requirements are bundled into logical IT initiatives to be plotted on a roadmap and strategy document.
    • Challenge: The extent to which business processes can be mapped down to task-based Level 5 can be challenging depending on the maturity of the organization.
    • Pain/Risk: The health of the relationship between IT and Customer Service may determine project viability. Poor collaboration and execution may strain the relationship further.

    Our Advice

    Critical Insight

    • When transformation is called for, start with future state visioning. Current state analysis can impede your ability to see future needs and possibilities.
    • Solve your own problems by enhancing core or “traditional” Customer Service functionality first, and then move on to more ambitious business enabling functionality.
    • The more rapidly businesses can launch applications in today’s market, the better positioned they are to improve customer experience and reap the associated benefits. Ensure that technology is implemented with a solid strategy to support the initiative.

    Impact and Result

    • The right technology is established to support current and future Customer Service needs.
    • Streamlined and optimized Customer Service processes that drive efficiency and improve Customer Service quality are established.
    • The IT and Customer Service functions are both transformed from a cost center into a competitive advantage.

    Develop an IT Strategy to Support Customer Service Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Structure the project

    Identify project stakeholders, define roles, and create the project charter.

    • Develop an IT Strategy to Support Customer Service Storyboard
    • Project RACI Chart
    • Project Charter

    2. Define vision for future state

    Identify and model the future state of key business processes.

    • Customer Service Business Process Shortlisting Tool
    • Customer Service Systems Strategy Tool

    3. Document current state and assess gaps

    Model the current state of key business processes and assess gaps.

    4. Evaluate solution options

    Review the outputs of the current state architecture health assessment and adopt a preliminary posture on architecture.

    5. Evaluate application options

    Evaluate the marketplace applications to understand the “art of the possible.”

    6. Frame desired state and develop roadmap

    Compile and score a list of initiatives to bridge the gaps, and plot the initiatives on a strategic roadmap.

    • Customer Service Initiative Scoring and Roadmap
    [infographic]

    Workshop: Develop an IT Strategy to Support Customer Service

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Vision for Future State

    The Purpose

    Discuss Customer Service-related organizational goals and align goals with potential strategies for implementation.

    Score level 5 Customer Service business processes against organizational goals to come up with a shortlist for modeling.

    Create a future state model for one of the shortlisted business processes.

    Draft the requirements as they relate to the business process.

    Key Benefits Achieved

    Preliminary list of Customer Service-related business goals

    List of Customer Service business processes (Task Level 5)

    Pre-selected Customer Service business process for modeling

    Activities

    1.1 Outline and prioritize your customer goals and link their relevance and value to your Customer Service processes with the Customer Service Business Process Shortlisting Tool.

    1.2 Score customer service business processes against organizational goals with the Customer Service Systems Strategy Tool.

    Outputs

    Initial position on viable Customer Service strategies

    Shortlist of key business processes

    Documented future state business process model

    Business/functional/non-functional requirements

    2 Document Current State and Assess Gaps

    The Purpose

    Create a current state model for the shortlisted business processes.

    Score the functionality and integration of current supporting applications.

    Revise future state model and business requirements.

    Key Benefits Achieved

    Inventory of Customer Service supporting applications

    Inventory of related system interfaces

    Activities

    2.1 Holistically assess multiple aspects of Customer Service-related IT assets with the Customer Service Systems Strategy Tool.

    Outputs

    Documented current state business process model

    Customer Service systems health assessment

    3 Adopt an Architectural Posture

    The Purpose

    Review the Customer Service systems health assessment results.

    Discuss options.

    Key Benefits Achieved

    Completed Customer Service systems health assessment

    Application options

    Activities

    3.1 Analyze CS Systems Strategy and review results with the Customer Service Systems Strategy Tool

    Outputs

    Posture on system architecture

    4 Frame Desired State and Develop Roadmap

    The Purpose

    Draft a list of initiatives based on requirements.

    Score and prioritize the initiatives.

    Plot the initiatives on a roadmap.

    Key Benefits Achieved

    Business/functional/non-functional requirements

    Activities

    4.1 Help project and management stakeholders visualize the implementation of Customer Service IT initiatives with the Customer Service Initiative Scoring and Roadmap Tool.

    Outputs

    Scored and prioritized list of initiatives

    Customer Service implementation roadmap

    Further reading

    Develop an IT Strategy to Support Customer Service

    E-commerce is accelerating, and with it, customer expectations for exceptional digital service.

    Analyst Perspective

    The future of Customer Service is digital. Your organization needs an IT strategy to meet this demand.

    The image contains a picture of Thomas E. Randall.

    As the pandemic closed brick-and-mortar stores, the acceleration of ecommerce has cemented Customer Service’s digital future. However, the pandemic also revealed severe cracks in the IT strategy of organizations’ Customer Service – no matter the industry. These cracks may include low resolution and high wait times through the contact center, or a lack of analytics that fuel a reactive environment. Unfortunately, organizations have no time to waste in resolving these issues. Customer patience for poor digital service has only decreased since March 2020, leaving organizations with little to no runway for ramping up their IT strategy.

    Organizations that quickly mature their digital Customer Service will come out the other side of COVID-19 more competitive and with a stronger reputation. This move necessitates a concrete IT strategy for coordinating what the organization’s future state should look like and agreeing on the technologies and software required to meet this state across the entire organization.

    Thomas E. Randall, Ph.D.

    Senior Research Analyst, Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Solution

    • COVID-19 has accelerated ecommerce, rapidly evolving customer expectations about the service they should receive. Without a robust IT strategy for enabling remote, contactless points of service, your organization will quickly fall behind.
    • The organization would like to use modern channels and technologies to enhance customer service, but it is unclear whether IT has the infrastructure to support them.
    • The relationship between Customer Service and IT is strained. Strategic system-related decisions are being made without the inclusion of IT.
    • IT is in a permanent reactive state, only engaged post-purchase to fix issues as they arise and to offer workarounds.
    • Use Info-Tech’s methodology to produce an IT strategy for Customer Service:
      • Phase 1: Define Project and Future State
      • Phase 2: Evaluate Current State
      • Phase 3: Build a Roadmap to Future State
    • Each phase contributes toward this blueprint’s key deliverable: the Strategic Roadmap.

    Info-Tech Insight

    IT must proactively engage with the organization to define what good customer service should look like. This ensures IT has a fair say in what kinds of architectural solutions are feasible for any projected future state. In this proactive scenario, IT can help build the roadmap for implementing and maintaining customer service infrastructure and operations, reducing the time and resources spent on putting out preventable fires or trying to achieve an unworkable goal set by the organization.

    Key insights

    Develop an IT Strategy to Support Customer Service

    Ecommerce growth has increased customer expectations

    Despite the huge obstacles that organizations are having to overcome to meet accelerating ecommerce from the pandemic, customers have not increased their tolerance for organizations with poor service. Indeed, customer expectations for excellent digital service have only increased since March 2020. If organizations cannot meet these demands, they will become uncompetitive.

    The future of customer service is tied up in analytics

    Without a coordinated IT strategy for leveraging technology and data to improve Customer Service, the organization will quickly be left behind. Analytics and reporting are crucial for proactively engaging with customers, planning marketing campaigns, and building customer profiles. Failing to do so leaves the organization blind to customer needs and will constantly be in firefighting mode.

    Meet the customer wherever they are – no matter the channel

    Providing an omnichannel experience is fast becoming a table stakes offering for customers. To maximize customer engagement and service, the organization must connect with the customer on whatever channel the customer prefers – be it social media, SMS, or by phone. While voice will continue to dominate how Customer Service connects with customers, demographics are shifting toward a digital-first generation. Organizations must be ready to capture this rapidly expanding audience.

    This blueprint will achieve:

    Increased customer satisfaction

    • An IT strategy for Customer Service that proactively meets customer demand, improving overall customer satisfaction with the organization’s services.
    • A process for identifying the organization’s future state of Customer Service and developing a concrete gap analysis.

    Time saved

    • Ready-to-use deliverables that analyze and provide a roadmap toward the organization’s desired future state.
    • Market analyses and rapid application selection through SoftwareReviews to streamline project time-to-completion.

    Increased ROI

    • A modernization process that aids Customer Service digital transformation, with a view to achieve high ROI.
    • Save costs through an effective requirements gathering method.
    • Building and expanding the organization’s customer base to increase revenues by meeting the customers where they are – no matter what channel.

    An IT strategy for customer service is imperative for a post-COVID world

    COVID-19 has accelerated ecommerce, rapidly evolving customer expectations for remote, contactless service.

    59% Of customers agree that the pandemic has raised their standards for service (Salesforce, 2020).

    • With COVID-19, most customer demand and employment moved online and turned remote.
    • Retailers had to rapidly respond, meeting customer demand through ecommerce. This not only entailed a complete shift in how customers could buy their goods but how retailers could provide a remote customer journey from discovery to post-purchase support.

    Info-Tech Insight

    The pandemic did not improve customer tolerance for bad service – instead, the demand for good service increased dramatically. Organizations need an IT strategy to meet customer support demands wherever the customer is located.

    The technology to provide remote customer support is surging

    IT needs to be at the forefront of learning about and suggesting new technologies, working with Customer Service to deliver a consistent, business-driven approach.

    78%

    Of decision makers say they’ve invested in new technology as a result of the pandemic (Salesforce, 2020).

    OMNICHANNEL SUPPORT

    Rapidly changing demographics and modes of communications require an evolution toward omnichannel engagement. Agents need customer information synced across each channel they use, meeting the customer’s needs where they are.

    78%

    Of customers have increased their use of self-service during the pandemic (Salesforce, 2020).

    INTELLIGENT SELF-SERVICE PORTALS

    Customers want their issues resolved as quickly as possible. Machine-learning self-service options deliver personalized customer experiences, which also reduce both agent call volume and support costs for the organization.

    90%

    Of global executives who use data analytics report that they improved their ability to deliver a great customer experience (Gottlieb, 2019).

    LEVERAGING ANALYTICS

    The future of customer service is tied up with analytics: from AI-driven capabilities that include agent assist and using biometric data (e.g., speech) for security, to feeding real insights about how customers and agents are doing and performing.

    Executive Brief – Case Study

    Self-service options improve quality of service and boost organization’s competitiveness in a digital marketspace.

    INDUSTRY: Financial Services

    SOURCE: TSB

    Situation

    Solution

    Results

    • The pandemic increased pressure on TSB’s Customer Service, with higher call loads from their five million customers who were anxious about their financial situation.
    • TSB needed to speed up its processing times to ensure loan programs and other assistances were provided as quickly as possible.
    • As meeting in-person became impossible due to the lockdown, TSB had to step up its digital abilities to serve their customers.
    • TSB sought to boost its competitiveness by shifting as far as possible to digital services.
    • TSB launched government loan programs in 36 hours, ahead of its competitors.
    • TSB created and released 21 digital self-service forms for customers to complete without needing to interact with bank staff.
    • TSB processed 140,000 forms in three months, replacing 15,000 branch visits.
    • TSB increased digital self-service rate by nine percent.

    IT can demonstrate its value to business by enhancing remote customer service

    IT must engage with Customer Service – otherwise, IT risks being perennially reactive and dictated to as remote customer service needs increase.

    IT benefits

    Customer Service benefits

    • The right technology is established to support Customer Service.
    • IT is viewed as a strategic partner and innovator, not just a cost center and support function.
    • Streamlined and optimized Customer Service processes that drive efficiency and improve Customer Service quality.
    • Transformation of the Customer Service function into a competitive advantage.

    Info-Tech Insight

    Change to how Customer Service will operate is inevitable. This is an opportunity for IT to establish their value to the business and improve their autonomy in how new technologies should be onboarded and utilized.

    Customer Service and IT need to work together to mitigate their pain points

    IT and Customer Service have an opportunity to reinforce and build their organization’s customer base by working together to streamline operations.

    IT pain points

    Customer Service pain points

    • IT lacks understanding of Customer Service challenges and pain points.
    • IT has technical debt or constrained technology funding.
    • The IT department is viewed as a cost center and support organization, not an engine of innovation, growth, and service delivery performance.
    • Processes supporting Customer Service delivery may be sub-optimal.
    • The existing technology cannot support the increasingly advanced needs of Customer Service functions.
    • Customer Service isn’t fully aware of what your customers think of your service quality. There is little to no monitoring of customer sentiment.
    • There is a lack of value-based segmentation of customers and information on their channel usage and preferences.
    • Competitor actions are not actively monitored.

    IT often cannot spark a debate with Customer Service on whether a decision made without IT is misaligned with corporate direction. It’s almost always an uphill battle for IT.

    Sahri Lava, Research Director, IDC

    Develop an IT Strategy to Support Customer Service

    DON’T FALL BEHIND

    70% of companies either have a digital transformation strategy in place or are working on one (Tech Pro Research, 2018). Unless IT can enable technology that meets the customer where they are, the organization will quickly fall behind in an age of accelerating ecommerce.

    DEVELOP FUTURE STATES

    Many customer journeys are now exclusively digital – 63% of customers expect to receive service over social media (Ringshall, 2020). Organization’s need an IT strategy to develop the future of their customer service – from leveraging analytics to self-service AI portals.

    BUILD GAP ANALYSIS

    73% of customers prefer to shop across multiple channels (Sopadjieva et al., 2017). Assess your current state’s application integrations and functionality to ensure your future state can accurately sync customer information across each channel.

    SHORTLIST SOLUTIONS

    Customer relationship management software is one of the world's fastest growing industries (Kuligowski, 2022). Choosing a best-fit solution requires an intricate analysis of the market, future trends, and your organization’s requirements.

    ADVANCE CHANGE

    95% of customers cite service as key to their brand loyalty (Microsoft, 2019). Build out your roadmap for the future state to retain and build your customer base moving forward.

    Use Info-Tech’s method to produce an IT strategy for Customer Service:

    PHASE 1: Define Project and Future State

    Output: Project Charter and Future State Business Processes

    1.1 Structure the Project

    1.2 Define a Vision for Future State

    1.3 Document Preliminary Requirements

    KEY DELIVERABLE:

    Strategic Roadmap

    The image contains a screenshot of the strategic roadmap.

    PHASE 2: Evaluate Current State

    Output: Requirements Identified to Bridge Current to Future State

    2.1 Document Current State Business Processes

    2.2 Assess Current State Architecture

    2.3 Review and Finalize Requirements for Future State

    PHASE 3: Build a Roadmap to Future State

    Output: Initiatives and Strategic Roadmap

    3.1 Evaluate Architectural and Application Options

    3.2 Understand the Marketplace

    3.3 Score and Plot Initiatives Along Your Strategic Roadmap

    Key deliverable and tools outline

    Each step of this blueprint is accompanied by supporting materials to help you accomplish your goals.

    Project RACI Chart

    Activity 1.1a Organize roles and responsibilities for carrying out project steps.

    The image contains a screenshot of the Project RACI Chart.

    Key Deliverable:

    Strategic Roadmap

    Develop, prioritize, and implement key initiatives for your customer service IT strategy, plotting and tracking them on an easy-to-read timeline.

    The image contains a screenshot of the Strategic Roadmap.

    Business Process Shortlisting Tool

    Activities 1.2a, 1.2b, and 2.1aOutline and prioritize customer service goals.

    The image contains a screenshot of the Business Process Shortlisting Tool.

    Project Charter Template

    Activity 1.1b Define the project, its key deliverables, and metrics for success.

    The image contains a screenshot of the Project Charter Template.

    Systems Strategy Tool

    Activities 1.3a, Phase 2, 3.1a Prioritize requirements, assess current state customer service functions, and decide what to do with your current systems going forward.

    .The image contains a screenshot of the Systems Strategy Tool.

    Looking ahead: defining metrics for success

    Phase 1 of this blueprint will help solidify how to measure this project’s success. Start looking ahead now.

    For example, the metrics below show the potential business benefits for several stakeholders through building an IT strategy for Customer Service. These stakeholders include agents, customers, senior leadership, and IT. The benefits of this project are listed to the right.

    Metric Description

    Current Metric

    Future Goal

    Number of channels for customer contact

    1

    6

    Customer self-service resolution

    0%

    50%

    % ROI

    - 4%

    11%

    Agent satisfaction

    42%

    75%

    As this project nears completion:

    1. Customers will have more opportunities for self-service resolution.
    2. Agents will experience higher satisfaction, improving attrition rates.
    3. The organization will experience higher ROI from its digital Customer Service investments.
    4. Customers can engage the contact center via a communication channel that suits them.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical Guided Implementation on this topic look like?

    Define Project and Future StateDocument and Assess Current StateEvaluate Architectural and Application OptionsBuild Roadmap to Future State

    Call #1: Introduce project, defining its vision and metrics of success.

    Call #2: Review environmental scan to define future state vision.

    Call #3: Examine future state business processes to compile initial requirements.

    Call #4: Document current state business processes.

    Call #5: Assess current customer service IT architecture.

    Call #6: Refine and prioritize list of requirements for future state.

    Call #7: Evaluate architectural options.

    Call #8: Evaluate application options.

    Call #9:Develop and score initiatives to future state.

    Call #10: Develop timeline and roadmap.

    Call #11: Review progress and wrap-up project.

    A Guided Implementation is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical Guided Implementation is two to 12 calls over the course of four to six months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Day 1Day 2Day 3Day 4Day 5

    Define Your Vision for Future State

    Document Current State and Assess Gaps

    Adopt an Architectural Posture

    Frame Desired State and Develop Roadmap

    Communicate and Implement

    Activities

    1.1 Outline and prioritize your customer goals.

    1.2 Link customer service goals’ relevance and value to your Customer Service processes.

    1.3 Score Customer Service business processes against organizational goals.

    2.1 Holistically assess multiple aspects of Customer Service-related IT assets with Customer Service Systems Strategy Tool.

    3.1 Analyze Customer Service Systems Strategy and review results with the Customer Service Systems Strategy Tool.

    4.1 Help project management stakeholders visualize implementation of Customer Service IT initiatives.

    4.2 Build strategic roadmap and plot initiatives.

    5.1 Finalize deliverables.

    5.2 Support communication efforts.

    5.3 Identify resources in support of priority initiatives.

    Deliverables

    1. Initial position on viable Customer Service strategies.
    2. Shortlist of key business processes.
    3. Documented future-state business process model.
    4. Business/functional/non-functional requirements.
    1. Documented current state business process model.
    2. Customer Service systems health assessment.
    3. Inventory of Customer Service supporting applications.
    4. Inventory of related system interfaces.
    1. Posture on system architecture.
    2. Completed Customer Service systems health assessment.
    3. List of application options.
    1. Scored and prioritized list of initiatives.
    2. Customer Service implementation roadmap.
    1. Customer Service IT Strategy Roadmap.
    2. Mapping of Info-Tech resources against individual initiatives.

    Phase 1

    Define Project and Future State

    Phase 1

    Phase 2

    Phase 3

    1.1 Structure the Project

    1.2 Define Vision for Future State

    1.3 Document Preliminary Requirements

    2.1 Document Current State Business Processes

    2.2 Assess Current State Architecture

    2.3 Review and Finalize Requirements for Future State

    3.1 Evaluate Architectural and Application Options

    3.2 Understand the Marketplace

    3.3 Score and Plot Initiatives Along Strategic Roadmap

    This phase will guide you through the following activities:

    1.1a Create your project’s RACI chart to establish key roles throughout the timeline of the project.

    1.1b Finalize your project charter that captures the key goals of the project, ready to communicate to stakeholders for approval.

    1.2a Begin documenting business processes to establish potential future states.

    1.2b Model future state business processes for looking beyond current constraints and building the ideal scenario.

    1.3a Document your preliminary requirements for concretizing a future state and performing a gap analysis.

    Participants required for Phase 1:

    • Applications Director
    • Customer Service Director
    • IT and Customer Service Representatives

    1.1 Identify process owners early for successful project execution

    IT and Customer Service must work in tandem throughout the project. Both teams’ involvement ensures all stakeholders are heard and support the final decision.

    Customer Service Perspective

    IT Perspective

    • Customer Service is the victim of pain points resulting from suboptimal systems and it stands to gain the most benefits from a well-planned systems strategy.
    • Looking to reduce pain points, Customer Service will likely initiate, own, and participate heavily in the project.
    • Customer Service must avoid the tendency to make IT-independent decisions. This could lead to disparate systems that contribute little to the overall organizational goals.
    • IT owns the application and back-end support of all Customer Service business processes. Any technological aspect of processes will need IT involvement.
    • IT may or may not have the mandate to run the Customer Service strategy project. Responsibility for systems decisions remains with IT.
    • IT should own the task of filtering out unnecessary or infeasible application and technology decisions. IT capabilities to support such acquisitions and post-purchase maintenance must be considered.

    Info-Tech Insight

    While involving management is important for high-level strategic decisions, input from those who interact day-to-day with the systems is a crucial component to a well-planned strategy.

    1.1 Define project roles and responsibilities to improve progress tracking

    Assign responsibilities, accountabilities, and other project involvement roles using a RACI chart.

    • IT should involve Customer Service from the beginning of project planning to implementation and execution. The project requires input and knowledge from both functions to succeed.
    • Do not let the tasks be forgotten within inter-functional communication. Define roles and responsibilities for the project as early as possible.
    • Each member of the project team should be given a RACI designation, which will vary for each task to ensure clear ownership, execution, and progress tracking.
    • Assigning RACI early can:
      • Improve project quality by assigning the right people to the right tasks.
      • Improve chances of project task completion by assigning clear accountabilities.
      • Improve project buy-in by ensuring that stakeholders are kept informed of project progress, risks, and successes.

    R – Responsibility

    A – Accountability

    C – Consulted

    I – Informed

    1.1 Use Info-Tech’s recommended process owners and roles for this blueprint

    Customer Service Head

    Customer Service Director

    CIO

    Applications Director*

    CEO/COO

    Marketing Head

    Sales Head

    Determine Project Suitability

    ARCCCII

    Phase 1.1

    CCARIII

    Phases 1.2 – 1.3

    ARCCICC

    Phase 2

    ARICIII

    Phase 3.1

    (Architectural options)

    CCARIII

    Phase 3.1

    (Application options)

    ACIRICC

    Phases 3.2 – 3.3

    CCARCII

    * The Applications Director is to compile a list of Customer Service systems; the Customer Service Director is responsible for vetting a list and mapping it to Customer Service functions.

    ** The Applications Director is responsible for technology-related decisions (e.g. SaaS or on-premise, integration issues); the Customer Service Director is responsible for functionality-related decisions.

    1.1a Create your project’s RACI chart

    1 hour

    1. The Applications Director and Customer Service Head should identify key participants and stakeholders of the project.
    2. Use Info-Tech’s Project RACI Chart to identify ownership of tasks.
    3. Record roles in the Project RACI Chart.
    The image contains a screenshot of the project RACI chart.
    InputOutput
    • Identification of key project participants and stakeholders.
    • Identification of key project participants and stakeholders.

    Materials

    Participants

    • Project RACI Chart
    • Applications Director
    • Customer Service Director

    Download the Project RACI Chart

    1.1 Start developing the project charter

    A project charter should address the following:

    • Executive Summary and Project Overview
      • Goals
      • Benefits
      • Critical Success Factors
    • Scope
    • Key Deliverables
    • Stakeholders and RACI
    • Risk Assessment
      • What are some risks you may encounter during project execution?
    • Projected Timeline and Key Milestones
    • Review and Approval Process

    What is a project charter?

    • The project charter defines the project and lays the foundation for all subsequent project planning.
    • Once approved by the business, the charter gives the project lead formal authority to initiate the project.

    Why create a project charter?

    • The project charter allows all parties involved to reach an agreement and document major aspects of the project.
    • It also supports the decision-making process and can be used as a communication tool.

    Stakeholders must:

    • Understand and agree on the objectives and important characteristics of the project charter before the project is initiated.
    • Be given the opportunity to adjust the project charter to better address their needs and concerns.

    1.1b Finalize the project charter

    1-2 hours

    1. Request relevant individuals and parties to complete sections of Info-Tech’s Project Charter Template.
    2. Input the simplified RACI output from tab 3 in Info-Tech’s Project RACI Chart tool into the RACI section of the charter.
    3. Send the completed template to the CIO and Customer Service Head for approval.
    4. Communicate the document to stakeholders for changes and finalization.
    The image contains a screenshot of the Project Charter Template.

    Input

    Output

    • Customer Service and IT strategies
    • Justification of impetus to begin this project
    • Timeline estimates
    • A completed project charter that captures the key goals of the project, ready to communicate to stakeholders for approval.

    Materials

    Participants

    • Project RACI Chart
    • Project Charter Template
    • Applications Director
    • Customer Service Director

    Download the Project Charter Template

    1.2 IT must play a role shaping Customer Service’s future vision

    IT is only one or two degrees of separation from the end customer – their involvement can significantly impact the customer experience.

    IT

    Customer Service

    Customer

    Customer Service-Facing Application

    Customer-Facing Application

    • IT enables, supports, and maintains the applications used by the Customer Service organization to service customers. IT provides the infrastructural and technical foundation to operate the function.
    • IT supports customer-facing interfaces and channels for Customer Service interaction.
    • Channel examples include web pages, mobile device applications and optimization, and interactive voice response for callers.

    1.2 Establish a vision for Customer Service excellence

    Info-Tech has identified three prominent Customer Service strategic patterns. Evaluate which fits best with your situation and organization.

    Retention

    Efficiency

    Cross-Sell/Up-Sell

    Ensuring customers remain customers by providing proactive customer service and a seamless omnichannel strategy.

    Reducing costs by diverting customers to lower cost channels and empowering agents to solve problems quickly.

    Maximizing the value of existing customers by capitalizing on cross-sell and up-sell opportunities.

    1.2 Let profitability goals help reveal which strategy to pursue

    Profitability goals are tied to the enabling of customer service strategies.

    • If looking to drive cost decreases across the organization, pursue cost efficiency strategies such as customer volume diversion in order to lower cost channels and avoid costly escalations for customer complaints and inquiries.
    • Ongoing Contribution Margin is positive only once customer acquisition costs (CAC) have been paid back. For every customer lost, another customer has to be acquired in order to experience no loss. In this way, customer retention strategies help decrease your overall costs.
    • Once cost reduction and customer retention measures are in place, look to increase overall revenue through cross-selling and up-selling activities with your customers.
    The image contains a screenshot of a diagram to demonstrate the relationship between goals and enabling strategies.

    Info-Tech Insight

    Purely driving efficiency is not the goal. Create a balance that does not compromise customer satisfaction.

    Customer Service strategies: Case studies

    Efficiency

    • Volume diversion to lower cost channels
    • Agent empowerment

    MISS DIG 811 – a utility notification system – sought to make their customer service more efficient by moving to softphones. Using the Cisco Customer Journey Platform, Miss Dig saw a 9% YoY increase in agent productivity and 83% reduction in phone equipment costs. Source: (Cisco, 2018).

    Retention

    • Proactive Customer Service
    • Seamless omnichannel strategy

    VoiceSage worked with Home Retail Group – a general merchandise retailer – to proactively increase customer outreach, reducing the number of routine customer order and delivery queries received. In four weeks, Home Retail Group increased their 30-40% answer rate from customers to 100%, with 90% of incoming calls answered and 60% of contacts made via SMS. Source: (VoiceSage, 2018)

    Cross-Sell/

    Up-Sell

    • Cross-Sell and Up-Sell opportunities

    A global brand selling language-learning software utilized Callzilla to help improve their call conversion rate of 2%. After six months of agent and supervisor training, this company increased their call conversion rate to 16% and their upsell rate to 40%. Their average order value increased from < $300 to $465. Source: (Callzilla, n.d.)

    1.2 Performing an environmental scan can help IT optimize Customer Service support

    Though typically executed by Customer Service, IT can gain valuable insights for best supporting infrastructure, applications, and operations from an environmental scan.

    An environmental scan seeks to understand your organization’s customers from multiple directions. It considers:

    • Customers’ value-based segmentations.
    • The interaction channels customers prefer to use.
    • Customers’ likes and dislikes.
    • The general sentiment of your customer service quality.
    • What your competitors are doing in this space.
    The image contains a screenshot of a diagram to demonstrate how performing an environmental scan can help IT optimize Customer Service support.

    Info-Tech Insight

    Business processes must directly relate to customer service. Failing to correlate customer experience with business performance outcomes overlooks the enormous cost of negative sentiment.

    1.2 The environmental scan results should drive IT’s strategy and resource spend

    Insights derived from this scan can help frame IT’s contributions to Customer Service’s future vision.

    Why IT should care:

    Implications:

    Each customer experience, from product/service selection to post-transaction support, can have a significant impact on business performance.

    It is not just IT or Customer Service that should care; rather, it should be an organizational responsibility to care about what customers say.

    Customers have little tolerance for mediocrity or poor service and simply switch their allegiances to those that can satisfy their expectations.

    Do not ignore your competitors; they may be doing something well in Customer Service technology which may serve as your organization’s benchmark.

    With maturing mobile and social technologies, customers want to be treated as individuals rather than as a series of disconnected accounts

    Do not ignore your customers’ plea for individuality through mobile and social. Assess your customers’ technology channel preferences.

    Customer service’s perception of service quality may be drastically different than what is expected by the customers.

    Prevent your organization from investing in technology that will have no positive impact on your customer experience.

    Some customers may not provide your organization the business value that surpasses your cost to serve them.

    Focus on enhancing the technology and customer service experience for your high-value customers.

    1.2 Have Customer Service examine feedback across channels for a holistic view

    Your method of listening needs to evolve to include active listening on social and mobile channels.

    Insights and Implications for Customer Service

    Limitations of conventional listening:

    • Solicited customer feedback, such as surveys, do not provide an accurate feedback method since customers only have one channel to express their views.
    • Sentiment, voice, and text analytics within social media channels provide the most accurate and timely intelligence.

    How IT Can Help

    IT can help facilitate the customer feedback process by:

    • Conducting customer feedback with voice recognition software.
    • Monitoring customer sentiment on mobile and social channels.
    • Utilizing customer data analytic engines on social media management platforms.
    • Referring Customer Service to customer advisory councils and their databases.

    1.2 Benchmark IT assets by examining your competitors’ Customer Service capabilities

    The availability of the internet means almost complete transparency between your products and services, and those of your competitors.

    Insights and implications from Customer Service

    How IT can help

    Competitor actions are crucial. Watch your competitors to learn how they use Customer Service as a competitive differentiator and a customer acquisition tool.

    Do not learn about a competitor’s actions because your customers are already switching to them. Track your competitors before getting a harsh surprise from your customers.

    View the customer service experience from the outside in. Assessing from the inside out gives an internal perspective on how good the service is, rather than what customers are experiencing.

    Take a data and analytics-driven approach to mine insights on what customers are saying about your competitors. Negative sentiment and specific complaints can be used as reference for IT and Customer Service to:

    • Avoid repeating the competitor’s mistakes.
    • Utilize sentiment as a benchmark for goal setting and improvements.
    • Duplicate successful technology initiatives to realize business value.

    Info-Tech Insight

    Look to your competitors for comparative models but do not pursue to solely replicate what they currently have. Aim higher and attempt to surpass their capabilities and brand value.

    1.2 Collaborate with Customer Service to understand customer value segments

    Let segmentation help you gain intelligence on customers’ expectations.

    Insights and implications from customer service

    • Segment your customers based on their value relative to the cost to serve. The easiest way to do so is with channel preference categorization.
    • If the cost for retention attempts are higher than the value that those customers provide, there is little business case to pursue retention action.

    How IT can help

    • Couple value-based segmentation with channel preference and satisfaction levels of your most-valued customers to effectively target IT investments in channels that maximize service customization and quality.
    • Correlate the customers’ channel and technology usage with their business value to see which IT assets are delivering on their investments.

    The image contains a screenshot of a graph to demonstrate the relationship between cost of retention and value.

    “If you're developing a Customer Service strategy, it has to start with who your clients are, what [they are] trying to do, and through what channels […] and then your decision around processes have to fall out of that. If IT is trying to lead the conversation, or bring people together to lead the conversation, then marketing and whoever does segmentation has to be at the table as a huge component of this.”

    Lisa Woznica, Director of Client Experience, BMO Financial Group

    1.2 Be mindful of trends in the consumer and technology landscape

    Building a future vision of customer service requires knowing what upcoming technologies can aid the organization.

    OMNICHANNEL SUPPORT

    Rapidly changing demographics and modes of communication requires an evolution toward omnichannel engagement. 63% of customers now expect to communicate with contact centers over their social media (Ringshall 2020). Agents need customer information synced across each channel they use, meeting the customer’s needs where they are.

    INTELLIGENT SELF-SERVICE PORTALS

    Customers want their issues resolved as quickly as possible. Machine learning self-service options deliver personalized customer experiences, which also reduce both agent call volume and support costs for the organization. 60% of contact centers are using or plan to use AI in the next 12 months to improve their customer (Canam Research 2020).

    LEVERAGING ANALYTICS

    The future of customer service is tied up with analytics. This not only entails AI-driven capabilities that fetch the agent relevant information, but it finds skills-based routing and uses biometric data (e.g., speech) for security. It also feeds operations leaders’ need for easy access to real insights about how their customers and agents are doing.

    Phase 1 – Case Study

    Omnichannel support delivers a financial services firm immediate customer service results.

    INDUSTRY: Financial Services

    SOURCE: Mattsen Kumar

    Situation

    Solution

    Results

    • A financial services firm’s fast growth began to show cracks in their legacy customer service system.
    • Costs to support the number of customer queries increased.
    • There was a lack of visibility into incoming customer communications and their resolutions.
    • Business opportunities were lost due to a lack of information on customers’ preferences and challenges. Customer satisfaction was decreasing, negatively impacting the firm’s brand.
    • Mattsen Kumar diagnosed that the firm’s major issue was that their customer service processes required a high percentage of manual interventions.
    • Mattsen Kumar developed an omnichannel strategy, including a mix of social channels joined together by a CRM.
    • A key aspect of this omnichannel experience was designing automated processes with minimal manual intervention.
    • 25% reduction in callbacks from customers.
    • $50,000 reduction in operational costs.
    • Two minutes wait time reduction for chat process.
    • 14% decrease in average handle time.
    • Scaled up from 6000 to 50,000 monthly calls that could be handled by the current team.
    • Enabled more than 10,000 customer queries over chats.

    1.2 Construct your future state using a business process management approach

    Documenting and evaluating your business processes serves as a good starting point for defining the overall Customer Service strategy.

    • Examining key Customer Service business processes can unlock clues around the following:
      • Driving operational effectiveness.
      • Identifying, implementing, and maintaining reusable enterprise systems.
      • Identifying gaps that can be addressed by acquisition of additional systems.
    • Business process modeling facilitates the collaboration between business and IT, recording the sequence of events, tasks performed, by whom they are performed, and the levels of interaction with the various supporting applications.
    • By identifying the events and decision points in the process, and overlaying the people that perform the functions and technologies that support them, organizations are better positioned to identify gaps that need to be bridged.
    • Encourage the analysis by compiling the inventory of Customer Service business processes that are relevant to the organization.

    Info-Tech Insight

    A process-oriented approach helps organizations see the complete view of the system by linking strategic requirements to business requirements, and business requirements to system requirements.

    1.2 Use the APQC Framework to define your Customer Service-related processes

    • APQC’s Process Classification Framework (PCF) is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.
    • Section 5 of the PCF details various levels of Customer Service business processes, useful for mapping on to your own organization’s current state.
    • The APQC Framework can be accessed through the following link: APQC’s Process Classification Framework.

    The APQC Framework serves as a high-level, industry-neutral enterprise model that allows organizations to see activities from a cross-industry process perspective.

    The image contains a screenshot example of the APQC Process Classification Framework.
    Source: (Ziemba and Eisenbardt 2015)

    Info-Tech Caution

    The APQC framework does not list all processes within a specific organization, nor are the processes which are listed in the framework present in every organization. It is designed as a framework and global standard to be customized for use in any organization.

    1.2 Each APQC process has five levels that represent its logical components

    The image contains a screenshot of the APQC five levels. The levels include: category, process group, process, and activity.

    The PCF provides L1 through 4 for the Customer Service Framework.

    L5 processes are task- and industry-specific and need to be defined by the organization.

    Source: (APQC 2020)
    This Industry Process Classification Framework was jointly developed by APQC and IBM to facilitate improvement through process management and benchmarking. ©2018 APQC and IBM. ALL RIGHTS RESERVED.

    1.2a Begin documenting business processes

    4 hours

    1. Using Info-Tech’s Customer Service Business Process Shortlisting Tool, list the Customer Service goals and rank them by importance.
    2. Score the APQC L4 processes by relevance to the defined goals and perceived satisfaction index.
    3. Define the L5 processes for the top scoring L4 process.
    4. Leave Tab 5, Columns G – I for now. These columns will be revisited in activities 1.2b and 2.1a.
    The image contains a screenshot of the Customer Service Process Shortlisting Tool.

    Input

    Output

    • List of Customer Service goals
    • A detailed prioritization of Customer Service business processes to model for future states

    Materials

    Participants

    • Whiteboard
    • Writing materials
    • Customer Service Business Process Shortlisting Tool
    • Applications Director
    • Customer Service Director
    • IT and Customer Service Representatives

    Download the Customer Service Business Process Shortlisting Tool

    1.2 Start designing the future state of key business processes

    If Customer Service transformation is called for, start with your future-state vision. Don’t get stuck in current state and the “art of the possible” within its context.

    Future-State Analysis

    Start by designing your future state business processes (based on the key processes shortlisting exercise). Design these processes as they would exist as your “ideal scenario.” Next, analyze your current state to help better your understanding of:

    • The gaps that exist and must be bridged to achieve the future-state vision.
    • Whether or not any critical functions that support your business were omitted accidentally from the future-state processes.
    • Whether or not any of the supporting applications or architecture can be salvaged and used toward delivery of your future-state vision.

    Though it’s a commonly used approach, documenting your current-state business processes first can have several drawbacks:

    • Current-state analysis can impede your ability to see future possibility.
    • Teams will spend a great deal of time and effort on documenting current state and inevitably succumb to “analysis paralysis.”
    • Current state assessment, when done first, limits the development of the future (or target) state, constraining thinking to the limitations of the current environment rather than the requirements of the business strategy.

    Current-State Analysis

    “If you're fairly immature and looking for a paradigm shift or different approach [because] you recognize you're totally doing it wrong today, then starting with documenting current state doesn't do a lot except make you sad. You don't want to get stuck in [the mindset of] ‘Here's the current state, and here’s the art of the possible.’”

    Trevor Timbeck, Executive Coach, Parachute Executive Coaching

    1.2 Start modeling future-state processes

    Build buy-in and accountability in process owners through workshops and whiteboarding – either in-person or remotely.

    Getting consensus on the process definition (who does what, when, where, why, and how) is one of the hardest parts of BPM.

    Gathering process owners for a process-defining workshop isn’t easy. Getting them to cooperate can be even harder. To help manage these difficulties during the workshop, make sure to:

    • Keep the scope contained to the processes being defined in order to make best use of everyone’s time, as taking time away from employees is a cost too.
    • Prior to the workshop, gather information about the processes with interviews, questionnaires, and/or system data gathering and analysis.
    • Use the information gathered to have real-life examples of the processes in question so that time isn’t wasted.

    Info-Tech Insight

    Keep meetings short and on task as tangents are inevitable. Set ground rules at the beginning of any brainstorming or whiteboarding session to ensure that all participants are aligned.

    1.2 Use the five W’s to help map out your future-state processes

    Define the “who, what, why, where, when, and how” of the process to gain a better understanding of individual activities.

    Owner

    Who

    What

    When

    Where

    Why

    How

    Record Claim

    Customer Service

    Customer Service Rep.

    Claim

    Accident

    Claims system

    Customer notification

    Agent enters claim into the system and notifies claims department

    Manage Claim

    Claims Department

    Claims Clerk

    Claim

    Agent submitted the claim

    Claims system

    Agent notification

    Clerk enters claim into the claims system

    Investigate Claim

    Claims Investigation

    Adjuster

    Claim

    Claim notification

    Property where claim is being made

    Assess damage

    Evaluation and expert input

    Settle Claim

    Claims Department

    Claim Approver

    Claim and Adjuster’s evaluation

    Receipt of Adjuster’s report

    Claims system

    Evaluation

    Approval or denial

    Administer Claim

    Finance Department

    Finance Clerk

    Claim amount

    Claim approval notification

    Finance system

    Payment required

    Create payment voucher and cut check

    Close Claim

    Claims Department

    Claims Clerk

    Claim and all supporting documentation

    Payment issued

    Claims system

    Claim processed

    Close the claim in the system

    Info-Tech Insight

    It’s not just about your internal processes. To achieve higher customer retention and satisfaction, it’s also useful to map the customer service process from the customer perspective to identify customer pain points and disconnects.

    1.2 Use existing in-house software as a simplistic entry point to process modeling

    A diagramming tool like Visio enables you to plot process participants and actions using dedicated symbols and connectors that indicate causality.

    • Models can use a stick-figure format, a cross-functional workflow format, or BPMN notation.
    • Plot the key activities and decision points in the process using standard flowcharting shapes. Identify the data that belongs to each step in a separate document or as call-outs on the diagram.
    • Document the flow control between steps, i.e., what causes one step to finish and another to start?

    The image contains a screenshot of the sample cross-functional diagram using the claims process.

    Info-Tech Best Practice

    Diagramming tools can force the process designer into a specific layout: linear or cross-functional/swim lane.

    • A linear format is recommended for single function and system processes.
    • A swim lane format is recommended for cross-functional and cross-departmental processes.

    1.2 Introduce low investment alternatives for process modeling for modeling disciplines

    SaaS and low-cost modeling tools are emerging to help organizations with low to medium BPM maturity visualize their processes.

    • Formal modeling tools allow a designer to model in any view and easily switch to other views to gain new perspectives on the process.
    • Subscription-based, best-of-breed SaaS tools provide scalable and flexible process modeling capabilities.
    • Open source and lower cost tools also exist to help distribute BPM modeling discipline and standards.
    • BPMS suites incorporate advanced modeling tools with process execution engines for end-to-end business process management. Integrate process discovery with modeling, process simulation, and analysis. Deploy, monitor, and measure process models in process automation engines.

    The image contains a screenshot of a diagram of the claims process.

    Explore SoftwareReviews’ Business Process Management market analysis by clicking here.

    1.2b Model future state business processes

    4 hours

    1. Model the future state of the most critical business processes.
    2. Use Tab 5, Columns G – H of Info-Tech’s Customer Service Business Process Shortlisting Tool to keep stock of what processes are targeted for modeling, and whether the models have been completed.
    The image contains a screenshot of the Customer Service Business Process Shortlisting Tool.

    Input

    Output

    • Modeled future Customer Service business processes
    • An inventory of modeled future states for critical Customer Service business processes

    Materials

    Participants

    • Whiteboard
    • Writing materials
    • Customer Service Business Process Shortlisting Tool
    • Applications Director
    • Customer Service Director

    Download the Customer Service Business Process Shortlisting Tool

    1.3 Start a preliminary inventory of your requirements

    Use the future state business process models as a source for software requirements.

    • Business process modeling deals with business requirements that can be used as the foundation for elicitation of system (functional and non-functional) requirements.
    • Modeling creates an understanding of the various steps and transfers in each business process, as well as the inputs and outputs of the process.
    • The future state models form an understanding of what information is needed and how it flows from one point to another in each process.
    • Understand what technologies are (or can be) leveraged to facilitate the exchange of information and facilitate the process.

    For each task or event in the process, ask the following questions:

    • What is the input?
    • What is the output?
    • What are the underlying risks and how can they be mitigated?
    • What conditions should be met to mitigate or eliminate each risk?
    • What are the improvement opportunities?
    • What conditions should be met to enable these opportunities?

    Info-Tech Insight

    Incorporate future considerations into the requirements. How will the system need to adapt over time to accommodate additional processes, process variations, introduction of additional channels and capabilities, etc. Do not overreach by identifying system capabilities that cannot possibly be met.

    1.3 Understand the four different requirements to document

    Have a holistic view for capturing the various requirements the organization has for a Customer Service strategy.

    Business requirements

    High-level requirements that management would typically understand.

    User requirements

    High-level requirements on how the tool should empower users’ lives.

    Non-functional requirements

    Criteria that can be used to judge the operation of a contact center. It defines how the system should perform for the organization.

    Functional requirements

    Outline the technical requirements for the desired contact center.

    1.3 Extract requirements from the business process models

    To see how, let us examine our earlier example for the Claims Process, extracting requirements from the “Record Claim” task.

    The image contains an example of the claims process, and focuses on the record claim task.

    1.3a Document your preliminary requirements

    4 hours

    1. The Applications Director and Customer Service Head are to identify participants based on the business processes that will be reviewed.
    2. They are to conduct a workshop to gather all requirements that can be taken from the business process models.
    3. Use Tab 4 of Info-Tech’s Customer Service Systems Strategy Tool to document your preliminary requirements.
    The image contains a screenshot of the Customer Service Systems Strategy Tool.
    InputOutput
    • Half-day workshop to review the proposed future-state diagrams and distill from them the business, functional, and non-functional requirements
    • Future state business process models from activities 1.2a and 1.2b
    • An inventory of preliminary requirements for modeled future states
    MaterialsParticipants
    • Whiteboard
    • Writing materials
    • Customer Service Systems Strategy Tool
    • Results of activities 1.2a and 1.2b
    • Applications Director
    • Customer Service Director
    • IT and Customer Service Representatives

    Download the Customer Service Systems Strategy Tool

    Phase 2

    Evaluate Current State

    Phase 1

    Phase 2

    Phase 3

    1.1 Structure the Project

    1.2 Define Vision for Future State

    1.3 Document Preliminary Requirements

    2.1 Document Current State Business Processes

    2.2 Assess Current State Architecture

    2.3 Review and Finalize Requirements for Future State

    3.1 Evaluate Architectural and Application Options

    3.2 Understand the Marketplace

    3.3 Score and Plot Initiatives Along Strategic Roadmap

    This phase will guide you through the following activities:

    2.1a Model current-state business processes for an inventory to compare against future-state models.

    2.1b Compare future and current business states for a preliminary gap analysis.

    2.1c Begin compiling an inventory of CS Systems by function for an overview of your current state map.

    2.2a Rate your functional and integration quality to assess the performance of your application portfolio.

    2.3a Compare states and propose action to bridge current business processes with viable future alternatives.

    2.3b Document finalized requirements, ready to enact change.

    Participants required for Phase 2:

    • Applications Director
    • Customer Service Director
    • IT and Customer Service Representatives
    • IT Managers

    2.1 Document the current state of your key business processes

    Doing so will solidify your understanding of the gaps, help identify any accidental omissions from the future state vision, and provide clues as to what can be salvaged.

    • Analysis of the current state is important in the context of gap analysis. It aids in understanding the discrepancies between your baseline and the future-state vision, and ensuring that these gaps are recorded as part of the overall requirements.
    • By analyzing the current state of key business processes, you may identify critical functions that are in place today that were not taken into consideration during the future-state business process visioning exercise.
    • By overlaying the current state process models with the applications that support them, the current state models will indicate what systems and interfaces can be salvaged.
    • The baseline feeds the business case, allowing the team to establish proposed benefits and improvements from implementing the future-state vision. Seek to understand the following:
      • The volumes of work
      • Major exceptions
      • Number of employees involved
      • Amount of time spent in each area of the process

    2.1 Assess the current state to drive the gap analysis

    Before you choose any solution, identify what needs to be done to your current state in order to achieve the vision you have defined.

    • By beginning with the future state in mind, you have likely already envisioned some potential solutions.
    • By reviewing your current situation in contrast with your desired future state, you can deliberate what needs to be done to bridge the gap. The differences between the models allow you to define a set of changes that must be enacted in sequence or in parallel. These represent the gaps.
    • The gaps, once identified, translate themselves into additional requirements.

    Assessment Example

    Future State

    Current Situation

    Next Actions/ Proposals

    Incorporate social channels for responding to customer inquiries.

    No social media monitoring or channels for interaction exist at present.

    1. Implement a social media monitoring platform tool and integrate it with the current CSM.
    2. Recruit additional Customer Service representatives to monitor and respond to inquiries via social channels.
    3. Develop report(s) for analyzing volumes of inquiries received through social channels.

    Info-Tech Insight

    It is important to allot time for the current-state analysis, confine it to the minimum effort required to understand the gaps, and identify any missing pieces from your future-state vision. Make sure the work expended is proportional to the benefit derived from this exercise.

    2.1a Model current-state business processes

    2 hours

    1. Model the current state of the most critical business processes, using the work done in activities 1.2a and 1.2b to help identify these processes.
    2. Use Tab 5, Column I of Info-Tech’s Customer Service Business Process Shortlisting Tool to keep stock of what models have been completed.
    3. This tool is now complete.
    The image contains a screenshot of the Customer Service Business Process Shortlisting Tool.
    InputOutput
    • Modeled current-state Customer Service business processes
    • An inventory of modeled current states for critical Customer Service business processes
    MaterialsParticipants
    • Whiteboard
    • Writing materials
    • Customer Service Business Process Shortlisting Tool
    • Results of activities 1.2a and 1.2b.
    • Applications Director
    • Customer Service Director

    Download the Customer Service Business Process Shortlisting Tool

    2.1b Compare future and current business states

    2 hours

    1. Use Tab 9 of Info-Tech’s Customer Service Systems Strategy Tool to record a summary of the future state, current state, and actions proposed in order to bridge the gaps.
      • Fill out the desired future state of the business processes and IT architecture.
      • Fill out the current state of the business processes and IT architecture.
      • Fill out the actions required to mitigate the gaps between the future and current state.
    The image contains a screenshot of thr Customer Service Systems Strategy Tool.
    InputOutput
    • The results of activities 1.2a, 1.2b, and 2.1a.
    • Modeled future- and current-state business processes
    • An overview and analysis of how to reach certain future states from the current state.
    • A preliminary list of next steps through bridging the gap between current and future states.
    MaterialsParticipants
    • Whiteboard
    • Writing materials
    • Customer Service Business Process Shortlisting Tool
    • Applications Director
    • Customer Service Director

    Download the Customer Service Systems Strategy Tool

    2.1 Assess whether Customer Service architecture can meet future-state vision

    Approach your CS systems holistically to identify opportunities for system architecture optimization.

    • Organizations often do not have a holistic view of their Customer Service systems. These systems are often cobbled together from disparate parts, such as:
      • Point solutions (both SaaS and on-premise).
      • Custom interfaces between applications and databases.
      • Spreadsheets and other manual workarounds.
    • A high degree of interaction between multiple systems can cause distention in the application portfolio and databases, creating room for error and more work for CS and IT staff. Mapping your systems and architectural landscape can help you:
      • Identify the number of manual processes you currently employ.
      • Eliminate redundancies.
      • Allow for consolidation and/or integration.

    Consider the following metrics when tracking your CS systems:

    Time needed to perform core tasks (i.e., resolving a customer complaint)

    Accuracy of basic information (customer history, customer product portfolio)

    CSR time spent on manual process/workarounds

    Info-Tech Insight

    There is a two-step process to document the current state of your Customer Service systems:

    1. Compile an inventory of systems by function
    2. Identify points of integration across systems

    2.1c Begin compiling an inventory of CS systems by function

    2 hours

    1. Using Tab 2 of Info-Tech’s Customer Service Systems Strategy Tool, request that the CS managers fill in the application inventory template with all the CS systems that they use.
    2. Questions to trigger exercise:
      • Which applications am I using?
      • Which CS function does the application support?
      • How many applications support the same function?
      • What spreadsheets or manual workarounds do I use to fill in system gaps?
    3. Send the filled-in template to IT Managers to validate and fill in missing system information.
    InputOutput
    • Applications Directors’ knowledge of the current state
    • IT Managers’ validation of this state
    • A corroborated inventory of the current state for Customer Service systems
    MaterialsParticipants
    • Customer Service Systems Strategy Tool
    • Applications Director
    • IT managers

    Download the Customer Service Systems Strategy Tool

    2.1 Use activity 2.1c for an overview of your current state map

    The image contains a screenshot of activity 2.1.

    Info-Tech Insight

    A current-state map of CS systems can offer insight on:

    • Coverage, i.e. whether all functional areas are supported by systems.
    • Redundancies, i.e. functional areas with multiple systems. If a customer’s records are spread across multiple systems, it may be difficult to obtain a single source of truth.

    2.2 Assess current state with user interface architecture diagrams

    Understand a high-level overview of how your current state integrates together to rate its overall quality.

    • If IT already has an architecture diagram, use this in conjunction with your application inventory for the basis of current state discussions.
    • If your organization does not already have an architecture diagram for review and discussion, consider creating one in its most simplistic form using the following guidelines (see illustrative example on next slide):

    Represent each of your systems as a labelled shape with a unique number (this number can be referenced in other artifacts that can provide more detail).

    Color coding can also be applied to differentiate these objects, e.g., to indicate an internal system (where development is owned by your organization) vs. an external system (where development is outside of your organization’s control).

    2.2 Example: Current state with user interface architecture diagrams

    The image contains a screenshot of an example of current state with user interface architecture diagrams.

    2.2 Evaluate application functionality and functional coverage

    Use this documentation of the current state as an opportunity to spot areas for rationalizing your application portfolio.

    If an application is well-received by the organization and is an overall good platform, consider acquiring more modules from the same vendor application.

    The image contains a screenshot of a diagram to demonstrate functionality and functional coverage.

    If you have more than one application for a function, consider why that is and how you might consolidate into a single application.

    Measure the effectiveness of applications under consideration. For example, consider the number of failures when an application attempts a function (by ticket numbers), and overall satisfaction/ease of use.

    The above steps will reveal capability overlaps and application pain points and show how the overall portfolio could be made more efficient.

    2.2 Determine the degree of integration between systems

    Data and system integration are key components of an effective CS system portfolio.

    The needed level of integration will depend on three major factors:

    Integration between systems helps facilitate reporting. The required reports will vary from organization to organization:

    How many other systems benefit from the data of the application?

    Large workforces will benefit from more detailed WFM reports for optimizing workforce planning and talent acquisition.

    Will automating the integration between systems alleviate a significant amount of manual effort?

    Organizations with competitive sales and incentives will want to strategize around talent management and compensation.

    What kind of reports will your organization require in order to perform core and business-enabling functions?

    Aging workforces or organizations with highly specialized skills can benefit from detailed analysis around succession planning.

    Phase 2 – Case Study

    Integrating customer relationship information streamlines customer service and increases ROI for the organization.

    INDUSTRY: Retail and Wholesale

    SOURCE: inContact

    Situation

    Solution

    Results

    • Hall Automotive – a group of 14 multi-franchise auto dealerships located throughout Virginia and North Carolina – had customer information segmented throughout their CRM system at each dealership.
    • Call center agents lacked the technology to synthesize this information, leading customers to receive multiple and unrelated service calls.
    • Hall Automotive wanted to avoid embarrassing information gaps, integrate multiple CRM systems, and help agents focus on customers.
    • Hall Automotive utilized an inContact solution that included Automated Call Distributor, Computer Telephony Integration, and IVR technologies.
    • This created a complete customer-centric system that interfaced with multiple CRM and back-office systems.
    • The inContact solution simplified intelligent call flows, routed contacts to the right agent, and provided comprehensive customer information.
    • Call time decreased from five minutes to one minute and 23 seconds.
    • 350% increase in production.
    • Market response time down from three months to one day.
    • Cost per call cut from 83 cents to 23 cents.
    • Increased agents’ calls-per-hour from 12 to 43.
    • Scalability matched seasonal fluctuations in sales.

    2.2a Rate your functional and integration quality

    2 hours

    1. Using Tab 5 of Info-Tech’s Customer Service Systems Strategy Tool, evaluate the functionality of your applications.
    2. Then, use Tab 6 of the Customer Service Systems Strategy Tool to evaluate the integration of your applications.
    The image contains screenshots of the Customer Service Systems Strategy Tool.
    InputOutput
    • Applications Directors’ knowledge of the current state
    • IT Managers’ validation of this state
    • A documented evaluation of the organization’s application portfolio regarding functional and integration quality
    MaterialsParticipants
    • Customer Service Systems Strategy Tool
    • Applications Director
    • IT managers

    Download the Customer Service Systems Strategy Tool

    2.3 Revisit and refine the future-state business processes and list of requirements

    With a better understanding of the current state, determine whether the future-state models hold up. Ensure that the requirements are updated accordingly to reflect the full set of gaps identified.

    • Future-state versus current-state modeling is an iterative process.
    • By assessing the gaps between target state and current state, you may decide that:
      • The future state model was overly ambitious for what can reasonably be delivered in the near-term.
      • Core functions that exist today were accidentally omitted from the future state models and need to be incorporated.
      • There are systems or processes that your organization would like to salvage, and they must be worked into the future-state model.
    • Once the future state vision is stabilized, ensure that all gaps have been translated into business requirements.
      • If possible, categorize all gaps by functional and non-functional requirements.

    2.3a Compare states and propose action

    3 hours

    • Revisit Tab 9 of Info-Tech’s Customer Service Systems Strategy Tool to more accurately compare your organization’s current- and future-state business processes.
    • Ensure that gaps in the system architecture have been captured.
    The image contains a screenshot of the Customer Service Systems Strategy Tool.
    InputOutput
    • Modeled future- and current-state business processes
    • Refined and prioritized list of requirements
    • An accurate list of action steps for bridging current and future state business processes
    MaterialsParticipants
    • Whiteboard
    • Writing materials
    • Customer Service Systems Strategy Tool
    • Applications Director
    • IT managers

    Download the Customer Service Systems Strategy Tool

    2.3 Prioritize and finalize the requirements

    Prioritizing requirements will help to itemize initiatives and the timing with which they need to occur.

    Requirements are to be prioritized based on relative important and the timing of the respective initiatives.

    Prioritize the full set of requirements by assigning a priority to each:

    1. High/Critical: A critical requirement; without it, the product is not acceptable to the stakeholders.
    2. Medium/Important: A necessary but deferrable requirement that makes the product less usable but still functional.
    3. Low/Desirable: A nice feature to have if there are resources, but the product can function well without it.

    Requirements prioritization must be completed in collaboration with all key stakeholders (business and IT).

    Consider the following criteria when assigning the priority:

    • Business value
    • Business or technical risk
    • Implementation difficulty
    • Likelihood of success
    • Regulatory compliance
    • Relationship to other requirements
    • Urgency
    • Unified stakeholder agreement

    Stakeholders must ask themselves:

    • What are the consequences to the business objectives if this requirement is omitted?
    • Is there an existing system or manual process/workaround that could compensate for it?
    • Why can’t this requirement be deferred to the next release?
    • What business risk is being introduced if a particular requirement cannot be implemented right away?

    2.3b Document finalized requirements

    4 hours

    1. Using Tab 4 of Info-Tech’s Customer Service Systems Strategy Tool, evaluate your applications’ functionality, review, refine, prioritize, and finalize your requirements.
    2. Review the proposed future state diagrams in activity 2.3a and distill from them the business, functional, and non-functional requirements.
    3. The Applications Director and Customer Service Head are to identify participants based on the business processes that will be reviewed. They are to conduct a workshop to gather all the requirements that can be taken from the business process models.
    The image contains a screenshot of the Customer Service Systems Strategy Tool.
    InputOutput
    • Modeled future- and current-state business processes
    • Refined and prioritized list of requirements
    • A documented finalized list of requirements to achieve future state business processes
    MaterialsParticipants
    • Whiteboard
    • Writing materials
    • Customer Service Systems Strategy Tool
    • IT Applications Director
    • Customer Service Director
    • IT and Customer Service Representatives

    Download the Customer Service Systems Strategy Tool

    Phase 3

    Build Roadmap to Future State

    Phase 1

    Phase 2

    Phase 3

    1.1 Structure the Project

    1.2 Define Vision for Future State

    1.3 Document Preliminary Requirements

    2.1 Document Current State Business Processes

    2.2 Assess Current State Architecture

    2.3 Review and Finalize Requirements for Future State

    3.1 Evaluate Architectural and Application Options

    3.2 Understand the Marketplace

    3.3 Score and Plot Initiatives Along Strategic Roadmap

    This phase will guide you through the following activities:

    3.1a Analyze future architectural posture to understand how applications within the organization ought to be arranged.

    3.3a Develop a Customer Service IT Systems initiative roadmap to reach your future state.

    Participants required for Phase 3:

    • Applications Director
    • CIO
    • Customer Service Director
    • Customer Service Head
    • IT and Customer Service Representatives
    • IT Applications Director

    3.1a Analyze future architectural posture

    1 hour

    Review Tab 8 of the Customer Service Systems Strategy Tool.

    This tab plots each system that supports Customer Service on a 2x2 framework based on its functionality and integration scores. Where these systems plot on each 2x2 provides clues as to whether they should be considered for retention, functional enhancement (upgrade), increased system integration, or replacement.

    • Integrate: The application is functionally rich, so integrate it with other modules by building or enhancing interfaces.
    • Retain: The application satisfies both functionality and integration requirements, so it should be considered for retention.
    • Replace: The application neither offers the functionality sought, nor is it integrated with other modules.
    • Replace/Enhance: The module offers poor functionality but is well integrated with other modules. If enhancing for functionality is easy (e.g., through configuration or custom development), consider enhancement or replace it altogether.
    The image contains a screenshot of tab 8 of the Customer Service Systems Strategy Tool.
    InputOutput
    • Review Tab 8 of the Customer Service Systems Strategy Tool
    • An overview of how different applications in the organization ought to be assessed
    MaterialsParticipants
    • Customer Service Systems Strategy Tool
    • IT Applications Director
    • Customer Service Director
    • IT and Customer Service Representatives

    Download the Customer Service Systems Strategy Tool

    3.1 Interpret 3.1a’s results for next steps

    Involving both sales and marketing in these discussions will provide a 360-degree view on what the modifications should accomplish.

    If the majority of applications are plotted in the “Integrate” quadrant:

    The applications are performing well in terms of functionality but have poor integration. Determine what improvements can be made to enhance integration between the systems where required (e.g. re-working existing interfaces to accommodate additional data elements, automating interfaces, or creating brand new custom interfaces where warranted).

    If the applications are spread across “Integrate,” “Retain,” and “Replace/Enhance”:

    There is no clear recommended direction in this case. Weigh the effort required to replace/enhance/integrate specific applications critical for supporting processes. If resource usage for piecemeal solutions is too high, consider replacement with suite.

    If the majority of applications are plotted in the “Retain” quadrant:

    All applications satisfy both functionality and integration requirements. There is no evidence that significant action is required.

    If the application placements are split between the “Retain” and “Replace/Enhance” quadrants:

    Consider whether or not IT has the capabilities to execute application replacement procedures. If considering replacement, consider the downstream impact on applications that the system in question is currently integrated with. Enhancing an application usually implies upgrading or adding a module to an existing application. Consider the current satisfaction with the application vendor and whether the upgrade or additional module will satisfy your customer service needs.

    3.1 Work through architectural considerations to narrow future states

    Best-of-breeds vs. suite

    Integration and consolidation

    Deployment

    Does the organization only need a point solution or an entire platform of solutions?

    Does the current state enable interoperability between software? Is there room for rationalization?

    Should any new software be SaaS-based, on-premises, or a hybrid?

    Info-Tech Insight

    Decommissioning and replacing entire applications can put well-functioning modules at risk. Make sure to drill down into the granular features to assess if the feature level performance prompts change. The goal is to make the architecture more efficient for Customer Service and easier to manage for IT. If integration has been chosen as a course of action, make sure that the spend on resources and effort is less than that on system replacement. Also make sure that the intended architecture streamlines usability for agents.

    3.1 Considerations: Best-of-breeds vs. suite

    If requirements extend beyond the capabilities of a best-of-breed solution, a suite of tools may be required.

    Best-of-breed

    Suite

    Benefits

    • Features may be more advanced for specific functional areas and a higher degree of customization may be possible.
    • If a potential delay in real-time customer data transfer is acceptable, best-of-breeds provide a similar level of functionality to suites for a lower price.
    • Best-of-breeds allow value to be realized faster than suites, as they are easier and faster to implement and configure.
    • Rip and replace is easier and vendor updates are relatively quick to market.

    Benefits

    • Everyone in the organization works from the same set of customer data.
    • There is a “lowest common denominator” for agent learning as consistent user interfaces lower learning curves and increase efficiency in usage.
    • There is a broader range of functionality using modules.
    • Integration between functional areas will be strong and the organization will be in a better position to enable version upgrades without risking invalidation of an integration point between separate systems.

    Challenges

    • Best-of-breeds typically cover less breadth of functionality than suites.
    • There is a lack of uniformity in user experience across best-of-breeds.
    • Data integrity risks are higher.
    • Variable infrastructure may be implemented due to multiple disparate systems, which adds to architecture complexity and increased maintenance.
    • There is potential for redundant functionality across multiple best-of-breeds.

    Challenges

    • Suites exhibit significantly higher costs compared to point solutions.
    • Suite module functionality may not have the same depth as point solutions.
    • Due to high configuration availability and larger-scale implementation requirements, the time to deploy is longer than point solutions.

    3.1 Considerations: Integration and consolidation

    Use Tab 7 of Info-Tech’s Customer Service Systems Strategy Tool to gauge the need for consolidation.

    IT benefits

    • Decreased spend on infrastructure, application acquisition, and development.
    • Reduced complexity in vendor management.
    • Less resources and effort spent on internal integration and functional customization.

    Customer Service benefits

    • Reduced user confusion and application usage efficiency.
    • Increased operational visibility and ease process mapping.
    • Improved data management and integrity.

    Theoretical scenarios and recommendations

    The image contains a screenshot of an example of a customer service functional purpose.

    Problem:

    • Large Redundancy – multiple applications address the same function, but one application performs better than others.

    Recommendation:

    • Consolidate the functions into Application 1 and consider decommissioning Applications 2 to 4.
    The image contains a screenshot of an example of a customer service functional purpose.

    Problem:

    • Large Redundancy – multiple applications address the same function, but none of them do it well.

    Recommendation:

    • None of the applications perform well in functional support. Consider replacing with suite or leveraging the Application 3 vendor for functional module expansion, if feasible.

    3.1 Considerations: Deployment

    SaaS is typically recommended as it reduces IT support needs. However, customization limitations and higher long-term TCO values continue to be a challenge for SaaS.

    On-premises deployment

    Hybrid deployment

    Public cloud deployment

    Benefits

    • Solution and deployment are highly customizable.
    • There are fewer compliance and security risks because customer data is kept on premises.

    Challenges

    • There is slower physical deployment.
    • Physical hardware and software are required.
    • There are higher upfront costs.

    Benefits

    • Pick-and-mix which aspects to keep on premises and which to outsource.
    • Benefits of scaling and flexibility for outsourced solution.

    Challenges

    • Expensive to maintain.
    • Requires in-house skillset for on-premises option.
    • Some control is lost over outsourced customization.

    Benefits

    • Physical hardware is not required.
    • There is rapid deployment, vendor managed product updates, and server maintenance.
    • There are lower upfront costs.

    Challenges

    • There is higher TCO over time.
    • There are perceived security risks.
    • There are service availability and reliability risks.
    • There is limited customization.

    3.1 Considerations: Public cloud deployment

    Functionality is only one aspect of a broader range of issues to narrow down the viability of a cloud-based architecture.

    Security/Privacy Concerns:

    Whether the data is stored on premise or in the cloud, it is never 100% safe. The risk increases with a multi-tenant cloud solution where a single vendor manages the data of multiple clients. If your data is particularly sensitive, heavily scrutinize the security infrastructure of potential vendors or store the data internally if internal security is deemed stronger than that of a vendor.

    Location:

    If there are individuals that need to access the system database and work in different locations, centralizing the system and its database in the cloud may be an effective approach.

    Compatibility:

    Assess the compatibility of the cloud solutions with your internal IT systems. Cloud solutions should be well-integrated with internal systems for data flow to ensure efficiency in service operations.

    Cost/Budget Constraints:

    SaaS allows conversion of up-front CapEx to periodic OpEx. It assists in bolstering a business case as costs in the short-run are much more manageable. On-premise solutions have a much higher upfront TCO than cloud solutions. However, the TCO for the long-term usage of cloud solutions under the licensing model will exceed that of an on-premise solution, especially with a growing business and user base.

    Functionality/Customization:

    Ensure that the function or feature that you need is available on the cloud solution market and that the feature is robust enough to meet service quality standards. If the available cloud solution does not support the processes that fit your future-state vision and gaps, it has little business value. If high levels of customization are required to meet functionality, the amount of effort and cost in dealing with the cloud vendor may outweigh the benefits.

    Maintenance/Downtime:

    For most organizations, lapses in cloud-service availability can become disastrous for customer satisfaction and service quality. Organizations should be prepared for potential outages since customers require constant access to customer support.

    3.2 Explore the customer service technology marketplace

    Your requirements, gap analysis, and assessment of current applications architecture may have prompted the need for a new solutions purchase.

    • Customer service technology has come a long way since PABX in 1960s call centers. Let Info-Tech give you a quick overview of the market and the major systems that revolve around Customer Service.
    • The image contains a screenshot of a timeline of the market and major systems that revolve  around customer service.

    Info-Tech Insight

    While Customer Relationships Management systems interlock several aspects of the customer journey, best-of-breed software for specific aspects of this journey could provide a better ROI if the organization’s coverage of these aspects are only “good enough” and need boosting.

    3.2 The CRM software market will continue to grow at an aggressive rate

    • In recent years, CRM suite solutions have matured significantly in their customer support capabilities. Much of this can be attributed to their acquisitions of smaller best-of-breed Customer Service vendors.
    • Many of the larger CRM solutions (like those offered by Salesforce) have now added social media engagement, knowledge bases, and multi-channel capabilities into their foundational offering.
    • CRM systems are capable of huge sophistication and integration with the core ERP, but they also have heavy license and implementation costs, and therefore may not be for everyone.
    • In some cases, customers are looking to augment upon very specific capabilities that are lacking from their customer service foundation. In these cases, best-of-breed solutions ought to be integrated with a CRM, ERP, or with one another through API integration.
    The image contains a screenshot of a graph that demonstrates the CRM global market growth, 2019-2027.

    3.2 Utilize SoftwareReviews to focus on which CS area needs enhancing

    Contact Center as a Service (CCaaS)

    Cloud-based customer experience solution that allows organizations to utilize a provider’s software to administer incoming support or inquiries from consumers in a hosted, subscription model.

    Customer Service Management (CSM)

    Supports an organization's interaction with current and potential customers. It uses data-driven tools designed to help organizations drive sales and deliver exceptional customer experiences.

    Customer Intelligence Platform

    Gather and analyze data from both structured and unstructured sources regarding your customers, including their demographic/firmographic details and activities, to build deeper and more effective customer relationships and improve business outcomes.

    Enterprise Social Media Management

    Software for monitoring social media activity with the goal of gaining insight into user opinion and optimizing social media campaigns.

    Customer Relationship Management (CRM)

    Consists of applications designed to automate and manage the customer life cycle. CRM software optimizes customer data management, lead tracking, communication logging, and marketing campaigns.

    Virtual Assistants and Chatbots

    interactive applications that use Artificial Intelligence (AI) to engage in conversation via speech or text. These applications simulate human interaction by employing natural language input and feedback.

    3.2 SoftwareReviews’ data accelerates and improves the software selection process

    SoftwareReviews collects and analyzes detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

    With SoftwareReviews:

    • Access premium reports to understand the marketspace of 193 software categories.
    • Compare vendors with SoftwareReviews’ Data Quadrant Reports.
    • Discover which vendors have better customer relations management with SoftwareReviews’ Emotional Footprint Reports.
    • Explore the Product Scorecards of single vendors for a detailed analysis of their software offerings.
    The image contains a screenshot of the Software Reviews offerings.

    3.2 Speak with category experts to dive deeper into the vendor landscape

    Fact-based reviews of business software from IT professionals.

    Product and category reports with state-of-the-art data visualization.

    Top-tier data quality backed by a rigorous quality assurance process.

    User-experience insight that reveals the intangibles of working with a vendor.

    CLICK HERE to access SoftwareReviews

    Comprehensive software reviews to make better IT decisions.

    We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

    SoftwareReviews is powered by Info-Tech.

    Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive unbiased data on today’s technology. The insights of our expert analysts provide unparalleled support to our members at every step of their buying journey.

    3.2 Leverage Info-Tech’s Rapid Application Selection Framework

    Improve your key software selection metrics for best-of-breed customer service software.

    The image contains a screenshot of an example of Info-Tech's Rapid Application Selection Framework.

    A simple measurement of the number of days from intake to decision.

    Use our Project Satisfaction Tool to measure stakeholder project satisfaction.

    Use our Application Portfolio Assessment Tool annually to measure application satisfaction.

    Use our Contract Review Service to benchmark and optimize your technology spending.

    Learn more about Info-Tech’s The Rapid Application Selection Framework

    The Rapid Application Selection Framework (RASF) is best geared toward commodity and mid-tier enterprise applications

    Not all software selection projects are created equal – some are very small, some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you’re looking to select. The RASF approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology described in Implement a Proactive and Consistent Vendor Selection Process.

    RASF Methodology

    Commodity & Personal Applications

    • Simple, straightforward applications (think OneNote vs. Evernote)
    • Total application spend of up to $10,000; limited risk and complexity
    • Selection done as a single, rigorous, one-day session

    Complex Mid-Tier Applications

    • More differentiated, department-wide applications (Marketo vs. Pardot)
    • Total application spend of up to $100,000; medium risk and complexity
    • RASF approach done over the course of an intensive 40-hour engagement

    Consulting Engagement

    Enterprise Applications

    Sophisticated, enterprise-wide applications (Salesforce vs. Dynamics)

    Total application spend of over $100,000; high risk and complexity

    Info-Tech can assist with tailored, custom engagements

    3.3 Translate gathered requirements and gaps into project-based initiatives

    Identify initiatives that can address multiple requirements simultaneously.

    The Process

    • You now have a list of requirements from assessing business processes and the current Customer Service IT systems architecture.
    • With a viable architecture and application posture, you can now begin scoring and plotting key initiatives along a roadmap.
    • Group similar requirements into categories of need and formulate logical initiatives to fulfill the requirements.
    • Ensure that all requirements are related to business needs, measurable, sufficiently detailed, and prioritized, and identify initiatives that meet the requirements.

    Consider this case:

    Paul’s organization, a midsize consumer packaged goods retailer, needs to monitor social media for sentiment, use social analytics to gain intelligence, and receive and respond to inquiries made over Twitter.

    The initiative:

    Implement a social media management platform (SMMP): A SMMP is able to deliver on all of the above requirements. SMMPs are highly capable platforms that have social listening modules and allow costumer service representatives to post to and monitor social media.

    3.3 Prioritize your initiatives and plan the order of rollout

    Initiatives should not and cannot be tackled all at once. There are three key factors that dictate the prioritization of initiatives.

    1. Value
      • What is the monetary value/perceived business value?
      • Are there regulatory or security related impacts if the initiative is not undertaken?
      • What is the time to market and is it an easily achievable goal?
      • How well does it align with the strategic direction?
    2. Risk
      • How technically complex is it?
      • Does it impact existing business processes?
      • Are there ample resources and right skillsets to support it?
    3. Dependencies
      • What initiatives must be undertaken first?
      • Which subsequent initiatives will it support?

    Example scenario using Info-Tech’s Initiative Scoring and Roadmap Tool

    An electronics distributor wants to implement social media monitoring and response. Its existing CRM does not have robust channel management functions. The organization plans to replace its CRM in the future, but because of project size and impact and budgetary constraints, the replacement project has been scheduled to occur two years from now.

    • The SMMP solution proposed for implementation has a high perceived value and is low risk.
    • The CRM replacement has higher value, but also carries significantly more risk.
    • Option 1: Complete the CRM replacement first, and overlay the social media monitoring component afterward (as the SMMP must be integrated with the CRM).
    • Option 2: Seize the easily achievable nature of the SMMP initiative. Implement it now and plan to re-work the CRM integration later.
    The image contains a screenshot of an example scenario using Info-Tech's Initiative Scoring and Roadmap Tool.

    3.3a Develop a Customer Service IT Systems initiative roadmap

    1 hour

    • Complete the tool as a team during a one-hour meeting to collaborate and agree on criteria and weighting.
      1. Input initiative information.
      2. Determine value and risk evaluation criteria.
      3. Evaluate each initiative to determine its priority.
      4. Create a roadmap of prioritized initiatives.
    The image contains a screenshot of the Customer Service Initiative Scoring and Roadmap Tool.
    InputOutput
    • Input the initiative information including the start date, end date, owner, and dependencies
    • Adjust the evaluation criteria, i.e., the value and risk factors
    • A list of initiatives and a roadmap toward the organization’s future state of Customer Service IT Systems
    MaterialsParticipants
    • Customer Service Initiative Scoring and Roadmap Tool
    • Applications Director
    • CIO
    • Customer Service Head

    Download the Customer Service Initiative Scoring and Roadmap Tool

    Document and communicate the strategy

    Leverage the artifacts of this blueprint to summarize your findings and communicate the outcomes of the strategy project to the necessary stakeholders.

    Document Section

    Proposed Content

    Leverage the Following Artifacts

    Executive Summary

    • Introduction
    • The opportunity
    • The scope
    • The stakeholders
    • Project success measures

    Project Charter section:

    • 1.1 Project Overview
    • 1.2 Project Objectives
    • 1.3 Project Benefits
    • 2.0 Scope

    Project RACI Chart Tool:

    • Tab 3. Simplified Output
    The image contains screenshots from the Project Charter, and the RACI Chart Tool.

    Background

    • The project approach
    • Current situation overview
    • Results of the environmental scan

    Blueprint slides:

    • Info-Tech’s methodology to develop your IT Strategy for CS Systems
    The image contains a screenshot from the blueprint slides.

    Future-State Vision

    • Customer service goals
    • Future-state modeling findings

    Customer Service Business Process Shortlisting Tool:

    • Tab 2. Customer Service Goals
    • Tab 5. Level 5 Process Inventory

    Future State Business Process Models

    The image contains screenshots from the Customer Service Business Process Shortlisting Tool.

    Current Situation

    • Current-state modeling findings
    • Current-state architecture findings
    • Gap assessment
    • Requirements

    Customer Service Systems Strategy Tool:

    • Tab 2. Inventory of Applications
    • Tab 7. Systems Health Heat Map
    • Tab 8. Systems Health Dashboard
    • Tab 9. Future vs. Current State
    • Tab 4. Requirements Collection
    The image contains screenshots from the Customer Service Systems Strategy Tool.

    Summary of Recommendations

    • Optimization opportunities
    • New capabilities

    N/A

    IT Strategy Implementation Plan

    • Implementation plan
    • Business case

    Customer Service Initiative Scoring and Roadmap Tool:

    • Tab 2. CS Initiative Definition
    • Tab 4. CS Technology Roadmap
    The image contains screenshots from the Customer Service Initiative Scoring and Roadmap Tool.

    Summary of Accomplishment

    Develop an IT Strategy to Support Customer Service

    With ecommerce accelerating and customer expectations rising with it, organizations must have an IT strategy to support Customer Service.

    The deliverable you have produced from this blueprint provides a solution to this problem: a roadmap to a desired future state for how IT can ground an effective customer service engagement. From omnichannel to self-service, IT will be critical to enabling the tools required to digitally meet customer needs.

    Begin implementing your roadmap!

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Related Info-Tech Research

    Deliver a Customer Service Training Program to Your IT Department

    • One training session is not enough to make a change. Leaders must embed the habits, create a culture of engagement and positivity, provide continual coaching and development, regularly gather customer feedback, and seek ways to improve.

    Build a Chatbot Proof of Concept

    • When implemented effectively, chatbots can help save costs, generate new revenue, and ultimately increase customer satisfaction for both external- and internal-facing customers.

    The Rapid Application Selection Framework

    • Application selection is a critical activity for IT departments. Implement a repeatable, data-driven approach that accelerates application selection efforts.

    Bibliography (1/2)

    • Callzilla. "Software Maker Compares Call Center Companies, Switches to Callzilla After 6 Months of Results." Callzilla. N.d. Accessed: 4 Jul. 2022.
    • Cisco. “Transforming Customer Service.” Cisco. 2018. Accessed: 8 Feb. 2021.
    • Gottlieb, Giorgina. “The Importance of Data for Superior Customer Experience and Business Success.” Medium. 23 May 2019. Accessed: 8 Feb. 2021.
    • Grand View Research. “Customer Relationship Management Market Size, Share & Trends Analysis Report By Solution, By Deployment, By Enterprise Size, By End Use, By Region, And Segment Forecasts, 2020 – 2027.” Grand View Research. April 2020. Accessed: 17 Feb. 2021.
    • inContact. “Hall Automotive Accelerates Customer Relations with inContact.” inContact. N.d. Accessed: 8 Feb. 2021.
    • Kulbyte, Toma. “37 Customer Experience Statistics to Know in 2021.” Super Office. 4 Jan. 2021. Accessed: 5 Feb. 2021.
    • Kuligowski, Kiely. "11 Benefits of CRM Systems." Business News Daily. 29 Jun. 2022. Accessed: 4 Jul. 2022.
    • Mattsen Kumar. “Ominchannel Support Transforms Customer Experience for Leading Fintech Player in India.” Mattsen Kumar. 4 Apr. 2020. Accessed: 8 Feb. 2021.
    • Microsoft. “State of Global Customer Service Report.” Microsoft. Mar. 2019. Accessed: 8 Feb. 2021.
    • Ringshall, Ben. “Contact Center Trends 2020: A New Age for the Contact Center.” Fonolo. 20 Oct. 2020. Accessed 2 Nov. 2020.
    • Salesforce. “State of Service.” Salesforce. 4th ed. 2020. Accessed: 8 Feb. 2021.
    • Sopadjieva, Emma, Utpal M. Dholakia, and Beth Benjamin. “A Study of 46,000 Shoppers Shows That Omnichannel Retailing Works.” Harvard Business Review. 3 Jan. 2017. Accessed: 8 Feb. 2021.

    Bibliography (2/2)

    • Tech Pro Research. “Digital Transformation Research Report 2018: Strategy, Returns on Investment, and Challenges.” Tech Pro Research. 29 Jul. 2018. Accessed: 5 Feb. 2021.
    • TSB. “TSB Bank Self-Serve Banking Increases 9% with Adobe Sign.” TSB. N.d. Accessed: 8 Feb. 2021.
    • VoiceSage. “VoiceSage Helps Home Retail Group Transform Customer Experience.” VoiceSage. 4 May 2018. Accessed: 8 Feb. 2021.

    Select and Prioritize Digital Initiatives

    • Buy Link or Shortcode: {j2store}102|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    The business has embarked on its digital transformation journey. As CIO, you are being relied on to help triage what is most important – initiatives that will move the needle to achieve and fulfill the digital goals and ambitions of the organization.

    • If selection criteria are not identified and well defined, then digital initiatives risk being misprioritized or, worse yet, incorrectly labelled as having high ROI.
    • Like any other project, net-new digital initiatives must be triaged according to the value they bring to the organization.
    • Just as importantly, the complexity of each initiative must also be weighed as a critical factor of success.

    Our Advice

    Critical Insight

    Once the scope of the digital strategy and its goals are finalized, the heavy lifting begins. CIOs must prepare for this change by evaluating opportunities and prioritizing which will become digital initiatives.

    Impact and Result

    By using an appropriate selection process, CIOs can prioritize the digital initiatives that will matter most to the organization and drive business value.

    Select and Prioritize Digital Initiatives Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Select and Prioritize Digital Initiatives Storyboard – A step-by-step document that walks you through how to prepare an IT department to embrace innovation and support the organization’s digital initiatives.

    Part of Info-Tech’s seven-phase approach for aligning IT with the business’ digital strategy, this deck focuses the core and enabling initiatives that define IT’s innovation goals. By the end of this deck, the IT leader will have a roadmap of prioritized initiatives that enable the organization’s digital business initiatives.

    • Select and Prioritize Digital Initiatives Storyboard
    [infographic]

    Further reading

    Select and Prioritize Digital Initiatives

    Build your digital investment business case.

    Info-Tech Research Group

    Info-Tech is a provider of best-practice IT research advisory services that make every IT leader’s job easier.
    35,000 members sharing best practices you can leverage. Millions spent annually developing tools and templates. Leverage direct access to over 100 analysts as an extension of your team. Use our massive database of benchmarks and vendor assessments. Get up to speed in a fraction of the time.

    Key Concepts

    Digital initiative

    A project – or a group of interdependent projects – whose primary purpose is to enable digital technologies and/or digital business models. These technologies and models may be net new to the organization, or they may be existing ones that are optimized and improved by the initiative itself.

    The feasibility of any initiative is gauged by answering:

    • What amount of return on investment (ROI) or value does it bring to the organization?
    • What level of complexity does it pose to project execution?
    • To what extent does it solve a problem or leverage an opportunity?
    • To what degree is it aligned with digital business goals?

    Digital strategy

    The plan to deploy existing/emerging technologies to look at developing new products and services, new business models, and operational efficiency to meet or exceed performance targets.

    IT strategy

    The plan for deploying and maintaining applications, hardware, infrastructure, and IT services that support the business goals in a secure/regulatory-compliant manner to ensure reliability.

    Digital transformation

    Digital transformation is an at-scale change program – planned and executed over a finite time period – with the aspiration of creating material and sustainable improvement in the performance of an organization. Techniques include deploying a programmatic approach to innovation along with enabling technologies, capabilities, and practices that drive efficiency and create new products, markets, and business models.

    Your Challenge

    • Once the scope of the digital strategy and its goals are finalized, the heavy lifting begins.
    • The CIO must prepare for this change by evaluating opportunities and prioritizing which will become digital initiatives.
    • But where to start with prioritization? What should the selection criteria be?
    • To answer these all-important questions, the CIO must identify what success actually looks like.

    Common Obstacles

    • If selection criteria are not identified and well-defined, then digital initiatives risk being neglected or worse yet, incorrectly labelled as having high ROI.
    • Like any other project, net-new digital initiatives must be triaged according to the value they bring to the organization.
    • Just as importantly, the complexity of each initiative must also be weighed as a critical factor of success.

    Solution

    • Determine and set your selection criteria by leveraging the matrix provided in this deck.
    • Evaluate each proposed initiative against this repeatable process in order to test your assumptions.
    • Develop a business case for each high priority digital initiative that captures its benefits and business value.
    • Assemble your prioritized list of digital initiatives to present to stakeholders.

    Info-Tech Insight

    The business has embarked on its digital transformation journey. As CIO, you are being relied on to help triage what is most important – initiatives that will move the needle to achieve and fulfill the digital goals and ambitions of the organization.

    Analyst Perspective

    Prioritization follows ideation, and it’s not always easy.

    Ross Armstrong

    Your stakeholders have spent considerable time and effort identifying and articulating a digital business strategy. Now that ideas have turned into opportunities, the CIO must prioritize those opportunities as actual initiatives. Where to begin?

    Your first task is to identify the criteria that will be used to conduct prioritization activities. These criteria should be immutable and rigorously applied.

    Your second task will be to develop business cases for each opportunity that passes muster. But don’t worry, you won’t need an MBA to get the job done properly.

    Ross Armstrong

    Principal Research Director
    Info-Tech Research Group

    Info-Tech’s digital transformation journey

    Info-Tech’s digital transformation journey: 1 - Visualize the art of the digitally possible, 2 - Evolve your digital business strategy, 3 - Execute with confidence

    Info-Tech's digital transformation journey for industry members. Table shows the stakeholders, advisory support and deliverables for each industry members

    By now, you have established your current strategic context

    You have reviewed trends to reimagine the future of your industry and undertaken a digital maturity assessment to validate your business objectives and innovation goals. Now you need to evolve the current scope of your digital vision and opportunities.

    • Phase 1.1: Industry Trends Report

    • Phase 1.2: Digital Maturity Assessment

    • Phase 2.1: Zero In on Business Objectives

    By this point you have leveraged industry roundtables to better understand the art of the possible – exploring global trends, shifts in market forces or industry, customer needs, emerging technologies, and economic forecasts and creating opportunities out of these disruptions.

    In Phase 2.1, you identified your business and innovation goals and documented your current capabilities, prioritized for transformation.

    Business and innovation goals have been established through stakeholder interviews and business document review.

    Current capabilities have been prioritized for transformation and heat mapped.

    You have also formalized your digital strategy

    Throughout the course of Phase 2.2, you identified new digital opportunities, identified the business capabilities required to capitalize those opportunities, and updated the digital goals of your organization, accordingly.

    An example of a formalized digital strategy from Phase 2.2.

    The end result of this exercise is a new goals cascade that aligns digital goals and capabilities with those of the business. Digital initiatives were also identified but not yet selected or prioritized for execution at the project level.

    Now you will select and prioritize digital initiatives

    The goal of this phase is to ensure that initiatives that are green-lit for execution have been successfully assessed against your chosen criteria and that the business case for each initiative is firmly established and documented.

    Info-Tech’s digital transformation journey for industry members.

    There are three key activities outlined here that describe the actions that can be undertaken by industry members to help select and prioritize digital initiatives for the business.

    1. Identify your selection criteria

    2. Evaluate initiatives against criteria

    3. Determine a prioritized list of initiatives

    Info-Tech’s approach

    1

    Identify your selection criteria

    • Define what viability actually looks like.
    • Conduct an evaluation session to test your assumptions
    2

    Evaluate initiatives against criteria

    • Evaluate and validate an initiative to determine its viability.
    • Map the benefits and value proposition for each initiative.
    • Build a business case and profile for each selected initiative.
    3

    Determine a prioritized list of initiatives

    • Finalize your initiatives list and compile all relevant information.
    • Communicate the list to stakeholders.

    Step 1: Identify Your Selection Criteria

    Understand which conditions must be met in order to turn an opportunity into a digital initiative.

    Step 1: Identify Your Selection Criteria

    Step 1

    Identify Your Selection Criteria

    1.1

    Define what "viable" looks like

    Set criteria types and thresholds.

    It is impossible to gauge whether or not an opportunity is worthwhile if you don’t have a yardstick to measure it by. However, what is viable for one organization in a particular industry may not be viable for a company elsewhere.

    Consider:
    • Use the criteria already set forth in this deck.
    • If for any reason you cannot use these criteria, work with stakeholders to establish viability factors that suit both the business and IT.
    Avoid:
    • Vague language when establishing your own criteria.
    • Ambiguity in both measures and their definitions. Be crystal clear.

    1.2

    Conduct an evaluation session

    Test your assumptions by piloting prioritization.

    Select an initiative from one of the opportunity profiles from Phase 2.2 and run it through the selection criteria. From there, determine if your assumptions are sound. If not, tweak the criteria and test again until all stakeholders have confidence in the process.

    Consider:
    • Most if not all projects must go through the IT project management office (PMO) or project management leader, so why not create a “digital-only” track for digital business initiatives?
    • Which digital initiatives also represent a sound strategic fit to the organization?
    • Have we undertaken previous projects that are similar? Were those successful? Why or why not?
    Avoid:
    • Making too many initiatives high priority. IT resources are limited, so be ruthless.
    • Taking on too many initiatives at once. Most IT organizations can only work on a small number at any given time.

    Use these selection criteria to prioritize initiatives

    Ideas matter, but not all ideas are created equal. Now that you have elicited ideas and identified opportunities, discuss the assumptions, risks, and benefits associated with each proposed digital business initiative.

    Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Prioritize opportunities into initiatives

    Recall that the opportunities identified in Phase 2.2 also became proposed digital initiatives demonstrated in your goals cascade.

    In your discussion, evaluate each opportunity through a matrix to create tension between value and complexity or other dimensions. Capture the information based on measurable business benefits-realization; risks or considerations; assumptions; and competencies, talent, and assets needed to deliver.

    Prioritize opportunities into Initiatives. For example: new digital products and services, intelligent fleet management via automation, ERP automation etc.

    Leverage opportunity profiles from your digital strategy

    To start, take one of the opportunity profiles you created in Phase 2.2, Build Your Digital Vision and Strategy, and use it throughout the following steps. Once done, repeat with the next opportunity profile until all have been vetted against criteria. If you did not use Info-Tech’s approach, simply use whatever list of digital business opportunities provided to you from stakeholders.

    Robotic process automation Template.

    Prioritization Criteria

    Run each initiative through the following evaluation criteria. When finished, any opportunities that appear in the top left quadrant (high value/low complexity) are now your highest priority digital initiatives.

    Instructions:

    Assign each initiative a letter. As you decide on each one, move a copy of the circled letter to its appropriate place on the 2x2 selection matrix.

    List of digital opportunities.

    Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Info-Tech Insight

    Evaluation should be based on the insights from analysis across all criteria. Leverage group discussion to help contextualize and challenge assumptions when validating opportunities.

    Digital initiative ≠ IT project

    Every idea is a good one, unless you need one that works. What “works” as a digital initiative is not the same thing as a straightforward IT project that would be typically managed by a project manager or PMO. These latter projects will be addressed in Phase 3.1 of the digital journey.

    Opportunities and business needs > Business model > Impact > Mandatory > Innovation path forward

    Digital Track

    Focus: Transform the business and operations

    1. Problem may not be well defined.
    2. “Initiative” is not clear.
    3. Based on market research, customer needs, trend analysis, and economic forecast, risk to the business if fit-for-purpose initiative is not identified.
    4. Previous delivery results not as expected, or uncertain how to continue the project.
    5. Highly complex with significant impact to transform the business or operations.
    6. Execution approach is not clear.
    7. Capabilities may not exist within IT.

    IT PMO

    1. Emerging technology trends create opportunities to modernize IT, not transform business.
    2. Problem is well defined and understood.
    3. Initiative is clearly identified.
    4. New IT project.
    5. Can be complex but does not transform the business.
    6. Standard PMP approach is a good fit.
    7. Capabilities exist to execute within IT.
    8. Software vendor or systems integrator is initiative provider.

    Step 2: Evaluate Initiatives Against Criteria

    Ruthlessly prioritize which opportunities will deliver the greatest business value and pose the best chance of success.

    Step 2: Evaluate initiatives against criteria.

    Step 2

    Evaluate Initiatives Against Criteria

    2.1

    Evaluate and validate

    Evaluate and validate (or invalidate) opportunities.

    Now that you have tested and refined the selection criteria, take each opportunity profile from Phase 2.2 and run it through its paces. Once plotted on the 2x2 matrix, you will have a clear and concise view of high priority digital initiatives.

    Consider:
    • What are the timing, relevance, and impact of each initiative being evaluated?
    • What are the merits of each opportunity?
    • What are the extent and reach of their impacts?
    Avoid:
    • Guesswork. Stick with what you know based on the available information and data at hand.

    2.2

    Determine benefits

    Document benefits and value proposition.

    Identify and determine the benefits of each high priority initiative, including the benefit type (e.g. observable, financial, etc.). In addition, discuss and articulate the value proposition for each high priority initiative.

    Consider:
    • Tangible and intangible benefits.
    • Creating a vision statement for each initiative selected as high priority.
    Avoid:
    • Don’t reach too much when identifying benefits. Be realistic.

    2.3

    Make your case

    Build a business case for each initiative.

    Once you have enunciated the value and benefits of each high priority initiative, create a business case and profile for each one that includes known costs, risks, and so on. These materials will be crucial for project execution and IT capability planning in Phase 2.3 of your digital journey.

    Consider:
    • All forms of costs, both in terms of time, labor, and physical assets and resources.
    • Stick with a short-form business case for now to save time. You can always expand it into full-form business case later on, if necessary.
    Avoid:
    • Generalities. Be conservative in your estimates and keep them grounded in what has transpired in past initiatives at the organization.

    Exemplar: Prioritization criteria

    Your prioritization matrix should look something like this. Initiatives B and C will now have short-form business cases developed for them. Initiatives in the “Should Plan” quadrant can be dealt with later.

    List of initiatives for digital opportunities. Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Draw information from the opportunity profiles

    You created opportunity profiles in Phase 2.2 to clarify, validate and evaluate specific ideas for digital initiatives. In these profiles, you considered the timing, relevance, and impact of those opportunities.

    Some prioritized initiatives will have an immediate and significant impact on your business. Some may have a significant impact, but on a longer timeline. Understanding this is important context for your overall digital business strategy.

    Above all, you must be able to communicate to stakeholders how the newly prioritized digital initiatives are relevant to driving the strategic growth of the business.

    Start by elucidating further on initiative benefits and business value as outlined in the opportunity profile. This will become crucial for completing your next step – building a short-form business case for each prioritized initiative.

    Robotics Process Automation Template. Benefits and outcomes as well as incremental value are highlighted. The next slide is a template for the short-form business case, while the slides after that contain instructions on how to fill out each section of the business case.

    Short-Form Business Case Template

    Short form business case template. Shows value proposition, initiative benefits and initiative roadmap.

    Prepare your business case for each initiative

    Tasks:

    1. On a whiteboard, draw the visual initiative canvas supplied below.
    2. For each prioritized initiative, leverage its opportunity profile (if used) to list the resulting customer or stakeholder products/services and its pain relievers and gain creators in the associated sections of the canvas.
    3. Ensure that the top pains, gains, and jobs are addressed by products/services, pain relievers, and gain creators.
    4. Use this information as a basis for further exercises in this section, such as defining benefits, articulating value proposition and vision, and cost estimates.
    Initiative canvas example.

    Input

    • The initiative’s opportunity profile from Phase 2.2 of the Digital Journey series (if used)

    Output

    • Short-form initiative business case

    Materials

    • Whiteboard and markers

    Participants

    • Opportunity owner
    • Opportunity group/team

    Expand on the key benefits of each initiative

    Business cases are not just a vehicle with which to acquire resources for investments, they are a mechanism that helps ensure the benefits of an investment are realized. To accomplish this, a business case must have a set of clearly defined benefits, combined with an understanding of how they will be measured and an explicitly stated beneficiary who can corroborate that the benefit has been realized.

    What is a benefit?

    Benefits are the advantages, or outcomes, that specific groups or individuals realize as a result of the proposed initiative’s implementation.

    Initiative inputs

    Initiative inputs are the time, resources, and scope dedicated to the endeavor of implementing an initiative.

    Benefits of initiative and initiative inputs diagram.

    Identify how to measure benefit achievement

    Benefits are realized when an organization either starts doing something new, stops doing something, or improves the way something is already being done. The impact of these changes must be measured in order to determine whether the change is positive and if the case warrants more resources in order to scale.

    Types of benefits

    • Observable: These are measured by opinion or judgement.
    • Measurable: These can be identified when there is an existing measure in place for the benefit (or when one can be easily created).
    • Quantifiable: Similar to measurable benefits; however, these benefits additionally feature size or magnitude (if it can be reliably estimated).
    • Financial: These are benefits that can be communicated in monetary terms. A benefit should only be classified as financial when sufficient evidence is available to show that the stated value is likely to be achieved.

    Benefit owners and responsibilities

    1. Each benefit should have assigned to it an explicit owner who gains an advantage as a result of the initiative’s implementation.
    2. For most benefits, the owner will be the primary beneficiary of the initiative.
    3. These individuals are the ones who must corroborate that a benefit has been realized.
    4. Assigning an owner to each benefit will foster a sense of accountability in terms of benefits realization and will also create a traceable path that helps track the success of the initiative.

    Complete the benefits section of the business case

    Tasks:

    1. Use the Short-Form Business Case Template included in this deck.
    2. Arrange a meeting with the key beneficiary or beneficiaries of your initiative. Refer back to the benefits and outcomes section of the initiative’s opportunity profile (if used) as a starting point.
    3. Clearly define what the key benefits of your initiative will be and list them in the Short-Form Business Case Template.
    4. Assign an owner to each benefit – the individual who will corroborate that the benefit has accrued.
    5. Come to a mutual agreement with the beneficiaries as to whether each benefit is:
      • Financial
      • Quantifiable
      • Measurable
      • Observable
    6. Discuss and list the methods that will be used to measure each benefit and list them in the Short-Form Business Case Template.

    Input

    • Key benefits of the initiative, how they will be measured, and who owns the benefits

    Output

    • Completed benefits section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Key beneficiary

    Craft value proposition and vision statements

    The way one articulates the value an initiative provides is just as important as the initiative itself. Use the previous exercises as inputs to craft a statement that reflects the value your initiative will provide, but also describes how the initiative will create value. Specifically, a value proposition should answer the following questions:

    1. Who is the initiative for?
    2. What is the initiative?
    3. What does the initiative do?
    4. How is the initiative different from others?

    Complete value prop and vision statement sections of the business case

    Tasks:

    1. Having already completed the benefits section of the Short-Form Business Case Template, turn your attention to the value proposition section.
    2. Using your problem and initiative canvases, in addition to the benefits section, craft a value proposition statement that answers the following questions in one or two sentences:
      • Who is the initiative for?
      • What is the initiative?
      • What does the initiative do?
      • How is the initiative different?
    3. Input the value proposition statement into the value proposition section of the Short-Form Business Case Template.

    Input

    • Initiative canvas
    • Benefits section of the Short-Form Business Case Template

    Output

    • Completed value proposition section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Opportunity group/team

    Identify initiative steps and add to business case

    Tasks:

    Turn your attention to the roadmap section of the Short-Form Business Case Template and fill it in through the following steps:

    1. Select which scope, resource, and/or time reduction tactics to apply given the context of the project.
    2. Use the test, run, gauge, and collect framework supplied, unless you elect to generate your own project phases. If that is the case, ensure that phases are mutually exclusive and completely exhaustive (MECE).
    3. For each phase, supply a brief description of the activities to be undertaken for that phase.
    4. Map the benefits to be accrued within each phase.
    5. For each phase, supply a set of two to three potential factors that create risk toward the benefits listed.
    6. For each risk, supply a mitigation tactic that could be employed to diffuse the risk or to mitigate it completely.

    Input

    • Project benefits
    • Scope, resource, and time reduction tactics

    Output

    • Roadmap section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner

    Fill out the cost section of the business case

    Tasks:

    1. Having already completed the roadmap part of the Short-Form Business Case Template, turn your attention to the cost section.
    2. Use the scope, resource, and time reduction tactics and roadmap to estimate the cost necessary to execute the project. Remember that costs are a factor of the resources required and the cost type.
      • Resources:
        • Hardware
        • Software
        • Human
        • Network and communications
        • Facilities
      • Cost Types:
        • Acquisition
        • Operation
        • Growth and change
    3. Complete the cost section of the Short-Form Business Case Template with the cost estimate for the project.

    Input

    • Roadmap
    • Scope, resource, and time reduction tactics

    Output

    • Cost section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Opportunity group/team

    Exemplar: Short-Form Business Case

    Short form business case template. Shows value proposition, initiative benefits and initiative roadmap.

    Step 3: Determine a Prioritized List of Initiatives

    Green-light opportunities for digital investment and create your list of high-priority digital initiatives.

    Step 3: Determine a prioritized list of initiatives.

    Step 3

    Determine a Prioritized List of Initiatives

    3.1

    Compile information

    Finalize your list of high priority initiatives.

    This list should also include the short-form business cases that you completed in the previous step. This compilation of initiative information will be used in the next phase of your digital journey and is critical for its successful completion.

    Consider:
    • Checking your work. Does it ring true? Does it create excitement? People will be working on these initiatives in the near future, so it’s ideal if they feel good about the outcomes.
    • Integrating with your IT strategy, if you have one. These digital initiatives will figure prominently in the fiscal quarters to come.
    Avoid:
    • Dramatic effect. While you want stakeholders and IT staff to be enthusiastic about the work ahead, don’t dress up the initiatives as something they’re not.

    3.2

    Communicate

    It’s time to communicate with stakeholders.

    By now you should have a relatively short yet potent list of digital business initiatives – plus a business case for each – that has been thoroughly vetted and prioritized. Stakeholders are eager to learn more about these initiatives, though the details that matter most may differ from stakeholder to stakeholder.

    Consider:
    • Socializing the business cases before formally presenting to stakeholders for approval.
    • You will want to first elicit feedback and make any recommended changes to messaging.
    • Tailoring your message depending on stakeholder type, their priorities and concerns, and so on.
    Avoid:
    • Sugar coating. Many, if not all, of these stakeholders have the authority to invalidate or disapprove any business case that fails to pass muster. Give it to them straight.

    Compile your prioritized initiatives

    There are two follow-up actions to do with your newly prioritized list of digital initiative business cases: present them to stakeholders for approval and then add them to your IT strategic roadmap.

    Compile prioritized initiatives. Present to stakeholders and then add them to your IT strategic roadmap.

    Present business cases to stakeholders

    For most high-profile digital business initiatives, the short-form business case will not be the first time stakeholders hear about them. By this point, securing approval should only be a formality if the initiative has been effectively socialized beforehand. If this is not the case, one must build an adequate understanding of the stakeholder landscape and then use this understanding to effectively present business cases for digital initiative and receive approval to proceed with them.

    Gauge the importance of various stakeholders and tailor your message according to their concerns and the requirements of their role. Consider the following important questions about each stakeholder:

    • Authority: How much influence does the stakeholder have? Enough to drive the initiative forward?
    • Involvement: How interested is the stakeholder? How involved is the stakeholder in the initiative already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
    • Support: Is the stakeholder a supporter of the initiative? Neutral? A resistor?

    Develop a stakeholder map

    A stakeholder map helps visualize the importance of various stakeholders and their concerns so you can prioritize your time according to those stakeholders who are most impacted by a digital initiative, as well as those who have the authority to green-light them.

    1. Evaluate each stakeholder in terms of authority, involvement, impact, and support, as discussed in the previous slide.
    2. Map each stakeholder to an area on the right template (slide four) based upon the level of their authority and involvement (high or low).
      • Vary the size of the circle to distinguish stakeholders that are highly impacted by the IT strategy from those who are not. Color each circle to show each stakeholder’s estimated or gauged level of support for the project.
    3. Ask yourself if the stakeholder map looks accurate. Is there someone who has no involvement in digital initiatives, but should?
      • A) For example, if a CFO who has the authority to disapprove project funding is heavily impacted and not involved, the success of the business cases will be put at risk.
    4. Draw a dotted circle to show where that stakeholder needs to be located (increased involvement and support), and an arrow with a dotted line to signify the needed change. Some stakeholders may have influence over others.
      • B) For example, a COO who highly values the opinion of the director of operations would be influenced by that director. Draw an arrow from one stakeholder to another to signify this relationship.

    Focus on key players: Relevant stakeholders who have high power are highly impacted and should have high involvement. Engage the stakeholders that are impacted most and have the authority to influence digital initiatives and approve business cases.

    Stakeholder map. Authority versus involvement of key players.

    Summary of key insights

    By now, you should have a firm understanding of the principles and desired actions, behaviors, and outcomes that have been presented in this methodology. Furthermore:

    1. Prioritization of digital opportunities can be a relatively straightforward task as long as the correct stakeholders are involved and use a common and agreed upon set of criteria.
    2. Developing a business case for a digital initiative in an agile manner need not be a grueling exercise provided that a vetted and repeatable process is used.
    3. Above all, remember that this is a journey. Going from an intangible (macro-trend, problem, or opportunity) to a tangible (actual project or initiative) does not happen all at once.

    Related Info-Tech Research

    Understand Industry Trends

    Assess how the external environment presents opportunities or threats to your organization.

    Build a Business-Aligned IT Strategy

    Align with the business by creating an IT strategy that documents the business context, key initiatives, and a strategic roadmap.

    Define Your Digital Business Strategy

    Design a strategy that applies innovation to your business model, streamlines and transforms processes, and makes use of technologies to enhance interactions with customers and employees.

    Research Contributors and Experts

    Ross Armstrong

    Ross Armstrong

    Principal Research Director, CIO Advisory
    Info-Tech Research Group

    Ross Armstrong is a Principal Research Director in the CIO Advisory practice at Info-Tech Research Group, covering the areas of IT strategic planning, digital strategy, digital transformation, and IT innovation.

    Ross has worked in a variety of public and private sector industries including automotive, IT, mobile/telecom, and higher education. All of his roles over the years have centered around data-driven market research – in pursuit of insightful and successful product development and product management – at their core.

    In addition to his long tenure as an Info-Tech Research Group analyst, Ross has worked in research and product innovation positions at Autodata initiatives (J.D. Power), BlackBerry, and Ivey Business School (Western University).

    Ross holds a Master of Arts degree in English Language and Literature from Western University (UWO) and has served as an advisory board member for a number of not-for-profit and educational institutions.

    Joanne Lee

    Joanne Lee

    Principal Research Director, CIO Advisory
    Info-Tech Research Group

    Joanne is an executive with over 25 years of experience providing leadership in digital technology and management consulting across both public and private entities from initiative delivery to organizational redesign across BC, Ontario, and Globally.

    A Director within KPMG’s CIO Advisory Management Consulting services and practice lead for Digital Health in BC, Joanne has led various client engagements from ERP Cloud Strategy, IT Operating Models, Data and Analytics maturity, to process redesign. More recently, Joanne was the Chief Program Officer and Executive Director responsible for leading the implementation of a $450M technology and business transformation initiative across 13 hospitals and community services for one of the largest health authorities in BC.

    A former clinician, Joanne has held progressive leadership roles in healthcare with accountabilities across IT operations and service management, data analytics, project management office (PMO), clinical informatics, and privacy and contract management. Joanne is passionate about connecting people, concepts, and capital.

    Bibliography

    “AI: From Data to ROI.” Cognizant, September 2020. Accessed November 2022.

    Bughin, Jacques, et al. “The Case for Digital Reinvention.” McKinsey Quarterly, February 2017. Accessed November 2022.

    “The Business Case for Digital Transformation.” CPA Canada, June 2021. Accessed November 2022.

    “The Case for Digital Transformation.” The National Center for the Middle Market, Ohio State University, 2020. Accessed October 2022.

    “Digital Transformation in Government Case Study.” Ionology, April 2020. Accessed October 2022.

    Louis, Peter, et al. “Internet of Things – From Buzzword to Business Case.” Siemens, 11 January 2021. Accessed December 2022.

    Miesen, Nick. “Case Studies of Digital Transformations in Process and Aerospace Industries.” Jugaad, 2018. Accessed November 2022.

    Proff, Harald, and Claudia Bittrich. “The Digital Business Case - Done Right!” Deloitte, August 2019. Accessed October 2022.

    “Propelling an Aerospace Innovator.” Accenture, 2021. Accessed October 2022.

    Schmidt-Subramanian, Maxie. “The ROI of CX Transformation.” Forrester, 15 August 2019. Accessed November 2022.

    Ward, John, et al. “Building Better Business Cases for IT Investments.” California Management Review, Sept. 2007. Web.

    Architect Your Big Data Environment

    • Buy Link or Shortcode: {j2store}202|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Organizations may understand the transformative potential of a big data initiative, but they struggle to make the transition from the awareness of its importance to identifying a concrete use case for a pilot project.
    • The big data ecosystem is crowded and confusing, and a lack of understanding of it may cause paralysis for organizations.

    Our Advice

    Critical Insight

    • Don’t panic, and make use of the resources you already have. The skills, tools, and infrastructure for big data can break any budget quickly, but before making rash decisions, start with the resources you have in-house.
    • Big data as a service (BDaaS) is making big waves. BDaaS removes many of the hurdles associated with implementing a big data strategy and vastly lowers the barrier of entry.

    Impact and Result

    • Follow Info-Tech’s methodology for understanding the types of modern approaches to big data tools, and then determining which approach style makes the most sense for your organization.
    • Based on your big data use case, create a plan for getting started with big data tools that takes into account the backing of the use case, the organization’s priorities, and resourcing available.
    • Put a repeatable framework in place for creating a comprehensive big data tool environment that will help you decide on the necessary tools to help you realize the value from your big data use case and scale for the future.

    Architect Your Big Data Environment Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should find your optimal approach to big data tools, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Plant the foundations of your big data tool architecture

    Identify your big data use case and your current data-related capabilities.

    • Architect Your Big Data Environment – Phase 1: Plant the Foundations of Your Big Data Tool Architecture
    • Big Data Execution Plan Presentation
    • Big Data Architecture Planning Tool

    2. Weigh your big data architecture decision criteria

    Determine your capacity for big data tools, as well as the level of customizability and security needed for your solution to help justify your implementation style decision.

    • Architect Your Big Data Environment – Phase 2: Weigh Your Big Data Architecture Decision Criteria

    3. Determine your approach to implementing big data tools

    Analyze the three big data implementation styles, select your approach, and complete the execution plan for your big data initiative.

    • Architect Your Big Data Environment – Phase 3: Determine Your Approach To Implementing Big Data Tools
    [infographic]

    Achieve IT Spend & Staffing Transparency

    • Buy Link or Shortcode: {j2store}75|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • IT spend has increased in volume and complexity, but how IT spend decisions are made has not kept pace.
    • In most organizations, technology has evolved faster than the business’ understanding of what it is, how it works, and what it can do for them.
    • How traditional financial accounting methods are applied to IT expenditure don’t align well to modern IT realities.
    • IT is often directed to make cuts when cost optimization and targeted investment are what’s really needed to sustain and grow the organization in the long term.

    Our Advice

    Critical Insight

    • Meaningful conversations about IT spend don’t happen nearly as frequently as they should. When they do happen, they are often inhibited by a lack of IT financial management (ITFM) maturity combined with the absence of a shared vocabulary between IT, the CFO, and other business function leaders.
    • Supporting data about actual technology spend taking place that would inform decision making is often scattered and incomplete.
    • Creating transparency in your IT financial data is essential to powering collaborative and informed technology spend decisions.

    Impact and Result

    • Understand the uses and benefits of making your IT spend more transparent.
    • Discover and organize your IT financial data.
    • Map your organization’s total technology spend against four IT stakeholder views: CFO, CIO, CXO, and CEO.
    • Gain vocabulary and facts that will help you tell the true story of IT spend.

    Members may also be interested in Info-Tech's IT Spend & Staffing Benchmarking Service.

    Achieve IT Spend & Staffing Transparency Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Achieve IT Spend & Staffing Transparency Deck – A detailed, do-it-yourself framework and process for clearly mapping your organization’s total technology spend.

    This deck mirrors Info-Tech’s own internal methods for delivering its IT Spend & Staffing Benchmarking Service in a do-it-yourself format. Based on Info-Tech’s proven ITFM Cost Model, it includes an IT spend mapping readiness assessment, expert advice for sourcing and organizing your financial data, a methodology for mapping IT staff and vendor spend according to four key stakeholder views (CFO, CIO, CXO, and CEO), and guidance on how to analyze and share your results.

    • Achieve IT Spend & Staffing Transparency Storyboard

    2. IT Spend & Staffing Transparency Workbook – A structured Excel tool that allows you to allocate your IT spend across four key stakeholder views and generate high-impact visualizations.

    This workbook offers a step-by-step approach for mapping and visualizing your organization’s true IT spend.

    • IT Spend & Staffing Transparency Workbook

    3. IT Spend & Staffing Transparency Executive Presentation Template – A PowerPoint template that helps you summarize and showcase key results from your IT spend transparency exercise.

    This presentation template offers a recommended structure for introducing key executive stakeholders to your organization’s true IT spending behavior and IT financial management as a whole.

    • IT Spend & Staffing Transparency Executive Presentation Template

    Infographic

    Further reading

    Achieve IT Spend & Staffing Transparency

    Lay a foundation for meaningful conversations with the business.

    Analyst Perspective

    Take the first step in your IT spend journey.

    Talking about money is hard. Talking to the CEO, CFO, and other business leaders about money is even harder, especially if IT is seen as just a cost center, is not understood by stakeholders, or is simply taken for granted. In times of economic hardship, already lean IT operations are tasked with becoming even leaner.

    When there's little fat to trim, making IT spend decisions without understanding the spend's origin, location, extent, and purpose can lead to mistakes that weaken, not strengthen, the organization.

    The first step in optimizing IT spend decisions is setting a baseline. This means having a comprehensive and transparent view of all technology spend, organization-wide. This baseline is the only way to have meaningful, data-driven conversations with stakeholders and approvers around what IT delivers to the business and the implications of making changes to IT funding.

    Before stepping forward in your IT financial management journey, know exactly where you're standing today.

    Jennifer Perrier, Principal Research Director, ITFM Practice

    Jennifer Perrier
    Principal Research Director, ITFM Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge Common Obstacles Info-Tech's Approach
    IT spend has increased in volume and complexity, but how IT spend decisions are made has not kept pace:
    • Technology has evolved faster than the business' understanding of what it is, how it works, and what it can do for them.
    • How traditional financial accounting methods are applied doesn't align well to modern IT realities.
    • IT is directed to make cuts when cost optimization and targeted investment are what's really needed to sustain and grow the organization in the long-term.
    Meaningful conversations about IT spend don't happen nearly as much as they should. This is often due to:
    • A lack of maturity in how ITFM (IT financial management) is executed within IT and across the organization as a whole.
    • The absence of a shared vocabulary between IT, the CFO, and other business function leaders.
    • Scattered and incomplete data about the actual technology spend taking place in the organization.
    Lay a foundation for meaningful conversations and informed decision-making around IT spend.
    • Understand the uses and benefits of making your IT spend more transparent.
    • Discover and organize your IT financial data.
    • Map your organization's total technology spend against four IT stakeholder views: CFO, CIO, CXO, and CEO.
    • Gain both vocabulary and facts that will help you tell the true story of IT spend.

    Info-Tech Insight
    Create transparency in your IT financial data to power both collaborative and informed technology spend decisions.

    IT spend has grown alongside IT complexity

    IT spend has grown alongside IT complexity

    Growth creates change ... and challenges

    IT has become more integral to business operations and achievement of strategic goals, driving complexity in how IT funds are allocated and managed.

    How IT funds are spent has changed
    Value demonstration is two-pronged. The first is return on performance investment, focused on formal and objective goals, metrics, and KPIs. The second is stakeholder satisfaction, a more subjective measure driven by IT-business alignment and relationship. IT leaders must do both well to prove and promote IT's value.
    Funding decision cadence has sped up
    Many organizations have moved from three- to five-year strategic planning cycles to one-year planning horizons or less, most noticeably since the 2008/2009 recession. Not only has the pace of technological change accelerated, but so too has volatility in the broader business and economic environments, forcing rapid response.
    Justification rigor around IT spend has increased
    The need for formal business cases, proposals, and participation in formal governance processes has increased, as has demand for financial transparency. With many IT departments still reporting into the CFO, there's no getting around it - today's IT leaders need to possess financial management savvy.
    Clearly showing business value has become priority
    IT spend has moved from the purchase of discrete hardware and software tools traditionally associated with IT to the need to address larger-scale issues around interoperability, integration, and virtualized cloud solutions. Today's focus is more on big-picture architecture than on day-to-day operations.

    ITFM capabilities haven't grown with IT spend

    IT still needs to prove itself.

    Increased integration with the core business has made it a priority for the head of IT to be well-versed in business language and practice, specifically in the areas of measurement and financial management.

    However, IT staff across all industries aren't very confident in how well IT is doing in managing its finances via three core processes:

    • Accounting of costs and budgets.
    • Optimizing costs to gain the best return on investment.
    • Demonstrating IT's value to the business.

    Recent data from 4,137 respondents to Info-Tech's IT Management & Governance Diagnostic shows that while most IT staff feel that these three financial management processes are important, notably fewer feel that IT management is effective at executing them.

    IT leadership's capabilities around fundamental cost data capture appear to be lagging, not to mention the essential value-added capabilities around optimizing costs and showing how IT contributes to business value.

    Graph of Cost and Budget Management

    Graph of Cost Optimization

    Questions for support transition

    Source: IT Management & Governance Diagnostic, Info-Tech Research Group, 2022.

    Take the perspective of key IT stakeholders as a first step in ITFM capability improvement

    Other business unit leaders need to deliver on their own specific and unique accountabilities. Create true IT spend transparency by accounting for these multiple perspectives.

    Exactly how is IT spending all that money we give them?
    Many IT costs, like back-end infrastructure and apps maintenance, can be invisible to the business.

    Why doesn't my department get more support from IT?
    Some business needs won't align with spend priorities, while others seem to take more than their fair share.

    Does the amount we spend on each IT service make sense?
    IT will get little done or fall short of meeting service level requirements without appropriate funding.

    I know what IT costs us, but what is it really worth?
    Questions about value arise as IT investment and spend increase. How to answer these questions is critical.

    At the end of the day, telling IT's spend story to the business is a significant challenge if you don't understand your audience, have a shared vocabulary, or use a repeatable framework.

    Mapping your IT spend against a reusable framework helps generate transparency

    A framework makes transparency possible by simplifying methods, creating common language, and reducing noise.

    However, the best methodological framework won't work if the materials and information plugged into it are weak. With IT spend, the materials and information are your staff and your vendor financial data. To achieve true transparency, inputs must have the following three characteristics:

    Availability Reliability Usability
    The data and information are up-to-date and accessible when needed. The data and information are accurate, complete, and verifiable. The data and information are clearly defined, consistently and predictably organized, consumable, and meaningful for decision-making.

    A framework is an organizing principle. When it comes to better understanding your IT spend, the things being organized by a framework are your method and your data.

    If your IT spend information is transparent, you have an excellent foundation for having the right conversations with the right people in order to make strategically impactful decisions.

    Info-Tech's approach enables meaningful dialogue with stakeholders about IT spend

    View of meaningful dialogue with stakeholders about IT spend

    Investing time in preparing and mapping your IT spend data enables better IT governance

    While other IT spend transparency methods exist, Info-Tech's is designed to be straightforward and tactical.

    Info-Tech method for IT spend transparency

    Put your data to work instead of being put to work by your data.

    Introducing Info-Tech's methodology for creating transparency on technology spend

    1. Know your objectives 2. Gather required data 3. Map your IT staff spend 4. Map your IT vendor spend 5. Identify implications for IT
    Phase Steps
    1. Review your business context
    2. Set IT staff and vendor spend transparency objectives
    3. Assess effort and readiness
    1. Collect IT staff spend data
    2. Collect IT vendor spend data
    3. Define industry-specific CXO Business View categories
    1. Categorize IT staff spend in each of the four views
    2. Validate
    1. Categorize IT vendor spend in each of the four views
    2. Validate
    1. Analyze your findings
    2. Craft your key messages
    3. Create an executive presentation
    Phase Outcomes Goals and scope for your IT spend and staffing transparency effort. Information and data required to perform the IT staff and vendor spend transparency initiative. A mapping of the allocation of IT staff spend across the four views of the Info-Tech ITFM Cost Model. A mapping of the allocation of IT vendor spend across the four views of the Info-Tech ITFM Cost Model. An analysis of your results and a presentation to aid your communication of findings with stakeholders.

    Insight Summary

    Overarching insight
    Take the perspective of key stakeholders and lay out your organization's complete IT spend footprint in terms they understand to enable meaningful conversations and start evolving your IT financial management capability.

    Phase 1 insight
    Your IT spend transparency efforts are only useful if you actually do something with the outcomes of those efforts. Be clear about where you want your IT transparency journey to take you.

    Phase 2 insight
    Your IT spend transparency efforts are only as good as the quality of your inputs. Take the time to properly source, clean, and organize your data.

    Phase 3 insight
    Map your IT staff spend data first. It involves work but is relatively straightforward. Practice your mapping approach here and carry forward your lessons learned.

    Phase 4 insight
    The importance of good, usable data will become apparent when mapping your IT vendor spend. Apply consistent and meaningful vendor labels to enable true aggregation and insight.

    Phase 5 insight
    Communicating your final IT spend transparency mapping with executive stakeholders is your opportunity to debut IT financial management as not just an IT issue but an organization-wide concern.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Use this tool in Phases 1-4

    IT Spend & Staffing Transparency Workbook

    Input your IT staff and vendor spend data to generate visual outputs for analysis and presentation in your communications.

    Key deliverable:

    IT Spend & Staffing Transparency Executive Presentation

    Create a showcase for your newly-transparent IT staff and vendor spend data and present it to key business stakeholders.

    Use this tool in Phase 5

    IT and business blueprint benefits

    IT Benefits Business Benefits
    • Gain insight into exactly where you're spending IT funds on hardware, software, service providers, and the workforce.
    • Understand how much it's costing IT to deliver specific IT services.
    • Illustrate differences in business consumption of IT spend.
    • Learn the ratio of spend allocated to innovation vs. growth vs. keeping the lights on (KTLO).
    • Develop a series of core IT spend metrics including IT spend as a percent of revenue, IT spend per organization employee, and IT spend per IT staff member.
    • Create a complete IT spend baseline to serve as a foundation for future benchmarking, cost optimization, and other forms of IT financial analysis.
    • Understand the relative allocation of IT spend across capital vs. operational expenditure.
    • See the degree to which IT differentially supports and enables organizational goals, strategies, and functions.
    • Have better data for informing the organization's IT spend allocation and prioritization decisions.
    • Gain better visibility into real-life IT spending behaviors, cadences, and patterns.
    • Identify potential areas of spend waste as well as underinvestment.
    • Understand the true value that IT brings to the business.

    Measure the value of this blueprint

    You will know that your IT spend and staffing transparency effort is succeeding when:

    • Your understanding of where technology funds are really being allocated is comprehensive.
    • You're having active and meaningful dialogue with key stakeholders about IT spend issues.
    • IT spend transparency is a permanent part of your IT financial management toolkit.

    In phase 1 of this blueprint, we will help you identify initiatives where you can leverage the outcomes of your IT spend and staffing transparency effort.

    In phases 2, 3, and 4, we will guide you through the process of mapping your IT staff and vendor spend data so you can generate your own IT spend metrics based on reliable sources and verifiable facts.

    Win #1: Knowing how to reliably source the financial data you need to make decisions.

    Win #2: Getting your IT spend data in an organized format that you can actually analyze.

    Win #3: Having a framework that puts IT spend in a language stakeholders understand.

    Win #4: Gaining a practical starting point to mature ITFM practices like cost optimization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    Info-Tech recommends the following calls in your Guided Implementation.

    Phase 1: Know your objectives Phase 2: Gather required data Phase 3: Map your IT staff spend Phase 4: Map your IT vendor spend Phase 5: Identify implications for IT
    Call #1: Discuss your IT spend and staffing transparency objectives and readiness. Call #2: Review spend and staffing data sources and identify data organization and cleanup needs. Call #3: Review your mapped IT staff spend and resolve lingering challenges. Call #4: Review your mapped IT vendor spend and resolve lingering challenges. Call #5: Analyze your mapping outputs for opportunities and devise next steps.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between four to six calls over the course of two to three months.

    Want even more help with your IT spend transparency effort?

    Let us fast-track your IT spend journey.

    The path to IT financial management maturity starts with knowing exactly where your money is going. To streamline this effort, Info-Tech offers an IT Spend & Staffing Benchmarking service that provides full transparency into where your money is going without any heavy lifting on your part.

    This unique service features:

    • A client-proven approach to meet your IT spend transparency goals.
    • Vendor and staff spend mapping that reveals business consumption of IT.
    • Industry benchmarking to compare your spending and staffing to that of your peers.
    • Results in a fraction of the time with much less effort than going it alone.
    • Expert review of results and ongoing discussions with Info-Tech analysts.

    If you'd like Info-Tech to pave the way to IT spend transparency, contact your account manager for more information - we're happy to talk anytime.

    Phase 1

    Know Your Objectives

    This phase will walk you through the following activities:

    • Establish IT spend and staffing transparency uses and objectives
    • Assess your readiness to tackle IT spend and staffing transparency

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 1: Know your objectives

    Envision what transparency can do.

    You're at the very beginning of your IT spend transparency journey. In this phase you will:

    • Set your objectives for making your IT spend and staffing transparent.
    • Assess your readiness to tackle the exercise and gauge how much work you'll need to do in order to do it well.

    "I've heard this a lot lately from clients: 'I've got my hands on this data, but it's not structured in a way that will allow me to make any decisions about it. I have these journal entries and they have some accounting codes, GL descriptors, cost objects, and some vendors, but it's not enough detail to make any decisions about my services, my applications, my asset spend.'"
    - Angie Reynolds, Principal Research Director, ITFM Practice, Info-Tech Research Group

    Transparency positively enables both business outcomes and the practice of business ethics

    However, transparency's real superpower is in how it provides fact-based context.

    • More accurate and relevant data for decision-making.
    • Better managed and more impactful financial outcomes.
    • Increased inclusion of people in the decisions that affect them.
    • Clearer accountabilities for organizational efficiency and effectiveness goals.
    • Concrete proof that business priorities and decisions are being acted on and implemented.
    • Greater trust and respect between IT and the business.
    • Demonstration of integrity in how funds are being used.

    IT spend transparency efforts are only useful if you actually do something with the outputs

    Identify in advance how you plan to leverage IT spend transparency outcomes.

    CFO expense view

    • Demonstrate actual IT costs at the right level of granularity.
    • Update/change the categories finance uses to track IT spend.
    • Adjust the expected CapEx/OpEx ratio.

    CXO business view

    • Calculate consumption of IT resources by department.
    • Implement a showback/chargeback mechanism.
    • Change the funding conversation about proposed IT projects.

    CIO service view

    • Calculate the total cost to deliver a specific IT service.
    • Adjust the IT service spend-to-value ratio as per business priorities.
    • Rightsize IT service levels to reflect true value to the business.

    CEO innovation view

    • Formalize the organization's position on use of cloud/outsourcing.
    • Reduce the portion of spend dedicated to "keeping the lights on."
    • Develop a plan for boosting commitment to innovation investment.

    When determining your end objectives, think about the real questions IT is being asked by the business and how IT spend transparency will help you answer them.

    CFO: Financial accounting perspective

    IT spend used to be looked at from a strictly financial accounting perspective - this is the view of the CFO and the finance department. Their question, "exactly how is IT spending all that money we give them," is really about how money is distributed across different asset classes. This question breaks down into other questions that IT leaders needs to ask themselves in order to provide answers:

    • How should I classify my IT costs? What are the standard categories you need to have that are meaningful to folks crunching the corporate numbers? If you're too detailed, it won't make sense to them. If you pick outmoded categories, you'll have to adjust in the future as IT evolves, which makes tracking year-over-year spend patterns harder.
    • What information should I include in my plans and reports? This is about two things. One is about communicating with the finance department in language that reduces back-and-forth and eliminates misinterpretation. The other is about aligning with the categories the finance department uses to track financial data in the general ledger.
    • How do I justify current spend? This is about clarity and transparency. Specifically itemizing spend into categories that are meaningful for your audience does a lot of justification work for you since you don't have to re-explain what everything means.
    • How do I justify a budget increase? In a declining economy, this question may not be appropriate. However, establishing a baseline puts you in a better position to discuss spend requirements based on past performance and to focus the conversation.

    Exactly how is IT spending all that money we give them?

    Example
    Asset Class % IT Spend
    Workforce 42.72%
    Software - Cloud 9.26%
    Software - On Prem 13.61%
    Hardware - Cloud 0.59%
    Hardware - On Prem 15.68%
    Contract Services 18.14%
    Info-Tech IT Spend & Staffing Studies, 2022.

    CIO: IT operations management perspective

    As the CIO role was adopted, IT spend was viewed from the IT operations management perspective. Optimizing the IT delivery model is a critical step to reducing time to provision services. For the IT leader, the questions they need to ask themselves are:

    • What's the impact of cloud adoption on speed of delivery? Leveraging a SaaS solution can reduce time to deployment as well as increase your ability to scale; however, integration with other functionality will still be a challenge that will incur costs.
    • Where can I improve spend efficiency? This is about optimizing spend in your IT delivery model. What service levels does the business require and what's the most cost-effective way to meet those levels without incurring significant technical debt?
    • Is my support model optimized? By reviewing where support staff are focused and which services are using most of your resources, you can investigate underlying drivers of your staffing requirements. If staff costs in support of a business function are high, perhaps the portfolio of applications needs to be reviewed.
    • How does our spend compare to others? Benchmarking against peers is a useful input, but reflects common practice, not best practice. For example, if you need to invest in IT security, your entire industry is lagging on this front, and you happen to be doing slightly better than most, then bringing forth this benchmark won't help you make the case. Starting with year-over-year internal benchmarking is essential - establish your categories, establish your baseline, and track it consistently.

    Does the amount we spend on each IT service make sense?

    Example
    Service Area % IT Spend
    App Development 9.06%
    App Maintenance 30.36%
    Hosting/Network 25.39%
    End User 18.59%
    Data & BI 3.58%
    Security & Risk 5.21%
    IT Management 7.82%
    Info-Tech IT Spend & Staffing Studies, 2022.

    CXO: Business unit perspective

    As business requests have increased, so too has the importance of the business unit perspective. Each business function has a unique mandate to fulfill in the organization and also competes with other business functions for IT resources. By understanding business consumption of IT, organizations can bring transparency and drive a different dialog with their business partners. Every IT leader should find out the answers to these questions:

    • Which business units consume the most IT resources? By understanding consumption of IT by business function, IT organizations can clearly articulate which business units are getting the highest share of IT resources. This will bring much needed clarity when it comes to IT spend prioritization and investment.
    • Which business units are underserved by IT? By providing full transparency into where all IT spend is consumed, organizations can determine if certain business functions may need increased attention in an upcoming budget cycle. Knowing which levers to pull is critical in aligning IT activities with delivering business value.
    • How do I best communicate spend data internally? Different audiences need information presented to them differently. This is not just about the language - it's also about the frequency, format, and channel you use. Ask your audiences directly what methods of communication stand the best chance of you being seen and heard.
    • Where do I need better business sponsorship for IT projects? If a lot of IT spend is going toward one or two business units, the leaders of those units need to be active sponsors of IT projects and associated spend that will benefit all users.

    Why doesn't my business unit get more support from IT?

    Example
    Business Function % IT Spend
    HR Department 6.16%
    Finance Department 15.15%
    IT Department 10.69%
    Business Function 1 23.80%
    Business Function 2 10.20%
    Business Function 3 6.80%
    Business Function 4 27.20%
    Source: Info-Tech IT Spend & Staffing Studies, 2022.

    CEO: Strategic vs. operations perspective

    With a business view now available, evaluating IT spend from a strategic standpoint is critical. Simply put, how much is being spent keeping the lights on (KTLO) in the organization versus supporting business or organizational growth versus net-new business innovations? This view is not about what IT costs but rather how it is being prioritized to drive revenue, operating margin, or market share. Here are the questions IT leaders should be asking themselves along with the organization's executive leadership and the CEO:

    • Why is KTLO spend so high? This question is a good gauge of where the line is drawn between operations and strategy. Many IT departments want to reduce time spent on maintenance and redeploy resource investment toward strategic projects. This reallocation must include retiring or eliminating technologies to free up funds.
    • What should our operational spend priorities be? Maintenance and basic operations aren't going anywhere. The issue is what is necessary and what could be done more wisely. Are you throwing good money after bad on a high-maintenance legacy system?
    • Which projects and investments should we prioritize? The answer to this question should tightly align with business strategic goals and account for the lion's share of growth and innovation spend.
    • Are we spending enough on innovative initiatives? This is the ultimate dialogue between business partners, the CEO, and IT that needs to take place, yet often doesn't.

    I know what IT costs us, but what is it really worth?

    Example
    Focus Area % IT Spend
    KTLO 89.16%
    Grow 7.18%
    Innovate 3.66%
    Info-Tech IT Spend Studies, 2022.

    Be clear about where you want your IT spend transparency journey to take you in real life

    Transparent IT spend data will allow you to have conversations you couldn't have before. Consider this example of how telling an IT spend story could evolve.

    I want to ...
    Analyze the impact of the cloud on IT operating expenditure to update finance's expectations of a realistic IT CapEx/OpEx ratio now and into the future.

    To address the problem of ...

    • Many of our key software vendors have eliminated on-premises products and only offer software as an OpEx service.
    • Assumptions that modern IT solutions are largely on-premises and can be treated as capitalizable assets are out-of-date and don't reflect IT financial realities.

    And will use transparency to ...

    • Provide the CFO with specific, accurate, and annotated OpEx by product/service and vendor for all cloud-based and on-premises solutions.
    • Facilitate a realistic calculation of CapEx/OpEx distribution based on actuals, as well as let us develop defendable projections of OpEx into the future based on typical annual service fee increases and anticipated growth in the number of users/licenses.

    1.1 Establish ITFM objectives that leverage IT spend transparency

    Duration: One hour

    1. Consider the problems or issues commonly voiced by the business about IT, as well as your own ongoing challenges in communicating with stakeholders. Document these problems/issues as questions or statements as spoken by a person. To help structure your brainstorming, consider these general process domains and examples:
      1. Spend tracking and reporting. E.g. Why is IT's OpEx so high? We need you to increase IT's percentage of CapEx.
      2. Service levels and business continuity. E.g. Why do we need to hire more service desk staff? There are more of them in IT than any other role.
      3. Project and operations resourcing. E.g. Why can't IT just buy this new app we want? It's not very expensive.
      4. Strategy and innovation. E.g. Did output increase or decrease last quarter per input unit? IT should be able to run those reports for us.
    2. For each problem/issue noted, identify:
      1. The source(s) of the question/concern (e.g. CEO, CFO, CXO, CIO).
      2. The financial process involved (e.g. accurate costing, verification of costs, building a business case to invest).
    3. For each problem/issue, identify a broader project-style initiative where having transparent IT spend data is a valuable input. One initiative may apply to multiple problems/issues. For each initiative:
      1. Give it a working title.
      2. State the goal for the initiative with reference to ITFM aspirations.
      3. Identify key stakeholders (these will likely overlap with the problem/issue source).
      4. Set general time frames for resolution.

    Document your outputs on the slide immediately following the instruction slides for this exercise. Examples are included.

    1.1 Establish ITFM objectives that leverage IT spend transparency

    Input Output
    • Organizational knowledge
    • List of the potential uses and objectives of transparent IT spend and staffing data
    Materials Participants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    ITFM initiatives that leverage transparency

    Problem/Issue Statement Source/ Stakeholder Associated ITFM Process Potential Initiative Initiative Goal Time Frame
    "Why is IT's OpEx so high? We need you to increase IT's percentage of CapEx." CFO IT spend categorization and reporting. Analyze the impact of the cloud on IT operating expenditure. To update finance's expectations of a realistic IT CapEx/OpEx ratio. <12 months
    "Why do we need to hire more service desk staff? There are more of them in IT than any other role." CFO, VP of HR Business case for hiring IT staff. Document ongoing IT support requirements for proposed ERP platform migration project. To ensure sufficient resources for an anticipated increase in service desk tickets due to implementation of a new ERP system. 1-3 months
    "Why can't IT just buy this new app we want? It's not very expensive." CEO, all CXOs/VPs Total cost of technology ownership. Develop a mechanism to review the lifecycle impact on IT of proposed technology purchases. To determine if functionality of new tool already exists in the org. and the total cost of ownership of a new app. <6 months
    "Did output increase or decrease last quarter per input unit? IT should be able to run those reports for us." CEO, CFO, VP of Production IT service costing. Develop an organizational business intelligence strategy. To create a comprehensive plan for evolving BI capability in the organization and transferring report development to users. Select a department for pilot. <12 months

    Your organization's governance culture will affect how you approach transparency

    Know your governance culture Lower Governance
    • Few regulations.
    • Financial reporting is largely internal.
    • Change is frequent and rapid.
    • Informal or nonexistent mechanisms and structures.
    • Data sharing behavior driven by competitive concerns.
    Higher Governance
    • Many regulations.
    • Stringent and regular external reporting requirements.
    • Change is limited and/or slow.
    • Defined and established mechanisms and structures.
    • Data sharing behavior driven by regulatory concerns.
    Determine impact on opportunities How does your governance culture impact IT spend transparency opportunities?
    Resistance to formality and bureaucracy Resistance to change and uncertainty
    Set expectations and approach You have plenty of room to implement transparency rigor within the confines of IT, but getting others to give you the time and attention you want will be a challenge. One-on-one, informal relationship building to create goodwill and dialogue is needed before putting forth recommendations or numbers. Many existing procedures must be accommodated and respected. While you can benefit by working with preexisting mechanisms and touchpoints, expect any changes you want to make to things like IT cost categories or CapEx/OpEx ratios to require a lot of time, meetings, and case-making.

    IT's current maturity around ITFM practice will also affect your approach to transparency

    Know your ITFM maturity level Lower ITFM Maturity
    • No/few formal policies, standards, or procedures exist.
    • There is little/no formal education or experience within IT around budget, costing, charging, or accounting practices.
    • Financial reporting is sporadic and inconsistent in its contents.
    • Business cases are rarely used in decision-making.
    • Financial data is neither reliable nor readily available.
    Higher ITFM Maturity
    • Formal policies, standards, and procedures are enforced organization-wide for all financial management activities.
    • Formally-trained accountants are embedded within IT.
    • Financial reporting is regular, scheduled, and defined.
    • Business cases are leveraged in most decision-making activities.
    • Financial data is governed, centralized, and current.
    Determine stakeholders' financial literacy How does your degree of ITFM maturity impact IT spend transparency opportunities?
    Improve your own financial literacy first Determine stakeholders' financial literacy
    Set expectations and approach Brush up on core financial management and accounting concepts before taking the discussion beyond IT's walls. Do start mapping your costs, but just know how to communicate what the data is saying before sharing it. Not everyone will be at your level, familiar with ITFM language and concepts, or focused on the same things you are. Gauge where your audience is at so you can prepare for meaningful dialogue.

    1.2 Assess your readiness to tackle IT spend transparency

    Duration: One hour

    Note: This assessment is general in nature. It's intended to help you identify and prepare for potential challenges in your IT spend and staffing transparency effort.

    1. Rate your agreement with the "Data & Information" and "Experience, Expertise, & Support" statements listed on the slide immediately following the two instruction slides for this exercise. For each statement, indicate the extent to which you agree or disagree, where:
      1. 1 = Strongly disagree
      2. 2 = Disagree
      3. 3 = Neither agree nor disagree
      4. 4 = Agree
      5. 5 = Strongly agree
    2. Add up your numerical scores for all statements, where the highest possible score is 65.
    3. Assess your general readiness against the following guidelines:
      1. 50-65: Ready. The transparency exercise will involve work, but should be straightforward since you have the data, skills, tools, processes, and support to do it.
      2. 40-49: Ready, with caveats. The transparency exercise is doable but will require some preparatory legwork and investigation on your part around data sourcing, organization, and interpretation.
      3. 30-39: Challenged. The transparency exercise will present some obstacles. Expect to encounter data gaps, inconsistencies, errors, roadblocks, and frustrations that will need to be resolved.
      4. Less than 30: Not ready. You don't have the data, skills, tools, processes, and/or support to do the data transparency exercise. Take time to develop a stronger foundation of financial literacy and governance before tackling it.

    Document your outputs on the slide immediately following the two instruction slides for this exercise.

    1.2 Assess your readiness to tackle IT spend transparency

    InputOutput
    • Organizational knowledge
    • Estimation of IT spend and staffing transparency effort
    MaterialsParticipants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    IT spend transparency readiness assessment

    Data & Information
    Statement Rating
    We know how to access all IT department spend records.
    We know how to access all non-IT-department technology spend records.
    We know how to access all IT vendor/contractor agreements.
    We know how to access data about our IT staff costs and allocation, such as organizational charts and salaries/benefits.
    Our financial and staffing data is up-to-date.
    Our financial and staffing data are labeled, described, and organized so that we know what they're referring to.
    Our financial and staffing data are in a format that we can easily manipulate (e.g. export, copy and paste, perform calculations).
    Experience, Expertise, & Support
    Statement Rating
    We have sufficient expertise within the IT department to navigate and accurately interpret financial records.
    We have reasonable access to expertise/resources in our finance department to support us in an IT spend transparency exercise.
    We can allocate sufficient time (about 40 hours) and resources in the near term to do an IT spend transparency exercise.
    We have current accountabilities to track and internally report financial information to others on at least a monthly basis.
    There are existing financial policies, procedures, and standards in the organization with which we must closely adhere and comply.
    We have had the experience of participating in, or responding to the results of, an internal or external audit.

    Rating scale:
    1 = Strongly Disagree; 2 = Disagree; 3 = Neither agree nor disagree; 4 = Agree; 5 = Strongly agree
    Assessment scale:
    Less than 30 = Not ready; 30-39 = Challenged; 40-49 = Ready with caveats; 50-65 = Ready

    Take a closer look at the statements you rated 1, 2, or 3. These will be areas of challenge no matter what your total score on the assessment scale.

    Phase 1: Know your objectives

    Achievement summary

    You've now completed the first two steps on your IT spend transparency journey. You have:

    • Set your objectives for making your IT spend and staffing transparent.
    • Assessed your readiness to tackle the exercise and know how much work you'll need to do in order to do it well.

    "Mapping to a transparency model is labor intensive. You can do it once and never revisit it again, but we would never advise that. What it does is play well into an IT financial management maturity roadmap."
    - Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group

    Phase 2

    Gather Required Data

    This phase will walk you through the following activities:

    • Gather, clean, and organize your data
    • Build your industry-specific business views

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 2: Gather required data

    Finish your preparation.

    You're now ready to do the final preparation for your IT spend and staffing transparency journey. In this phase you will:

    • Gather your IT spend and staffing data and information.
    • Clean and organize your data to streamline mapping.
    • Identify your baseline data points.

    "Some feel like they don't have all the data, so they give up. Don't. Every data point counts."
    - Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

    Your IT spend transparency efforts are only as good as the quality of your inputs

    Aim for a comprehensive, complete, and accurate set of data and information.

    Diagram of comprehensive, complete, and accurate set of data and information

    Start by understanding what's included in technology spend

    Info-Tech's ITFM Technology Inventory

    In scope:

    • All network, telecom, and data center equipment.
    • All end-user productivity software and devices (e.g. laptops, peripheral devices, cell phones).
    • Information security.
    • All acquisition, development, maintenance, and management of business and operations software.
    • All systems used for the storage and management of business assets, data, records, and information.
    • All managed IT services.
    • Third-party consulting services.
    • All identifiable spend from the business for the above.

    Expand your thinking: Total tech spend goes beyond what's under IT's operational umbrella

    "Technology" means all technology in the organization regardless of where it lives, who bought it, who owns it, who runs it, or who uses it.

    IT may have low or no visibility into technologies that exist in the broader business environment beyond IT. Accept that you won't gain 100% visibility right now. However, do get started and be persistent.

    Where to look for non-IT technology ...

    • Highly specialized business functions - niche tools that are probably used by only a few people.
    • Power users and the "underserved" - cloud-based workflow, communication, and productivity tools they got on their own.
    • Operational technology - network-connected industrial, building, or physical security sensors and control systems.
    • Recently acquired/merged entities - inherited software.

    Who might get you what you need ...

    • Business unit and team leaders - identification of what they use and copies of their spend records and/or contracts.
    • Finance - a report of the "software" expenditure category to spot unrecognized technologies and their owners.
    • Vendors - copies of contracts if not forthcoming internally.
    • Your service desk - informal knowledge gained about unknown technologies at play in the course of doing their job.

    The IT spend and staffing transparency exercise is an opportunity to kick-start a technology discovery process that will give you and the business a true picture of your technology profile, use, and spend.

    Seek out data at the right level of granularity with the right supporting information

    Key data and information to seek out:

    • Credits applied to appropriate debits that show net expense, or detailed descriptions of credits with no matching debit.
    • Cash-based accounting (not accrual accounting). If accrual, will need to determine how to simplify the data for your uses.
    • Vendor names, asset classes, descriptors, and departments.
    • A total spend amount (CapEx + OpEx) that:
      • Aligns with the spend period.
      • Passes your gut check for total IT spend.
      • Includes annual amounts for multi-year contracts (e.g. one year of a three-year Microsoft enterprise agreement).
      • Includes technology spend from the business (e.g. OT that IT supports).
    • Insights on large projects.
    • Consolidated recurring payments, salaries and benefits, and other small expenses.

    Look for these data descriptors in your files:

    • Cost center/accounting unit
    • Cost center/department description
    • GL ACCT
    • CL account description
    • Activity description
    • Status
    • Program/business function/project description
    • Accounting period
    • Transaction amount
    • Vendor/vendor name
    • Product/product name

    Avoid data that's hard to use or problematic as it will slow you down and bring limited benefits

    Spend data that's out of scope:

    • Depreciation/amortization.
    • Gain or loss of asset write-off.
    • Physical security (e.g. key cards, cameras, motion sensors, floodlights).
    • Printer consumables costs.
    • Heating and cooling costs (for data centers).

    Challenging data formats:

    • Large raw data files with limited or no descriptors.
    • Major accounts (hardware and software) combined in the same line item.
    • Line items (especially software) with no vendor reference information.
    • PDF files or screenshots that you can't extract data from readily. Use Excel or CSV files whenever possible.

    Getting at the data you need can be easy or hard – it all depends

    This is where your governance culture and ITFM maturity start to come into play.

    Data source Potential data and information What to expect
    IT Current/past budget, vendor agreements, IT project records, discretionary spend, number of IT employees. The rigor of your ITFM practice and centralization of data and documents will affect how straightforward this is.
    Finance General ledger, cash and income statements, contractor payments and other accounts payable, general revenue. Secure their expertise early. Let them know what you're trying to do and what you need. They may be willing to prepare data for you in the format you need and help you decipher records.
    Purchasing List of vendors/suppliers, vendor agreements, purchase invoices. Purchasing often has more descriptive information about vendors than finance. They can also point you to tech spend in other departments that you didn't know about.
    Human Resources Organizational chart, staff salaries and benefits, number of employees overall and by department. Data about benefits costs is something you're not likely to have, and there's only one place you can reliably get it.
    Other Business Units Non-IT technology spend vendor agreements and purchase invoices, number of department employees. Other departments may be tracking spend in an entirely different way than you. Be prepared to dig and reconcile.

    There may be some data or information you can't get without a Herculean effort. Don't worry about it too much - these items are usually relatively minor and won't significantly affect the overall picture.

    Commit to finding out what you don't know

    Many IT leaders don't have visibility into other departments' technology spend. In some cases, the fact that spend is even happening may be a complete surprise.

    Near-term visibility fix ...

    • Ask your finance department for a report on all technology-related spend categories. "Software" is a broad category that finance departments tend to track. Scan the report for items that don't look familiar and confirm the originating department or approver.
    • Check in with the procurement office. See what technology-related contracts they have on record and which departments "own" them. Get copies of those contracts if possible.
    • Contact individual department heads or technology spend approvers. Devise your contact shortlist based on what you already know or learned from finance and procurement. Position your outreach as a discovery process that supports your transparency effort. Avoid coming across as though you're judging their spend or planning to take over their technologies.

    Long-term visibility fix ...

    • Develop your relationships with other business unit leaders. This will help open the lines of communication permanently.
    • Establish a cross-functional central technology office or group. The main task of this unit is to set and manage technology standards organization-wide, including standards for tracking and documenting technology costs and asset lifecycle factors.
    • Ensure IT is formally involved in all technology spend proposals and plans. This gives IT the opportunity to assess them for security compliance, IT network/system interoperability, manageability, and IT support requirements prior to purchase.
    • Ensure IT is notified of all technology financial transactions. This includes contracts, invoices, and payments for all one-time purchases, subscription fees, and maintenance costs.

    Finally, note any potential anomalies in the IT spend period you're looking at

    No two years have the exact same spend patterns. One-time spend for a big capital project, for example, can dramatically alter your overall spend landscape.

    Look for the following anomalies:

    • New or ongoing capital implementations or projects that span more than one fiscal year.
    • Completed projects that have recently transitioned, or are transitioning, from CapEx (decreasing) to OpEx (increasing).
    • A major internal reorganization or merger, acquisition, or divestiture event.
    • Crises, disasters, or other rare emergencies.
    • Changes in IT funding sources (e.g. new or expiring grants).

    These anomalies often explain why IT spend is unusually high in certain areas. There's often a good business reason.

    In many cases, doing a separate spend transparency exercise for these anomalous projects or events can isolate their costs from other spend so their true nature and impact can be better understood.

    2.1 Gather your input data and information

    Duration: Variable

    1. Develop a complete list of the spending and staffing data and information you need to complete the transparency mapping exercise. For each required item, note the following:
      1. Description of data needed (i.e. type, timeframe, and format).
      2. Ideal timeframe or deadline for receipt.
      3. Probable source(s) and contact(s).
      4. Additional facilitation/support required.
      5. Person on your transparency team responsible for obtaining it.
    2. Set up a data and information repository to store all files as soon as they're received. Ideally, you'll want all data/information files to be in an electronic format so that everything can be stored in one place. Avoid paper documents if possible.
    3. Conduct your outreach to obtain the input data and information on your list. This could include delegating it to a subordinate, sending emails, making phone calls, booking meetings, and so on.
    4. Review the data and information received to confirm that it's the right type of data, at the correct level of granularity, for the right timeframe, in a usable format, and is generally accurate.
    5. Enter documentation about your data and information sources in tab "1. Data & Information Sources" in the IT Spend & Staffing Transparency Workbook to reflect what you needed and where you got it in order to make the discovery process easier in the future.
    6. In the same tab in the IT Spend & Staffing Transparency Workbook, document any significant events that occurred that directly or indirectly impacted the selected year's spend values. These could include mergers/acquisitions/divestitures, major reorganizations or changes in leadership, significant shifts in product offerings or strategic direction, large capital projects, legal/regulatory changes, natural disasters, or changes in the economy.

    Download the IT Spend & Staffing Transparency Workbook

    2.1 Gather your input data and information

    InputOutput
    • Knowledge of potential data and information sources
    • List of data and information required to complete the IT spend and staffing transparency exercise
    MaterialsParticipants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    Tidy up your data before beginning any spend mapping

    Most organizations aren't immaculate in their tech spend documentation and tracking practices. This creates data rife with gaps that lives in hard-to-use formats.

    The more preparation you do to approach the "good data" intersection point in the diagram below, the easier your mapping effort will be and the more useful and insightful your final findings.

    Venn diagram of good data

    Make your data "un-unique" to reduce the number of line items and make it manageable

    There's a good chance that the IT spend data you've received is in the form of tens of thousands of unique line items. Use the checklist below to help you roll it up.

    Warning: Never overwrite your original data. Insert new columns/rows and put your alternate information in these instead.

    Step 1: Standardize vendor names

    • Start with known large vendors.
    • Select a standard name for the vendor.
    • Brainstorm possible variations on the vendor name, including abbreviations and shortforms.
    • Search for the vendor in your data and document the new standardized vendor name in the appropriate row.
    • Repeat the above for all vendors.
    • Sort the new vendor name column from A-Z. Look for instances where names remain unique or are missing entirely. Reconcile if needed and fill in missing data.

    Step 2: Consolidate vendor spend

    • Sort the new vendor name column from A-Z. Start with vendors that have the most line items.
    • Add together related spend items from a given vendor. Create a new row for the consolidated spend item and flag it as consolidated. Keep the following item types in separate rows:
      • Hardware vs. software spend for the same vendor.
      • Cloud vs. on-premises spend for the same vendor.
    • Repeat the above for all vendors.
    • Consider breaking out separate rows for overly consolidated line items that contain too many different types of IT spend.

    2.2 Clean and organize your data

    Duration: Variable

    1. Check to ensure that you have all data and information required to conduct the IT spend transparency exercise.
    2. Conduct an initial scan to assess the data's current state of hygiene and overall usability. Flag anything of concern and follow up with the data/information provider to fix or reconcile any issues.
    3. Normalize your data to make it easier to work with. This includes selecting data format standards and changing anything that doesn't conform to those standards. This includes items such as date conventions, currencies, and so on.
    4. Standardize product and vendor naming/references throughout to enable searching, sorting, and grouping. For example, Microsoft Office may be variably referred to as "Microsoft", "Office", "Office 365", and "Office365" throughout your data. Pick one descriptor for the product/vendor and replace all related references with that descriptor.
    5. Consolidate and aggregate your data. Ideally, the data you received from your sources has already been simplified; however, you may need to further organize it to reduce the number of individual line items to a more manageable number. The transparency exercise uses relatively high-level categories, so combine data sets and aggregate where feasible without losing appropriate granularity.
    6. Archive any original copies of files that have been modified or replaced with consolidated/aggregated versions for future reference if needed.

    2.2 Clean and organize your data

    InputOutput
    • Data and information files
    • A normalized set of data and information for completing the IT spend and staffing transparency exercise
    MaterialsParticipants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    Select IT spend "buckets" for the CXO Business View as your final preparatory step

    Every organization has both industry-agnostic and industry-specific lines of business that are the direct beneficiaries of IT spend.

    Common shared business functions:

    • Human resources.
    • Finance and accounting.
    • Sales/customer service.
    • Marketing and advertising.
    • Legal services and regulatory compliance.
    • Information technology.

    It may seem odd to see IT on the business functions list since the purpose of this exercise is to map IT spend. For business view purposes, IT spend refers to what IT spends on itself to support its own internal operations.

    Examples of industry-specific functions:

    • Manufacturing: Product research and development; production operations; supply chain management.
    • Retail banking: Core banking services; loan, mortgage and credit services; investment and wealth management services.
    • Hospitals: Patient intake and admissions; patient diagnosis; patient treatment; patient recovery and ongoing care.
    • Insurance: Actuarial analysis; policy creation; underwriting; claims processing.

    See the Appendix of this blueprint for definitions of shared business functions plus sample industry-specific business view categories.

    Define your CXO Business View categories to set yourself up well for future ITFM analyses

    The CXO Business View buckets you set up today are tools you can and should reuse in your overall approach to ITFM governance. Spend some time to get them right.

    Stay high-level

    Getting too granular invites administrative headaches and overhead. Keep things high-level and general:

    • Limit the number of direct stakeholders represented: This will reduce communication overhead and ensure you're dealing only with people who have real decision-making authority.
    • Look to your org. chart: Note the departments or business units listed across the top of the chart that have one executive or top-ranking senior manager accountable for them. These business units often translate as-is into a tidy CXO Business View category.

    Limit your number of buckets

    Tracking IT spend across more than 8-10 shared and industry-specific business categories is impractical.

    • Simplify your options: Too many buckets gets confusing and invites time-wasting doubt.
    • Reduce future rework: Business structures will change, which means recategorizing spend data. Using a forklift is a lot easier than using tweezers.
    • Stick to major business units: Create separate "Business Other" and "Industry Other" catch-all categories to track IT spend for smaller functions that fall outside of major business unit structures.

    Stay high-level with the CXO Business View

    Be clear on what's in and what's out of your categories to keep everyone on the same page

    Clear lines of demarcation between CXO Business View categories reduce confusion, doubt, and wheel-reinvention when deciding where to allocate IT spend.

    Ensure clear boundaries

    Mutual exclusivity is key when defining categories in any taxonomical structure.

    • Avoid overlaps: Each high-level business function category should have few or no core function or process overlaps with another business function category. Aim for clear vertical separation.
    • Be encompassing: When defining a category, list all the business capabilities and sub-functions included in that category. For example, if defining the finance and accounting function, remember to specify its less obvious accountabilities, like enterprise asset management if appropriate.

    Identify exclusions

    Listing what's out can be just as informative and clarifying as listing what's in.

    • Beware odd bedfellows: Minor business groups are often tucked under a bigger organizational entity even though the two use different processes and technologies. Separate them if appropriate and state this exclusion in the bigger entity's definition.
    • Draw a line: If a process crosses business function categories, state which sub-steps are out of scope.
    • Document your decisions: This helps ensure you allocate IT spend the same way every time.

    Clear lines of demarcation between CXO Business View categories

    2.3 Build your industry-specific business views

    Duration: Two hours

    1. Confirm your list of high-level shared business services (human resources, finance and accounting, etc.) as provided in Info-Tech's IT Spend & Staffing Transparency Workbook. Rename them if needed to match the nomenclature used in your organization.
    2. Set and define your additional list of high-level, industry-specific business categories that are unique to or define your industry. See the slides immediately following this exercise for tips on developing these categories, as well as the appendix of this blueprint for some examples of industry-specific categories and definitions.
    3. Create "Business Other" and "Industry Other" categories to capture minor groups and activities supported by IT that fall beyond the major shared and industry-specific business functions you've shortlisted. Briefly note the business groups/activities that fall under these categories.
    4. Edit/enter your shared and industry-specific business function categories and their definitions on tab "2. Business View Definitions" in the IT Spend & Staffing Transparency Workbook.

    Download the IT Spend & Staffing Transparency Workbook

    2.3 Build your industry-specific business views

    InputOutput
    • Knowledge about your organization's structure and business functions/units
    • A list of major shared business functions and industry-specific business functions/capabilities that are defining of your industry
    MaterialsParticipants
    • Whiteboard/flip charts
    • Head of IT
    • IT financial lead

    Lock in key pieces of baseline data

    Calculating core IT spend metrics relies on a few key numbers. Settle these first based on known data before diving into detailed mapping.

    These baseline data will allow you to calculate high-level metrics like IT spend as a percent of revenue and year-over-year percent change in IT spend, as well as more granular metrics like IT staff spend per employee for a specific IT service.

    Baseline data checklist

    • IT spend analysis period (date range).
    • Currency used.
    • Organizational revenue.
    • Organizational OpEx.
    • Total current year IT spend.
    • Total current year IT CapEx and IT OpEx.
    • Total previous-year IT spend.
    • Total projected next-year IT spend.
    • Number of organizational employees.
    • Number of IT employees.

    You may have discovered some things you didn't know about during the mapping process. Revisit your baseline data when your mapping is complete and make adjustments where needed.

    2.4 Enter your baseline data

    Duration: One hour

    1. Navigate to tab "3. Baseline Data" in the IT Spend & Staffing Transparency Workbook. Using the data you've gathered, enter the following information to set your baseline data for future calculations:
      1. Your IT spend analysis date range. This can be concrete dates, a fiscal year abbreviation, etc.
      2. The currency you will be using throughout the workbook. It's important that all monetary values entered are in the same currency.
      3. Your organization's total revenue and total operating expenditure (OpEx) for the spend analysis data range you've specified. Revenue includes all sources of funding/income.
      4. Your total IT OpEx and total IT capital expenditure (CapEx). The workbook will add your OpEx and CapEx values for you to arrive at a total IT spend value.
      5. Total IT spend for the year prior to the current IT spend analysis date range, as well as anticipated total IT spend for the year following.
      6. Total IT staff spend (salaries, benefits, training, travel, and fees for employees and contractors in a staff augmentation role) for the spend analysis date range.
      7. The total number of organizational employees and total number of IT employees. These are typically full-time equivalent (FTE) values and include contractors in a staff augmentation role.
    2. Make note of any issues that have influenced the values you entered.

    Download the IT Spend & Staffing Transparency Workbook

    2.4 Enter your baseline data

    InputOutput
    • Cleaned and organized spend and staffing data and information
    • Finalized baseline data for deriving spend metrics
    MaterialsParticipants
    • IT Spend & Staffing Transparency Workbook
    • Head of IT
    • IT financial lead

    Phase 2: Gather required data

    Achievement summary

    You've now completed all preparation steps for your IT spend transparency journey. You have:

    • Gathered your IT spend and staffing data and information.
    • Cleaned and organized your data to streamline mapping.
    • Identified your baseline data points.

    "As an IT person, you're not speaking the same language at all as the accounting department. There's almost always a session of education that's required first."
    - Angie Reynolds, Principal Research Director, ITFM Practice, Info-Tech Research Group

    Phase 3

    Map Your IT Staff Spend

    This phase will walk you through the following activities:

    • Mapping your IT staff spend across the four views of the ITFM Cost Model
    • Validating your mapping

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 3: Map your IT staff spend

    Allocate your workforce costs across the four views.

    Now it's time to tackle the first part of your hands-on spend mapping effort, namely IT staff spend. In this phase you will:

    • Allocate your IT staff spend across the four views of the ITFM Cost Model.
    • Validate your mapping to ensure that it's accurate and complete.

    "We're working towards the truth. We know the answer, but it's how to get it. Take Data & BI. For some organizations, four FTEs is too many. Are these people really doing Data & BI? Look at the big picture and see if something's missing."
    - Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

    Staffing costs comprise a significant percent of OpEx

    Staffing is the first thing that comes to mind when it comes to spend. Intentionally bring it out of the shadows to promote constructive conversations.

    • Total staffing costs stand out from other IT spend line items. This is because they're comparatively large, often comprising 30-50% of total IT costs.
    • Standing out comes at a price. Staff costs are where business leadership looks first if they want cuts. If IT leadership doesn't bring forward ways to cut staffing costs as part of a broader cost-cutting mandate, it will be seen as ignorant of business priorities at best and outright insubordinate at worst.
    • Staffing costs as a percentage of total costs vary between IT functions. On the business side, there's a lack of understanding about what functions IT staff serve and support and the real-world costs of obtaining (and keeping) needed IT skills. For example, IT security staffing costs as a percentage of that service's total OpEx will likely be higher than service desk staff given the scarcity and higher market value of the former. Trimming 20% of IT staffing costs from the IT security function has much different implications than cutting 20% of service desk staffing costs.

    Staffing spend transparency can do a lot to change the conversation from one where the business thinks that IT management is just being self-protecting to one where they know that IT management is actually protecting the business.

    Demonstrating the legitimate reasons behind IT staff spend is critical in both rationalizing past and current spend decisions as well as informing future decisions.

    Info-Tech recommends that you map your IT staffing costs before all other IT costs

    Mapping your IT staffing spend first is a good idea because:

    • Staffing costs are usually documented more clearly, simply, and accurately than other IT costs.
    • Gathering all your IT staffing data is usually a one-stop shop (i.e. the HR department).
    • The comparative straightforwardness of mapping staff costs compared to other IT costs gives you the opportunity to:
      • Get familiar with the ITFM Cost Model views and categories.
      • Get the hang of the hands-on mapping process.
      • Determine the kinds of speed bumps and questions you'll encounter down the road when you tackle the more complicated mappings.

    "Some companies will say software developer. Others say application development specialist or engineer. What are these things? You have to have conversations ..."
    - Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

    Understand the CFO Expense View: "Workforce" categories defined

    For the staffing spend mapping exercise, we're defining the Workforce category here and will offer Vendor category definitions in the vendor spend mapping exercise later.

    Workforce: The total costs of employing labor in the IT organization. This includes all salary/wages, benefits, travel/training, dues and memberships, and contractor pay. Managed services expenses associated with an external service provider should be excluded from Workforce and included in Contract Services.

    Employee: A person employed by the IT organization on a permanent full-time or part-time basis. Costs include salary, benefits, training, travel and expenses, and professional dues and memberships. These relationships are managed under human resources and the bulk of spend transactions via payroll processes.

    Contractor: A person serving in a non-permanent staff augmentation role. These relationships are typically managed under procurement or finance and spend transactions handled via invoicing and accounts payable processes. Labor costs associated with an external service provider are excluded.

    CFO Expense View

    Mapping your IT staff across the CFO Expense View is relatively cut-and-dried

    The CFO Expense View is the most straightforward in terms of mapping IT staffing costs as it's made up of only two main categories: Workforce and Vendor.

    In the CFO Expense View, all IT spend on staffing is allocated to the Workforce bucket under either Employee or Contractor.

    What constitutes a Contractor can be confusing given increased use of long-term labor augmentation strategies, so being absolutely clear about this is imperative. For spend mapping purposes:

    • Any staff members under independent contract where individuals are paid directly by your organization as opposed to indirectly via a service provider (e.g. staffing firm) are considered Workforce > Contractor.
    • Any circumstances where you pay a third-party organization for labor is slotted under Vendor > Contract Services.

    CFO Expense View

    Understand the CIO Service View: Categories defined

    We've provided definitions for the major categories that require clarification.

    Applications Development: Purchase/development, testing, and deployment of application projects. Includes internally developed or packaged solutions.

    Applications Maintenance: Software maintenance fees or maintaining current application functionality along with minor enhancements.

    Hosting & Networks: Compute, storage, and network functionality for running/hosting applications and providing communications/connectivity for the organization.

    End User: Procurement, provision, management, and maintenance (break/fix) of end-user devices (desktop, laptops, tablets, peripherals, and phones) as well as purchase/support and use of productivity software on these devices. The IT service desk is included here as well.

    PPM & Projects: People, processes, and technologies dedicated to the management of IT projects and the IT project portfolio as a whole.

    Data & BI: Strategy and oversight of the technology used to support data warehousing, business intelligence, and analytics.

    IT Management: Senior IT leadership, IT finance, IT strategy and governance, enterprise architecture, process management, vendor management, talent management, and program and portfolio management oversight.

    Security: Information security strategy and oversight, practices, procedures, compliance, and risk mitigation to protect and prevent unauthorized access to organizational data and technology assets.

    CIO Service View

    Mapping your IT staff across the CIO Service View is a slightly harder exercise

    The complexity of mapping staff across this view depends on how your IT department is organized and the degree of role specialization vs. generalization.

    The CIO Service View mirrors how many IT departments are organized into teams or work groups. However, some partial percentage-based allocations are probably required, especially for smaller IT units with more generalized, cross-functional roles. For example:

    • A systems administrator's costs may need to be allocated 80% to Hosting & Networks and 20% to Security.
    • An app development team lead may spend about 40% of their time doing hands-on Development work and the other 60% on project management (i.e. PPM & Projects).

    Info-Tech has found that allocating staffing costs for Data & BI raises the most doubts as it can be very entangled with Applications and other spend. Do the best you can.

    Understand the CXO Expense View: Categories defined

    Expand shared services and industry function categories as suits your organization.

    Industry Functions: As listed and defined by you for your specific industry.

    Human Resources: IT staff and specific application functionality in support of organizational human resource management.

    Finance & Accounting: IT staff and specific application functionality in support of corporate finance and accounting.

    Shared Services Other: IT staff and specific application functionality in support of all other shared enterprise functions.

    Information Technology: IT staff and specific application functionality in support of IT performing its own internal IT operations functions.

    Industry Other: IT staff and specific application functionality in support of all other industry-specific functions.

    CXO Expense View

    Mapping your IT staff across the CXO Business View warrants the most time

    This view is probably the most difficult as many IT department roles are set up according to lines of IT service, not lines of business. Prepare to do a little math.

    The CXO Expense View also requires percentage-based splitting of role spend, but to a greater extent.

    • Start by mapping staff cost allocations for those roles that are at, or close to, 100% dedicated to a specific business function (if any).
    • For IT roles that support organization-wide or multi-department functions, knowing the percent of employees that work in each relevant business unit and parceling IT staff spend by those same percentages may be easiest. For example, a general systems administrator's costs could be allocated as 4% to HR, 2% to finance, 25% to sales, 20% to production operations, and so on based on the percentage of employees in each of the supported business units.

    Take a minute to figure out how you plan to map IT's indirect CXO Business View costs

    Direct IT costs are those that are dedicated to a specific business unit or user group, such a marketing campaign management app, specialized devices used by a specific subset of workers in the field, or a business analyst embedded full-time in a sales organization.

    VS

    Indirect IT costs are pretty much everything else that's shared broadly across the organization and can't be tied to just one stakeholder or user group, such as network infrastructure, the service desk, and office productivity apps. These costs must be fairly and evenly distributed.

    No indirect mapping method is perfect, but here's a suggestion:

    • Take the respective headcount of all business functions sharing the IT resource/service in question.
    • Calculate each business function's staff as a percentage of all organizational staff.
    • Use this same percent of staff to calculate and allocate a business function's indirect staff and indirect vendor costs.

    "There is always a conversation about indirect allocations. There's never been an organization I've heard of or worked for which has been able to allocate every technology cost directly to a business consumption or business unit."
    Monica Braun, ITFM Research Director, Info-Tech Research Group

    Example:

    • A company of 560 employees has six HR staff (about 1.1% of total staff).
    • Network admin staffing costs $143,000, so $1,573 (1.1%) would be allocated to HR.
    • Internet services cost $40,000, so $440 (1.1%) would be allocated to HR.

    Some indirect costs are shared by multiple business functions, but not all. In these cases, exclude non-participating business functions from the total number of organizational employees and re-calculate a new percent of staff for each participating business function.

    Know where you're most likely to encounter direct vs. indirect IT staffing costs

    Info-Tech has found that direct vs. indirect staffing spend is more commonly found in some areas than others. Use this insight to focus your work.

    Direct IT staffing spend

    Definition: Individuals or teams whose total time is formally dedicated to the support of one business unit/function.

    • Data & BI (direct to one non-IT unit)
    • IT Management (direct to IT)
      • Service planning & Architecture
      • Strategy & Governance
      • Financial Management
      • People & Resources

    Hybrid IT staffing spend

    Definition: Teams with a percent of time or entire FTEs formally dedicated to one business unit/function while the remainder of the time or team is generalized.

    • Applications
      • Applications Development
      • Applications Maintenance
    • IT Management
      • PPM & Projects

    Indirect IT staffing spend

    Definition: Individuals or teams whose total time is generalized to the support of multiple or all business units or functions.

    • Infrastructure
      • Hosting & Networks
      • End Users
    • Security

    Indirect staff spend only comes into play in the CXO Business View. Thoroughly map the CIO Service View first and leverage its outcomes to inform your allocations to individual business and industry functions.

    Understand the CEO Innovation View: Categories defined

    Be particularly clear on your understanding of the difference between business growth and business innovation.

    Business Innovation: IT spend/ activities focused on the development of new business capability, new products and services, and/or introduction of existing products/ services into new markets. It does not include expansion or update of existing capabilities.

    Business Growth: IT spend/activities focused on the expansion, scaling, or modernization of an existing business capability, product/service, or market. This is specifically related to growth within a current market.

    Keep the Lights On: IT spend/activities focused on keeping the organization running on a day-to-day basis. This includes all activities used to ensure the smooth operation of business functions and overall business continuity.

    CEO Innovation View

    Important Note

    Info-Tech analysts often skip mapping staff for the CEO Innovation View when delivering the IT Spend & Staffing Benchmarking Service.

    This is because, for many organizations, either most IT staff spend is allocated to Keep the Lights On or any IT staff allocation to Business Growth and Business Innovation activities is untracked, undocumented, and difficult to parse out.

    Mapping your IT staff across the CEO Innovation View is largely straightforward

    Clear divisions between CapEx and OpEx can be your friend when it comes to mapping this view. Focus your efforts on parsing growth vs. innovation.

    • The majority of IT staff costs are OpEx: And the majority of OpEx will land in the Keep the Lights On category. This is a comparatively simple mapping exercise. Know in advance that this will be the largest of the three buckets in the CEO Innovation View by a very wide margin, so don't be surprised if over 90% of IT staffing costs end up here.
    • Most of the remaining IT staff costs will be tied to capital projects and investments: This means that they will land in either Business Growth or Business Innovation, with the majority typically sitting under Business Growth. Again, don't be surprised if the Business Innovation category holds less than 3% of total IT staffing spend.

    Take your IT staff spend mapping to the next level with detailed time and headcount data

    Overlay a broader assessment of your IT staff

    Info-Tech's IT Staffing Assessment diagnostic can expand your view of what's really happening on the staffing front.

    • Learn your true distribution of IT staff across the same IT services listed in the ITFM Cost Model's CIO Service View.
    • Get other metrics such as degrees of seniority, manager span of control, and IT staff perception of their effectiveness.

    Take action

    1. Set it up: Contact your Info-Tech Account Manager and sign your team up to take the diagnostic.
    2. Assess the findings: Review the output report, specifically how your staff says they spend their time versus what your organization chart's been telling you.
    3. Apply the percentages: Use the FTE allocation percentages in the output report to guide how you distribute your staff spend across the CIO Service View.
    4. Expand your analysis: Use your staff's feedback around perceived aids and obstacles to effectiveness in order to inform and defend your recommendations and decisions on how IT funds should be spent.

    Consider these final tips for mapping your IT staffing costs before diving in

    Mapping your IT staffing costs definitely requires some work. However, knowing the common stumbling blocks and being systematic will yield the best results.

    Approach: Be efficient to be effective

    Start with what you know best: Map the CFO Expense View first to plug in information you already have. Next, map the CIO Service View since it's most aligned to your organization chart.

    Keep a list of questions: You'll need to seek clarifications. Note your questions, but don't reach out until you've done a first pass at the mapping - don't annoy people with a barrage of questions.

    Delegate: Your managers and leads have a more accurate view of exactly what their staff do. Consider delegating the CIO Service View and CXO Business View to them or turn the mapping exercise into a series of collaborative leadership team activities.

    Biggest challenge: Role/title ambiguity

    • The Business Analyst role is often vague. These staffers are often jacks-of-all-trades in IT. You probably can't rely on a generic job description to figure out exactly which services and business functions BAs are spending their time on. Plan to ask a lot of questions.
    • Other role titles may be completely inaccurate. Is the word "system" referring to apps, infrastructure, or both? Is the user experience specialist actually a programmer? Is a manager really managing anything? Know your organization's tendencies around meaningful job titling and set your workload expectations accordingly.

    Key step - validate! If you see services or functions with low or no allocation, or something just doesn't look right, investigate. Someone's doing that work - take the time to figure out who.

    3.1 Map your IT staffing costs

    Duration: Variable

    1. Navigate to tab "4. Staff Spend Mapping" in the IT Spend & Staffing Transparency Workbook. On one row, enter the name of an individual or group to be mapped, their role/title (if an individual), and their total known cost as per your collected data.
    2. Under the CFO Expense View (columns F-G), enter the number of FTEs represented by the individual or group named and their status (i.e. Employee or Contractor).
    3. Under the CIO Service View (columns L-AF), allocate the individual or group's spend as a percentage across all service categories. If the allocation for a service is 0%, leave the cell blank.
    4. Under the CXO Business View (columns AI-BA), allocate the individual or group's spend as a percentage across all business function and industry-specific function categories. If the allocation for a function is 0%, leave the cell blank.
    5. Under the CEO Innovation View (columns BD-BH), allocate the individual or group's spend as a percentage across Business Innovation, Business Growth, and Keep the Lights On. If the allocation for an investment type is 0%, leave the cell blank.
    6. Repeat steps 2 to 5 for all other IT staff (as individuals or groups).
    7. Follow up on and resolve any additional inquiries you need to make based on questions that arose during the mapping process.
    8. Validate your mapping by:
      1. Identifying spend categories that have zero staff spend allocation. Additional percentage allocation splits for certain roles are probably required.
      2. Investigating spend categories that seem to have very high or very low spend allocations based on a gut check. Again, double-check your percentage allocation splits.
      3. Ensuring your amounts add up to your previously calculated total IT staff spend. A balance tracker is provided on tab "6. Tracker & General Outputs" of the IT Spend & Staffing Transparency Workbook.

    Download the IT Spend & Staffing Transparency Workbook

    3.1 Map your staffing costs

    Input Output
    • Cleaned and organized IT staffing data and information
    • Finalized mapping of IT staff spend across the four views of the ITFM Cost Model
    Materials Participants
    • IT Spend & Staffing Transparency Workbook
    • Head of IT
    • IT financial lead
    • Other IT management as required

    Phase 3: Map your IT staff spend

    Achievement summary

    You've now completed your IT staff spend mapping. You have:

    • Allocated your IT staff spend across the four views of the ITFM Cost Model.
    • Validated your mapping to ensure it's accurate and complete.

    "Some want to allocate everybody to IT, but that's not how we do it. [In one CXO Business View mapping], a client allocated all their sand network people to the IT department. At the end of the process, the IT department itself accounted for 20% of total IT spend. We went back and reallocated those indirect staff costs across the business."
    - Kennedy Confurius, Research Analyst, ITFM Practice, Info-Tech Research Group

    Phase 4

    Map Your IT Vendor Spend

    This phase will walk you through the following activities:

    • Mapping your IT vendor spend across the four views of the ITFM Cost Model
    • Validating your mapping

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 4: Map your IT vendor spend

    Allocate your vendor costs across the four views.

    Now you're ready to take on the second part of your spend mapping, namely IT vendor spend. In this phase you will:

    • Allocate your IT vendor spend across the four views of the ITFM Cost Model.
    • Validate your mapping to ensure it's accurate and complete.

    "[One CIO] said that all technology spend runs through their IT group. But they didn't have hardware in their financial data file - no cellphones or laptops, no network or server expenses. They thought they had everything, but they didn't know what they didn't have. Assume it's out there somewhere."
    - Kennedy Confurius, Research Analyst, ITFM Practice, Info-Tech Research Group

    Tackle the non-staff side of IT spend

    Info-Tech analysts find that mapping the IT vendor spend data is harder because the source data is often scattered and not meaningfully labeled.

    • Be patient and systematic. As with mapping your IT staff spend data, the more organized you are from the outset and the more thoroughly you've prepared your data, the more straightforward the exercise will be.
      • Did you "un-unique" your data? If not, do that now before attempting mapping.
    • Get comfortable with making some assumptions. You need to get through the exercise, so sometimes making a best guess and entering a value is better than diving down a rabbit hole. Your gut is probably right anyway. But only make assumptions around smaller line items that don't have a massive impact on your final numbers. Never assume anything when it comes to big-ticket items.
    • Curb your urge to fix. Some of your buckets will start to get big, while others will barely budge. This is normal ... and interesting! Resist the urge to "balance" staffing spend in a bucket by loading it with apps and hardware for fear that the staffing spend looks too high and will be questioned. This exercise is about how things are, not how they look.

    "A common financial data problem is no vendor names. I've noticed that, even if the vendor name is there, there are no descriptors. You cannot actually tell what type of service it is. Data security? Infrastructure? Networking? Ask yourself 'What did we purchase and what does it do?'"
    - Aman Kumari, Research Specialist, ITFM Practice, Info-Tech Research Group

    Understand the CFO Expense View: Vendor categories defined

    These are the final definitions for this view. See the previous section for CFO Expense View > Workforce definitions used in the IT staffing cost mapping exercise.

    Vendor: Provider of a good or service in exchange for payment.

    Hardware: Costs of procuring, maintaining, and managing all IT hardware, including end-user devices, data center and networking equipment, cabling, and hybrid appliances for both on-premises and cloud-based providers.

    Software: Costs for all software (applications, database, middleware, utilities, tools) used across the organization. This includes purchase, maintenance, and licensing costs.

    Contract Services: Costs for all third-party services including managed service providers, consultants, and advisory services.

    Cloud: Offsite hosting and delivery of an on-demand software or hardware computing function by a third-party provider, often on a subscription-type basis.

    On-Prem: On-site hosting and delivery of a software or hardware computing function, often requiring upfront purchase cost and subsequent maintenance costs.

    Managed Services: Costs for outsourcing the provision and maintenance of a technical process or function.

    Consulting & Advisory: Costs for the third-party provision of professional or technical advice and expertise.

    CFO Expense View

    Know if a technology is cloud-based or on-premises before mapping

    A technology may be one, the other, or both if multiple versions are in play. Financial records rarely indicate which, but on-premises vs. cloud matters in your planning.

    On-Premises

    • Check your CapEx. Any net-new purchases of software or hardware for the IT spend analysis year in question should appear on the CapEx side of the equation. After the first year of implementation/rollout, all ongoing maintenance and management costs should be found under OpEx.
    • Focus on real in-year costs.
      • Don't try to map depreciation or amortization associated with CapEX. Instead, map any upfront purchase costs that occurred in the relevant IT spend analysis year.
      • Map any OpEX costs incurred from maintenance and management. For multi-year maintenance contracts, apply the percentage of fees paid for the relevant year.

    Cloud

    • Check your OpEx. Cloud services are typically fee-based, which means the costs often come in the form of regularly timed bills akin to a subscription.
    • Differentiate new services from older ones. If the cloud service was initiated during the IT spend analysis year in question, there may be some one-time service setup and initiation fees that were legitimately slotted under CapEx. If the cloud service isn't new, then all costs should be OpEx.

    Vendors are increasingly "retiring" on-premises software products. This means an older version may be on-prem, a newer one cloud, and you may have both in play.

    Mapping built-in data, analytics, and security functions can raise doubts

    With so many apps focused on capturing, manipulating, and protecting data, built-in analytics, reporting, and security functions blur CIO Service View bucket boundaries.

    Applications vs. Data & BI

    • In recent years, much more powerful analysis and report-generation features have been added to core enterprise applications. If analytics and reporting functionality is an extended feature of a database-driven application, such as ERP or CRM, then map it to one of the Applications buckets.
    • If the sole purpose of the application is to store, manipulate, query, analyze, and/or visualize data, then log its costs under Data & BI. These would include technologies such as data warehouses, marts, cubes, and lakes; desktop data visualization tools; enterprise business intelligence platforms; and specialized reporting tools.

    Applications vs. Security

    • A similar conundrum exists for Security. So many tools today have built-in security functionality that cannot be unintegrated from the app they support. Don't even try to isolate native security functionality for spend mapping purposes - map it to Applications.
    • If the tool is a special-purpose, standalone security tool or security platform, then map it to Security. These tools usually sit within, and are used/managed by, IT. They include firewalls; antivirus/anti-malware; intrusion prevention, detection and response; access control and authentication; encryption; and penetration testing and vulnerability assessment.

    Putting spend in the right bucket does matter. However, if uncertainty persists, err on the side of consistency. For most organizations Applications Maintenance does end up being the biggest bucket.

    When mapping the CXO Business View, do the biggest vendors first

    Below is a suggested order of operations to clear through the majority of vendor spend as early as possible in the process.

    1 Sort high to low Sort your list of vendor spend from highest to lowest. Your top 20 vendors should constitute most of the spend.
    2 Map multi-department enterprise apps Flag your top apps vendors that have presence in most or all of your business units. Map these first. These tend to be enterprise-level business apps "owned" by core business functions but used broadly across the organization such as enterprise resource planning (ERP), customer relationship management (CRM), and people management systems.
    3 Map end-user spend Identify top vendors of general end-user technologies like office productivity apps, desktop hardware, and IT service desk tools. Allocate percentages according to your selected indirect spend mapping method.
    4 Map core infrastructure spend Map the behind-the-scenes network, telecom, and data center technologies that underpin IT, plus any infrastructure managed services. Again, apply your selected indirect spend mapping method.
    5 Map business-unit specific technologies This is the spend that's often incurred by just one department. This may also be technology spend that's out in the business, not in IT proper. Map it to the right business function or put it in Business Other or Industry Other if the business function doesn't have its own bucket.
    6 Map the miscellaneous Only smaller spend items likely remain at this point. When in doubt, map them to either Business Other or Industry Other.

    After mapping the CXO Business View, your Other buckets might be getting a bit big

    It's common for the Business Other and Industry Other categories to be quite large, and even the largest. This is okay, but plan to dig deeper and understand why.

    Remember "when in doubt, map to either the Business Other or Industry Other category"? Know what large Other buckets might really be telling you. After your first pass at mapping the CXO Business View, review Business Other and Industry Other if either is more than about 10% of your total spend.
    Diversification: Your organization has a wide array of business functions and/or associated staff that exist outside the core business and industry-specific categories selected. Are there minor business functions that can reasonably be included with the core categories identified? If not, don't force it. Better to keep your core buckets clean and uncomplicated.
    Non-core monolith: There's a significant technology installation outside the core that's associated with a comparatively minor business function. Is there a business function incurring substantial technology spend that should probably be broken out on its own and added to the core? If so, do it. Spend is unlikely to get smaller as the organization grows, so best to shine a light on it now.
    Shadow IT: There's significant technology spend in several areas of the organization that is unowned, unmanaged, or serving an unknown purpose as far as IT is concerned. Is a lot of the spend non-IT technology in the business? If yes, flag it and plan to learn more. It's likely that technologies living elsewhere in the organization will become IT concerns eventually. Better to be ready than to be surprised.

    As with staffing, CapEx vs. OpEx helps map the CEO Innovation View

    Mapping to this view was optional for IT staffing. For hard technology vendor spend, mapping this view is key. Use the guidance below to determine what goes where.

    Keep the Lights On
    Spend usually triggered by a service deck ticket or work order, not a formal project. Includes:

    • Daily maintenance and management.
    • Repair or upgrade of existing technology to preserve business function/continuity.
    • Purchase of "commodity" technology, such as standard-issue laptops and licenses for office productivity software.

    Business Growth
    Spend usually in the context of a formal project under a CapEx umbrella. Includes:

    • Technology spend that directly supports business expansion of an existing product or service and/or market.
    • Modernizing existing technology.
    • Extension of, or investment in, existing infrastructure to ensure reliability and availability in response to growth-driven scaling of headcount and utilization.

    Business Innovation
    Spend is always in the context of a formal project and should be 100% CapEx in the first year after purchase. Includes:

    • Technology spend that directly supports development and rollout of new products or service and/or entry into new markets.
    • Use of existing technology or investment in net-new technology in direct support of a new business initiative, direction, or requirement.

    In many organizations, most technology spend will be allocated to Keep the Lights On. This is normal but should generate conversations with the business about redirecting funds to growth and innovation.

    Remember these top tips when mapping your technology vendor spend

    The benefits of having tidy and organized data can't be overstated, as your source data will be in a more varied state for this phase of the mapping than with IT staffing data.

    Approach: Move from macro to micro

    • Start with the big enterprise apps: These will probably be in the top five of your vendor spend list and will likely have good info about how and by whom they're used. Get them out of the way.
    • Clear out shared technologies. This will feature infrastructure and operations plus office productivity and communications spend. Portioning spend by department headcount for the CXO Business View is the hardest part. Get this forklift task out of the way too.
    • Don't sweat the small stuff. Wasting hours chasing the details of a $500 line item isn't worth it when you have five-, six-, or even seven-figure line items to map.

    Biggest challenge: Poor vendor labeling

    • Vendor labels are often an inconsistent mess or missing entirely. Standardize and apply consistent vendor labels throughout your data so that you can aggregate your data into a workable form.
    • Spend transactions with the same vendor can be scattered all over the place in your general ledger. Take the time to "un-unique" your data to save yourself tremendous grief later on.
    • Start new go-forward labeling habits. Talk to finance about your new list of vendor naming standards and tagging spend as on-prem or cloud. Getting their cooperation with these are major wins.

    Key step - validate! If you see services or functions with low or no allocation, or something just doesn't look right, investigate. There's probably a technology out there in the business doing that work.

    4.1 Map your IT vendor spend

    Duration: Variable

    1. Navigate to tab "5. Vendor Spend Mapping" in the IT Spend & Staffing Transparency Workbook. On one row, enter a spend line item (vendor, product, etc.), a brief description, and the known amount of spend.
    2. Under the CFO Expense View (columns F-P), allocate the line item's spend as a percentage across all asset-class categories. If the allocation for a line item is 0%, leave the cell blank.
    3. Under the CIO Service View (columns S-AM), allocate the line item's spend as a percentage across all service categories. If the allocation for a service is 0%, leave the cell blank.
    4. Under the CXO Business View (columns AP-BH), allocate the line item's spend as a percentage across all business function and industry-specific function categories. If the allocation for a function is 0%, leave the cell blank.
    5. Under the CEO Innovation View (columns BK-BO), allocate the line item's spend as a percentage across Business Innovation, Business Growth, and Keep the Lights On. If the allocation for an investment type is 0%, leave the cell blank.
    6. Repeat steps 2-5 for all spend line items.
    7. Follow up on and resolve any additional inquiries you need to make based on questions that arose during the mapping process.
    8. Validate your mapping by:
      1. Ensuring your amounts add up to your previously calculated total IT vendor spend. A balance tracker is provided on tab "6. Tracker & General Outputs" of the IT Spend & Staffing Transparency Workbook.
      2. Identifying spend categories that have zero spend allocation. Additional percentage allocation splits for certain line items are probably required.
      3. Investigating spend categories that seem to have very high or very low spend allocations based on a gut check. Again, double-check your percentage allocation splits.

    Download the IT Spend & Staffing Transparency Workbook

    4.1 Map your IT vendor spend

    InputOutput
    • Cleaned and organized IT vendor spend data and information
    • Finalized mapping of IT vendor spend across the four views of the IT Cost Model
    MaterialsParticipants
    • IT Spend & Staffing Transparency Workbook
    • Head of IT
    • IT financial lead
    • Other IT management as required

    Phase 4: Map your IT vendor spend

    Achievement summary

    You've now completed your IT vendor spend mapping. You have:

    • Allocated your IT vendor spend across the four views of the ITFM Cost Model.
    • Validated your mapping to ensure it's accurate and complete.

    "A lot of organizations log their spending by vendor name with no description of the goods or services they actually purchased from the vendor. It could be hardware, software, consulting services ... anything. Having a clear understanding of what's really in there is an essential aspect of the spend conversation."
    - Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group

    Phase 5

    Identify Implications for IT

    This phase will walk you through the following activities:

    • Analyzing the results of your IT staff and vendor spend mapping across the four views of the ITFM Cost Model
    • Preparing an executive presentation of your transparent IT spend

    This phase involves the following participants:

    • Head of IT
    • IT financial lead
    • Other members of IT management

    Phase 5: Identify implications for IT

    Analyze and communicate.

    You're now nearing the end of the first leg in your IT spend transparency journey. In this phase you will:

    • Analyze the results of your IT spend mapping process.
    • Revisit your transparency objectives.
    • Prepare an executive presentation so you can share findings with other leaders in your organization.

    "Don't plug in numbers just to make yourself look good or please someone else. The only way to improve is to look at real life."
    - Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group

    You've mapped your IT spend data. Now what?

    With mapped data in hand, now you can start to tell IT's spend story with stakeholders in the business.

    Mapping your IT spend is a lot of work, but what you've achieved is impressive (applause!) as well as essential for growing your ITFM maturity. Now put your hard work to work.

    • Consider benchmarking. While not covered in-depth here, benchmarking against yourself in a year-over-year approach as well as against external industry peers are very useful exercises in your technology spend analysis.
    • Review your numbers and graphs. Your IT Spend & Staffing Transparency Workbook contains a series of data visualizations that will help you see the big picture as well as relationships between spend categories.
    • Note the very big numbers, the very small numbers, and the things that just look odd. You'll want to investigate and understand these further.
    • Prepare to communicate. Facilitating conversations with stakeholders in the business is the immediate objective of the IT spend and staffing transparency exercise. Decide where and with whom you want to start dialogue.

    The slides that follow show sample data summaries and visualizations generated in the IT Spend & Staffing Transparency Workbook. We'll take a look at the metrics, tables, and graphs you now have available to you post-mapping and how you can potentially use them in conversations with different IT stakeholders.

    Evaluate how you might use benchmarks before diving into your analysis

    Benchmarking can be a useful input for contextualizing and interpreting your IT spend data. It's not essential at this point but should be part of your ITFM toolkit.

    There are two basic types of benchmarking ...

    Internal: Capturing a current-state set of data about an in-house operation to serve as a baseline. Over time, snapshots of the same data are taken and compared to the baseline to track and assess changes. Common uses for internal benchmarking include:

    • Assessing the impact of a project or initiative.
    • Measuring year-over-year performance.

    External: Seeking out aggregated, current-state data about a peer-group operation to assess your own relative status or performance on the same operation. Common uses for external benchmarking include:

    • Understanding common practices in the industry.
    • Strategic and operational visioning, planning, and goal-setting.
    • Putting together a business case for change or investment.

    Both types of benchmarking benefit from some formality and rigor. Info-Tech can help you stand up an ITFM benchmarking approach as well as connect you with actual IT spend peer benchmarks via our IT Spend & Staffing Benchmarking service.

    5.1 Analyze the results of your IT spend mapping

    Duration: Variable

    1. Review the guidance slides that follow the two instruction slides for this exercise to provide yourself with a grounding on how to interpret and analyze your mapped IT staff and vendor spend data.
    2. Systematically review the data tables and graphs on the "Outputs" tabs 6 through 10 in the IT Spend & Staffing Transparency Workbook. There are several approaches you can take - use the one that works best for you. For example:
      1. Review each view in its entirety, one at a time.
      2. Review all workforce spend collectively across all four views, followed by all vendor spend across all four views (or vice versa).
    3. Make note of any spend values that are comparatively high or low or strike you as odd or worth further investigation.
    4. Craft a series of spend-related questions you want to answer for yourself and your stakeholders using the data.
      1. For example, you need to cut costs and apps maintenance is high. Your question could be, "Can we cut costs on applications maintenance staffing?"
      2. Alternatively, you can develop a series of statements (research hypotheses) that you seek to prove true or false with the data. This approach is useful for testing assumptions you've been making. For example, "We can cut spending on applications maintenance staff. True or false?"
    5. Use the template provided on tab "11. Data Analysis" in the IT Spend & Staffing Transparency Workbook to document your findings and conclusions, along with the data that supports them.

    Download the IT Spend & Staffing Transparency Workbook

    5.1 Analyze the results of your IT spend mapping

    InputOutput
    • Tabular and graphical data outputs
    • Conclusions and potential actions about IT staff and vendor spend
    MaterialsParticipants
    • IT Spend & Staffing Transparency Workbook
    • Head of IT
    • IT financial lead
    • Other IT management as required

    High-level findings: Use these IT spend metrics to review and set big picture goals

    Think of these metrics as key anchors in your long-term strategic planning efforts.

    Use IT spend metrics to review and set big goals

    It's common for the business to want a sacrifice in IT OpEx in favor of CapEx

    CapEx and OpEx approval mechanisms are often entirely separate. Different tax treatment for CapEx means that it's usually preferred by the business over OpEx.

    OpEx is often seen as a sunk cost (i.e. an IT problem).

    • Barring a major decision or event, OpEx on an individual item will generally trend upward over time, often by a few percent every year, in lockstep with inflation and growth in organizational headcount.
    • A good portion of OpEx, however, is necessary for basic business continuity.

    CapEx is usually seen as investment (i.e. a business growth opportunity).

    • CapEx behaves quite differently than OpEx. On-the-books capitalized spend on an individual asset tends to trend downward over time due to depreciation or amortization.
    • CapEx only tends to go up when a net-new capital project is initiated, and organizations often have more control over if, when, and how this spend happens.

    Break down the OpEx/CapEx wall. Reference OpEx whenever you talk about CapEx. The best way to do this is via Total Cost of Ownership (TCO).

    • Present data on long-term OpEx projections whenever a new capital project is proposed and ensure ongoing maintenance funds are secured.
    • Educate your CFO about the impact of the cloud on OpEx. See if internal OpEx/CapEx ratio expectations can be adjusted to reflect this reality.

    Spend by asset class offers the CFO a visual illustration of where the money's really gone

    The major spend categories should look very familiar to your CFO. It's the minor sub-categories that sit underneath where you ultimately want to drive the conversation.

    Traditional categories don't reflect IT reality anymore.

    • Most finance departments have "software" accounts that contain apples and oranges, plus other dissimilar fruit.
    • Software isn't just software anymore. Now it's on-premises (CapEx) or cloud (OpEx). The same distinction applies to traditional hardware due to the advent of managed services.
    • The basic categories traditionally used to tag IT spend are out of date. This makes it hard for IT to have meaningful conversations with the CFO since they're not working from the same glossary.

    "Software (on-premises)" and "hardware (cloud)" are more meaningful descriptors than "software" and "hardware." Shift the dialogue.

    Start the migration from major categories to minor categories.

    • Still give the CFO the traditional major categories they're looking for but start including minor category breakdowns into your communications. Most importantly, have a meeting to explain what these minor categories are and why they're important to managing IT effectively.
    • Next, see if the CFO can formally split on-premises vs. cloud software on the books as a first step in making IT spend tracking more meaningful.

    Employees vs. contractors warrants a specific conversation, plus a change in mindset

    IT leaders often find it easier to get approval for contracted labor than to hire a permanent employee. However, the true value proposition for contractors does vary.

    The decision to go with permanent employees or contractors depends on your ultimate goals.

    • Contractors tend to be less expensive and provide more flexibility when adjusting to changing business needs. However, contractors may be less dedicated and take their skills and knowledge with them when they leave.
    • Permanent employees bring additional costs like benefits and training. Plus, letting them go is a lot more complicated. However, they can also bring real value in a way a contractor can't when it comes to sustaining long-term strategic growth. They're assets in themselves.

    Far too often, labor-sourcing decisions are driven by controlling near-term costs instead of generating and sustaining long-term value.

    Introduce the cost-to-value ratio to your workforce spend conversations.

    • Your mapped data will allow you to talk about comparative headcount and spend. This is a financial conversation devoid of context.
    • Go beyond. Show how workforce spend has allowed stated goals to be achieved while controlling for costs. This is the true definition of value.

    CFO Expense View: Shift the ITFM conversation

    Now that you've mapped your IT spend data to the CFO Expense View, there are some questions you're better equipped to answer, namely:

    • How should I classify my IT costs?
    • What information should I include in my plans and reports?
    • How do I justify current spend?
    • How do I justify a budget increase?

    You now have:

    • A starting point for educating the CFO about IT spend realities.
    • A foundation for creating a shared glossary of terms that works for both IT and the finance department and facilitates more meaningful conversations.
    • Proof that there are major areas of IT spend, such as cloud software, that are distinctive and probably warrant their own financial category in the general ledger.
    • A transparent record of IT spend that shows that you understand and care about financial issues, fostering the goodwill and trust that facilitates investment in IT.
    • A starting point to change the ITFM conversation with the CFO from one focused on cost to one focused on value.

    Exactly how is IT spending all that money we give them?

    Exactly like this ...

    Chart of the CFO Expense View

    The CIO Service View aligns with how IT organizes and manages itself – this is your view

    The data mapped here is a critical input for IT's service planning and management program and should be integrated into your IT performance measurement activities.

    Major service categories: These values give a high-level snapshot of your general IT service spend priorities. In most organizations, Applications dominates, making it a focus for cost optimization.

    Minor service categories: The level of granularity for these values prove more practical when measuring performance and making service management decisions - not too big, not too small. While not reflected in this example, application maintenance is usually the largest relative consumer of IT spend in most organizations.

    Data & BI and security: Isolating the exact spend for these services is challenging given that they're often entangled in applications and infrastructure spend respectively, and separate spend tracking for both is a comparatively recent practice.

    Table of CIO Service View

    Check the alignment of individual service spend against known business objectives

    Some IT services are taken for granted by the business, while others are virtually invisible. This lack of visibility often translates into funding misalignments.

    Is the amount of spend on a given service in parallel with the service's overall importance?

    • Though often unstated, ensuring continuity of basic business operations is always the top priority. This means business apps, core infrastructure, end users, and security need to be appropriately funded - these should collectively comprise the majority of IT service spend.
    • Strategy-supporting IT services, like data & BI, see high investment variability between organizations. If its strategic role/importance doesn't align with spend, flag it as an issue you'll need to reconcile with the business by increasing funding (important) or reducing service levels (unimportant).
    • The strategic importance of IT as a whole is often reflected in the spend on IT management services. If spend is low, IT's probably seen as a support function, not a strategic one.

    Identify the hot spots and pick your battles.

    • Spend levels are just approximate gauges of where and how the business is willing to spend its money. Start with this simple gut check.
    • Noting the areas of importance vs. spend misalignment will help you identify where negotiations with the business should probably happen.

    A mature IT cost optimization practice is often approached from the service perspective

    When optimizing IT costs, you have two OpEx levers to pull - vendor spend and staff spend. Isolating these two sources of IT service spend will help shortlist your options.

    It's all about how much room you have to move.

    • Any decision made about how a service is provisioned will push vendor and staff spend in clear, predictable, and often opposite directions (e.g. in-house and people-intensive services tend to see higher staff spend, while outsourced and tech-intensive services higher vendor spend).
    • Service levels required by the business should be the driving factor behind service design and spend decisions. High service spend may reflect priority but may also indicate it's over-built and is ripe for a cost-optimization treatment.
    • Service spend is a useful barometer for tracking the financial impact of any changes made to IT. Add simple unit-cost metrics like "service spend per organizational employee" and "service spend per FTE assigned to the service" to see if and how the dial has moved over time.

    Grow your IT service management practice.

    • The real power of the CIO Service View is laying the groundwork for next-level IT service management initiatives like developing a service catalog, negotiating service-level agreements, rolling out chargeback and showback mechanisms, and calculating IT's value to the business.
    • Use service spend as a common denominator for both your IT service management and IT performance management programs. Better yet, integrate the two programs to ensure a single version of the truth.

    CIO Service View: Optimize your cost-to-value ratio

    Now that you've mapped your IT spend data to the CIO Service View, there are some questions you're better equipped to answer, namely:

    • What's the impact of cloud adoption on speed of delivery?
    • Where can I improve spend efficiency?
    • Is my support model optimized?
    • How does our spend compare to others?

    You now have:

    • Data that shows the financial impact of change decisions on service costs.
    • Insight into the relationship between vendor spend and staff spend within a given IT service.
    • The information you need to start developing service unit costing mechanisms.
    • A tool for setting and right-sizing service-level agreements with the business.
    • A more focused starting point for investigating IT cost-optimization opportunities.
    • A baseline for benchmarking common IT services against your peers.

    Does the amount we spend on each IT service make sense?

    We have some good opportunities for optimization ...

    Chart of CIO Service View

    The CXO Business View will spur conversations that may have never happened before

    This view is a potential game changer as previously unknown technology spend is often revealed, triggering change in IT's relationship with business unit leaders.

    Table of CXO Business View

    The big beneficiaries of IT spend will leap out

    The CXO Business View mapping does have a "shock and awe" quality to it given large spend disparities. They may be totally legitimate, but they're still eye-catching.

    Share information, don't push recommendations.

    • Have a series of one-on-one meetings with business unit leaders to present these numbers.
      • Approach initial meetings as information-sharing sessions only. The data is probably new to them, and they'll need time to reflect and ask questions.
      • Bring a list of the big-ticket spend items for that business unit to focus the conversation.
    • Present these numbers at a broader leadership meeting.
      • It's critical for everyone to hear the same truth and learn about each other's technology needs and uses.
      • This is where recommendations for better aligning IT spend with business goals and cost-optimization strategies should surface. A group approach will bring technology haves and have-nots into the open, as well as provide a forum for collaborative solutioning.

    If possible, slice the numbers by business unit headcount.

    • IT spend per business unit employee is an attention-getting metric that can help gain entry to important conversations.
    • Comparing per-employee spend across different business functions is not necessarily an apples-to-apples comparison, as units like HR may have few employees but serve the entire organization. Bring up these kinds of differences to provide context and avoid misinterpretations.

    Questions will arise in how you calculated and allocated indirect IT spend

    IT spend for things like core infrastructure and end-user services must be distributed fairly across multiple or all business units. Be prepared to explain your methods.

    Be transparent in your transparency.

    • Distributing indirect spend is imprecise by nature. You can't account for every unique circumstance. However, you can devise a logic-driven, general approach that's defensible, fair, and works for most people most of the time.
    • Lay out your assumptions from the start. This is an important part of communicating transparently and can prevent unwanted descent into weedy rabbit holes.
      • List what you classified as indirect spend. Use the CFO Expense View and/or CIO Service View categories to aid your presentation of this information.
      • Point out known circumstances that didn't fit your general allocation method and how you handled them. Opting to ignore minor anomalies is reasonable but be sure to tell business unit leaders you did this and why.

    Use questions about indirect IT staff spend distribution to engage stakeholders.

    • As a percentage, the indirect IT staff spend allocation to a specific business unit may be higher than that for IT vendor spend since IT staff tend to operate more generally than the technologies they support.
    • Leverage any pushback about indirect spend as an opportunity to engage the broader business leadership group. Let them arrive at a consensus of how they want it done and confirm buy-in.

    CXO Business View: Bring the truth to light

    Now that you've mapped your IT spend data to the CXO Business View, there are some questions you're better equipped to answer, namely:

    • Which business units consume the most IT resources?
    • Which business units are underserved by IT?
    • How do I best communicate spend data internally?
    • Where do I need better business sponsorship for IT projects?

    You now have:

    • A reason-based accounting of direct and indirect amounts spent on IT vendors and staff in support of each major business unit.
    • Insight into the technology haves and have-nots in your organization and where opportunities to optimize costs may exist.
    • Attention-getting numbers that will help you engage business-unit leaders in meaningful conversations about their use of IT resources and the value they receive.
    • A mechanism to assess if a business unit's consumption of IT is appropriate and aligned with its purpose and mandate in the organization.
    • A list of previously unknown business-side technologies that IT will investigate further.

    Why doesn't my business unit get more support from IT?

    Let's look at how you compare to the other departments ...

    Chart of the CXO Business View

    From the CEO's high-level perspective, IT spend is a collection of distinct financial islands

    From IT's perspective, these islands are intimately connected, with events on one affecting what happens (or doesn't) on another. Focus on the bridges.

    Table of CEO High-level Perspective

    Focus more on unifying the view of technology spend than on the numbers

    When talking to the CEO, seek to build mutual understanding and encourage a holistic approach to the organization's technology spend.

    Use the numbers to get to the real issues.

    • Clarify with the CEO what business innovation, business growth, and KTLO means to them and the role each plays in the organization's strategic and operational plans.
    • Find out the role they think IT, and technology as a whole, has in realizing business plans. Only then can you look at the relative allocation of IT spend with them to see if the aspiration aligns with reality.
    • Eventually, you'll need to discuss expectations around who pays the bills for operationally supporting capital technology investments over the long-term (i.e. IT or the business units that actually want and use it). You'll have concrete examples of business projects that consumed IT operations resources without a corresponding increase in IT's OpEx budget.

    Focus your KTLO spend conversation on risk and trade-off.

    • Every strategic conversation needs to look at the impact on ongoing operations. Every discussion about CapEx needs to investigate the long-term repercussions for OpEx. Look at the whole tech spend picture.
    • Use risk to get KTLO/OpEx into the conversation. Be straightforward (i.e. "If we do/don't do this, then we can/can't do that"). Simply put, mitigating the risks that get in the way of having it all usually requires spending.

    CEO Innovation View: Learn what's really expected of IT

    Now that you've mapped your IT spend data to the CEO Innovation View, there are some questions you're better equipped to answer, namely:

    • Why is KTLO spend so high?
    • What should our operational spend priorities be?
    • Which projects and investments should we prioritize?
    • Are we spending enough on innovative initiatives?

    You now have:

    • A holistic, organization-wide view of total technology spend in support of different investment types, namely business innovation, business growth, and keeping things up and running.
    • Data-driven examples that prove the impact of near-term capital spend on long-term operational expenses and the intimate relationship between the two types of spend.
    • A way to measure the degree of alignment between the innovation and growth goals the organization has and how money is actually being spent to realize those goals.
    • A platform to discuss how technology investment decision-making and governance can work better to realize organizational mandates and goals.

    I know what IT costs us, but what is it really worth?

    Here's how tech spend directly supports business objectives ...

    Chart of CEO Innovation View

    Revisit your IT spend transparency objectives before crafting your executive presentation

    Go back to exercise 1.1 to remind yourself why you undertook this effort in the first place, clear your head of all that data, and refocus on the big picture.

    Review the real problems and issues you need to address and the key stakeholders.
    This will guide what data you focus on or showcase with other business leaders. For example, if IT OpEx is perceived as high, be prepared to examine the CapEx/OpEx ratio as well as cloud-related spend's impact on OpEx.

    Flag ITFM processes you'll develop as part of your ITFM maturity improvement plan.
    You won't become a TCO math expert overnight, but being able to communicate your awareness of and commitment to developing and applying ITFM capabilities helps build confidence in you and the information you're presenting.

    Use your first big presentation to debut ITFM.
    ITFM as a formal practice and the changes you hope to make may be a novel concept for your business peers. Use your newfound IT spend and staffing transparency to gently wade into the topic instead of going for the deep dive.

    Now it's time to present your transparent IT spend and staffing data to your executive

    Pull out of analysis mode. You're starting to tell the IT spend story, and this is just the first chapter. Introduce your cast of characters and pique your audience's interest.

    The goal of this first presentation is to showcase IT spend in general and make sure that everyone's getting the same information as everyone else.

    Go broad, not deep
    Defer any in-depth examinations until after you're sure you have everyone's attention. Only dive deep when you're ready to talk about specific plans via follow-up sessions.

    Focus on the CXO
    Given your audience, the CXO Business View may be the most interesting for them and will trigger the most questions and discussion. Plan to spend the largest chunk of your time here.

    Avoid judgment
    Let the numbers speak for themselves. Do point out what's high and what's low, but don't offer your opinion about whether it's good or bad. Let your audience draw their own conclusions.

    Ask for impressions
    Education and awareness are primary objectives. What comes up will give a good indication of what's known, what's news, who's interested, and where there's work to do.

    Pick a starting point
    Ask what they see as high-priority areas for both optimizing IT costs as well as improving the organization's approach to making IT spend decisions in general.

    What to include in your presentation ...

    • Purpose: Why you did the IT spend and staffing transparency exercise.
    • Method: The models and processes you used to map the data.
    • Data: Charts from the IT Spend & Staffing Transparency Workbook.
    • Feedback: Space for your audience to voice their thoughts.
    • Next steps: Discussion and summary of actions to come.

    5.2 Develop an executive presentation

    Duration: Two hours

    1. Download the IT Staff & Spend Executive Presentation Template.
    2. Copy and paste the IT spend output tables and graphs into the template. (Note: Pasting as an image will preserve formatting.)
    3. Incorporate observations and insights about your analysis of your IT spend metrics.
    4. Conduct an internal review of the final presentation to ensure it includes all the elements you need and is error free.
    5. Book time to make your presentation to the executive team. Plan time after the presentation to field questions, engage in follow-up information sessions, and act on feedback.

    Note: Refer to your organization's standards and norms for executive-level presentations and either adapt the Info-Tech template accordingly or use your own.

    Input Output
    • Tabular and graphical data outputs in the IT Spend & Staffing Transparency Workbook
    • Executive presentation summarizing your organization's actual IT spend
    Materials Participants
    • IT Spend & Staffing Transparency Workbook
    • IT Staff & Spend Executive Presentation Template
    • CIO/IT directors
    • IT financial lead
    • Other IT management

    Download the IT Spend & Staffing Transparency Executive Presentation TemplateTemplate

    Phase 5: Identify implications for IT

    Achievement summary

    You've done the hard part in starting your IT spend transparency journey. You have:

    • Analyzed the results of your IT spend mapping process.
    • Revisited your transparency objectives.
    • Prepared an executive presentation so you can share findings with other leaders in your organization.

    "Having internal conversations, especially if there is doubt, allows for accuracy and confidence in your model. I was showing someone the cost of a service he managed. He didn't believe the service was so expensive. We went through it: here are the people we allocated, the assets we allocated, and the software we allocated. It was right - that was the total cost. He was like, 'No way. Wow.' The costs were high, and the transparency is what allowed for a conversation on cost optimization."
    - Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group

    Next Steps

    Achieve IT Spend & Staffing Transparency

    This final section will provide you with:

    • An overall summary of accomplishment
    • Recommended next steps
    • A list of contributors to this research
    • Some related Info-Tech resources to help you grow your ITFM practice

    Summary of Accomplishment

    Congratulations! You now have a fully transparent view of your IT spend.

    You've now mapped the entirety of technology spend in your organization. You've:

    1. Learned the key sources of spend data and information in your organization.
    2. Set some standards for data organization and labeling.
    3. Have a methodology for continuing to track and document spend in a transparent way.
    4. Crafted an executive presentation that's a first step in having more meaningful and constructive conversations about IT spend with your key stakeholders.

    What's next?

    With a reliable baseline, you can look forward to more informed and defensible IT budgeting and cost optimization. Use your newly-transparent IT spend as a foundation for improving your financial data hygiene in the near term and evolving your overall ITFM governance maturity in the long-term.

    If you would like additional support, have our analysts guide you through an Info-Tech full-service engagement or Guided Implementation.

    Contact your account representative for more information.

    1-888-670-8889

    Research Contributors and Experts

    Monica Braun, Research Director, ITFM Practice

    Monica Braun
    Research Director, ITFM Practice
    Info-Tech Research Group

    Dave Kish, Practice Lead, ITFM Practice

    Dave Kish
    Practice Lead, ITFM Practice
    Info-Tech Research Group

    Kennedy Confurius, Research Analyst, ITFM Practice

    Kennedy Confurius
    Research Analyst, ITFM Practice
    Info-Tech Research Group

    Aman Kumari, Research Specialist, ITFM Practice

    Aman Kumari
    Research Specialist, ITFM Practice
    Info-Tech Research Group

    Rex Ding, Research Specialist, ITFM Practice

    Rex Ding
    Research Specialist, ITFM Practice
    Info-Tech Research Group

    Angie Reynolds, Principal Research Director, ITFM Practice

    Angie Reynolds
    Principal Research Director, ITFM Practice
    Info-Tech Research Group

    Related Info-Tech Research

    Build Your IT Cost Optimization Roadmap

    • Cost optimization often doesn't go beyond the cutting part, but cutting costs isn't strategic - it's reactive and can easily result in mistakes.
    • True cost optimization is much more than this. Re-focus your efforts on optimizing your cost-to-value ratio and implementing a sustainable cost-optimization practice.

    Build an IT Budget

    • Budgetary approval is difficult because finance executives have a limited understanding of IT and use a different vocabulary.
    • Detailed budgets must be constructed in a way that is transparent but at a level of appropriate detail in order to limit complexity and confusion.

    Manage an IT Budget

    • No one likes to be over budget, but being under budget isn't necessarily good either.
    • Implement a budget management process that documents your planned budget and actual expenditures, tracks variances, and responds to those variances to stay on track.
    • Control for under- or overspending using Info Tech's budget management tool and tactics.

    APPENDIX

    Sample shared business services

    Sample industry-specific business services

    Sample shared business functions

    Business function Definition
    Human Resources The management of the recruitment, training, development, appraisal, compensation/reward, retention, and departure of employees in an organization. Does not include management of subcontractor or outsourced relationships.
    Finance and Accounting The management and analysis of an organization's revenue, funds, spend, investments, financial transactions, accounts, and financial statements. Often includes enterprise asset management.
    Procurement and Supplier Management Acquiring materials, goods, and services from an external party, including identifying potential suppliers/providers, managing tendering or bidding processes, negotiating terms and agreements, and managing the relationship with the vendor/provider.
    Information Technology The development, management, and optimization of information technology resources and systems over their lifecycle in support of an organization's work priorities and goals. Includes computer-based information and communication systems, but typically excludes industrial operational technologies.
    Legal Expertise in interpretation, implication, and application of legislation and regulation that affects the enterprise, including guidance and support in the areas of risk, contracting, compliance, ownership, and litigation.
    Regulatory Affairs and Compliance Management Identification, operationalization, monitoring, reporting, and enforcement of the standards, rules, codes, and laws that apply to an organization's operating environment and the products and services it offers.
    Sales Transactional provision of a product or service to a buyer at an agreed-upon price. Includes identifying and developing prospective buyers, presenting and explaining the product/service, overcoming prospect objections and concerns to purchase, negotiating terms, developing contracts, and billing or invoicing.
    Customer Service and Support A range of activities designed to optimize the customer experience with an organization and its products and services throughout the customer lifecycle with the goals of retaining the customer; encouraging additional spend or consumption; the customer positively influencing other potential customers; and minimizing financial and reputational business risks.
    Marketing and Advertising Understanding customer/prospect needs, developing strategies to meet those needs, and promotion of the organization's products/services to a target market via a range of channels to maximize revenue, membership, donations, and/or develop the organization's brand or reputation. Includes market research and analysis and promotion, campaign, and brand management.

    Sample industry-specific functions

    Supply chain and capital-intensive industries.

    Industry function Definition
    Product Innovation Research, design, development, and launch of new products, including the engineering of their underlying production processes.
    Product and Service Portfolio Management The management of an organization's collection of products and services, including management of the product/service roadmap; product/service portfolio and catalog; product/service quality and performance; and product/service pricing, bundling and markdown.
    Logistics and Supply Chain Management Sourcing raw materials or component parts needed and shipping of a finished product. Includes demand planning; procurement/supplier management; inventory management; yard management; allocation management; fulfillment and replenishment; and product distribution and delivery.
    Production Operations Manufacture, storage, and tracking of a product and ensuring product and production process quality. Includes operations management, materials management, quality/safety control, packaging management, and management of the tools, equipment, and technologies that support it.
    Architecture & Engineering The design and planning of structures or critical infrastructure systems according to scientific, functional, and aesthetic principles.
    Construction New construction, assembly, or alteration of buildings and critical infrastructure (e.g. transportation systems; telecommunications systems; utilities generation/transmission/distribution facilities and systems). Includes management of all construction project plans and the people, materials, and equipment required to execute.
    Real Estate Management Management of any residential, commercial, or industrial real estate holdings (land and buildings), including any financial dealings such as its purchase, sale, transfer, and rental as well as ongoing maintenance and repair of associated infrastructure and capital assets.

    Sample industry-specific functions

    Financial services and insurance industries.

    Industry function Definition
    Core Banking Services Includes ATM management; account management (opening, deposit/withdrawal, interest calculation, overdraft management, closing); payments processing; funds transfers; foreign currency exchange; cash management.
    Loan, Mortgage, and Credit Services Includes application, adjudication, and approval; facility; disbursement/card issuance; authorization management; merchant services; interest calculation; billing/payment; debt/collections management.
    Investment and Wealth Management Processes for the investment of premiums/monies received from policy holders/customers to generate wealth. Often two-pronged: internal investment to fund claim payout in the case of insurance, and customer-facing investment as a financial service (e.g. retirement planning/annuities). Includes product development and management, investment management, safety deposit box services, trust management services.
    Actuarial Analysis & Policy Creation Development of new policy products based on analysis of past losses and patterns, forecasts of financial risks, and assessment of potential profitability (i.e. actuarial science). These processes also include development of rate schedules (pricing) and the reserves that the insurer needs to have available for potential claim payouts.
    Underwriting & Policy Administration Processes for assessing risk of a potential policy holder; determining whether to insure them or not; setting the premiums the policy holder must pay; and administering the policy over the course of its lifecycle (including updates and billing).
    Claims Processing & Claims Management Processes for receiving, investigating, evaluating, approving/denying, and disbursing a claim payout. This process is unique to the insurance industry. In health insurance, ongoing case management processes need to be considered here whereby the insurer monitors and approves patient treatments over a long-term basis to ensure that the treatments are both necessary and beneficial.

    Sample industry-specific functions

    Healthcare industry

    Industry function Definition
    Patient Intake & Admissions Processes whereby key pieces of information about a patient are registered, updated, or confirmed with the healthcare provider in order to access healthcare services. Includes patient triage, intake management, and admissions management. These processes are generally administrative in nature.
    Patient Diagnosis A range of methods for determining the medical condition a patient has in order to provide appropriate care or treatment. Includes examination, consultation, testing, and diagnostic imaging.
    Patient Treatment The range of medical procedures, methods, and interventions to mitigate, relieve, or cure a patient's symptom, injury, disease, or other medical condition. Includes consultation and referral; treatment and care planning; medical procedure management; nursing and personal support; medicine management; trauma management; diet and nutrition management; and patient transportation.
    Patient Recovery & Ongoing Care Processes and methods for tracking the progress of a patient post-treatment; improving their health outcomes; restoring, maintaining, or improving their quality of life; and discharging or transferring them to other providers. Includes remote monitoring of vital parameters, physical therapy, post-trauma care, and a range of restorative and lifestyle modification programs.

    Sample industry-specific functions

    Gaming and hospitality industries

    Industry function Definition
    Accommodation Short-term lodging in hotel facilities. Includes management and maintenance of guest rooms and common spaces, amenities (e.g. swimming pool), and other related services (e.g. valet parking).
    Gaming Includes table wagering games and gambling activities such as slot machines or any other activity that includes on premises mobile casino gaming.
    Food & Beverage Services Food and beverages prepared, served, or available for sale by the hotel on the hotel premises via restaurants and bars and room service. Excludes catering (see Events Management) and management or operation of independent leased food and beverage establishments located on the hotel premises.
    Entertainment & Events Planning, coordination, and on-premises hosting of events including conferences, conventions, trade shows, parties, ceremonies and live entertainment, and other forms of recreation on the hotel premises. Includes all aspects of entertainment operations, facility management and catering for the event.

    Change Management

    • Buy Link or Shortcode: {j2store}3|cart{/j2store}
    • Related Products: {j2store}3|crosssells{/j2store}
    • Up-Sell: {j2store}3|upsells{/j2store}
    • Download01-Title: Change Management Executive Brief
    • Download-01: Visit Link
    • member rating overall impact (scale of 10): 9.6/10
    • member rating average dollars saved: $35,031
    • member rating average days saved: 34
    • Parent Category Name: Infra and Operations
    • Parent Category Link: /infra-and-operations
    Every company needs some change management. Both business and IT teams benefit from knowing what changes when.

    incident, problem, problemchange

    Grow Your Own PPM Solution

    • Buy Link or Shortcode: {j2store}436|cart{/j2store}
    • member rating overall impact (scale of 10): 9.6/10 Overall Impact
    • member rating average dollars saved: $47,944 Average $ Saved
    • member rating average days saved: 29 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • As portfolio manager, you’re responsible for supporting the intake of new project requests, providing visibility into the portfolio of in-flight projects, and helping to facilitate the right approval and prioritization decisions.
    • You need a project portfolio management (PPM) tool that promotes the maintenance and flow of good data to help you succeed in these tasks. However, while throwing expensive technology at bad process rarely works, many organizations take this approach to solve their PPM problems.
    • Commercial PPM solutions are powerful and compelling, but they are also expensive, complex, and hard to use. When a solution is not properly adopted, the data can be unreliable and inconsistent, defeating the point of purchasing a tool in the first place.

    Our Advice

    Critical Insight

    • Your choice of PPM solution must be in tune with your organizational PPM maturity to ensure that you are prepared to sustain the tool use without having the corresponding PPM processes collapse under its own weight.
    • A spreadsheet-based homegrown PPM solution can provide key capabilities of an optimized PPM solution with a high level of sophistication and complexity without the prohibitive capital and labor costs demanded by commercial PPM solution.
    • Focus on your PPM decision makers that will consume the reports and insights by investigating their specific reporting needs.

    Impact and Result

    • Think outside the commercial box. Develop an affordable, adoptable, and effective PPM solution using widely available tools based on Info-Tech’s ready-to-deploy templates.
    • Make your solution sustainable. When it comes to portfolio management, high level is better. A tool that is accurate and maintainable will provide more value than one that strives for precise data yet is ultimately unmaintainable.
    • Report success. A PPM tool needs to foster portfolio visibility in order to engage and inform the executive layer and support effective decision making.

    Grow Your Own PPM Solution Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should grow your own PPM solution, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Right-size your PPM solution

    Scope an affordable, adoptable, and effective PPM solution with Info-Tech's Portfolio Manager 2017 workbook.

    • Grow Your Own PPM Solution – Phase 1: Right-Size Your PPM Solution
    • Portfolio Manager 2017 Cost-in-Use Estimation Tool
    • None

    2. Get to know Portfolio Manager 2017

    Learn how to use Info-Tech's Portfolio Manager 2017 workbook and create powerful reports.

    • Grow Your Own PPM Solution – Phase 2: Meet Portfolio Manager 2017
    • Portfolio Manager 2017
    • Portfolio Manager 2017 (with Actuals)
    • None
    • None
    • None

    3. Implement your homegrown PPM solution

    Plan and implement an affordable, adoptable, and effective PPM solution with Info-Tech's Portfolio Manager 2017 workbook.

    • Grow Your Own PPM Solution – Phase 3: Implement Your PPM Solution
    • Portfolio Manager 2017 Operating Manual
    • Stakeholder Engagement Workbook
    • Portfolio Manager Debut Presentation for Portfolio Owners
    • Portfolio Manager Debut Presentation for Data Suppliers

    4. Outgrow your own PPM solution

    Develop an exit strategy from your home-grown solution to a commercial PPM toolset. In this video, we show a rapid transition from the Excel dataset shown on this page to a commercial solution from Meisterplan. Christoph Hirnle of Meisterplan is interviewed starting at 9 minutes.

    • None
    [infographic]

    Workshop: Grow Your Own PPM Solution

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Scope a Homegrown PPM Solution for Your Organization

    The Purpose

    Assess the current state of project portfolio management capability at your organization. The activities in this module will inform the next modules by exploring your organization’s current strengths and weaknesses and identifying areas that require improvement.

    Set up the workbook to generate a fully functional project portfolio workbook that will give you a high-level view into your portfolio.

    Key Benefits Achieved

    A high-level review of your current project portfolio capability is used to decide whether a homegrown PPM solution is an appropriate choice

    Cost-benefit analysis is done to build a business case for supporting this choice

    Activities

    1.1 Review existing PPM strategy and processes.

    1.2 Perform a cost-benefit analysis.

    Outputs

    Confirmation of homegrown PPM solution as the right choice

    Expected benefits for the PPM solution

    2 Get to Know Portfolio Manager 2017

    The Purpose

    Define a list of requirements for your PPM solution that meets the needs of all stakeholders.

    Key Benefits Achieved

    A fully customized PPM solution in your chosen platform

    Activities

    2.1 Introduction to Info-Tech's Portfolio Manager 2017: inputs, outputs, and the data model.

    2.2 Gather requirements for enhancements and customizations.

    Outputs

    Trained project/resource managers on the homegrown solution

    A wish list of enhancements and customizations

    3 Implement Your Homegrown PPM Solution

    The Purpose

    Determine an action plan regarding next steps for implementation.

    Implement your homegrown PPM solution. The activities outlined in this step will help to promote adoption of the tool throughout your organization.

    Key Benefits Achieved

    A set of processes to integrate the new homegrown PPM solution into existing PPM activities

    Plans for piloting the new processes, process improvement, and stakeholder communication

    Activities

    3.1 Plan to integrate your new solution into your PPM processes.

    3.2 Plan to pilot the new processes.

    3.3 Manage stakeholder communications.

    Outputs

    Portfolio Manager 2017 operating manual, which documents how Portfolio Manager 2017 is used to augment the PPM processes

    Plan for a pilot run and post-pilot evaluation for a wider rollout

    Communication plan for impacted PPM stakeholders

    Implement an IT Chargeback System

    • Buy Link or Shortcode: {j2store}71|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • Business units voraciously consume IT services and don’t understand the actual costs of IT. This is due to lack of IT cost transparency and business stakeholder accountability for consumption of IT services.
    • Business units perceive IT costs as uncompetitive, resulting in shadow IT and a negative perception of IT.
    • Business executives have decided to implement an IT chargeback program and IT must ensure the program succeeds.

    Our Advice

    Critical Insight

    Price IT services so that business consumers find them meaningful, measurable, and manageable:

    • The business must understand what they are being charged for. If they can’t understand the value, you’ve chosen the wrong basis for charge.
    • Business units must be able to control and track their consumption levels, or they will feel powerless to control costs and you’ll never attain real buy-in.

    Impact and Result

    • Explain IT costs in ways that matter to the business. Instead of focusing on what IT pays for, discuss the value that IT brings to the business by defining IT services and how they serve business users.
    • Develop a chargeback model that brings transparency to the flow of IT costs through to business value. Demonstrate how a good chargeback model can bring about fair “pay-for-value” and “pay-for-what-you-use” pricing.
    • Communicate IT chargeback openly and manage change effectively. Business owners will want to know how their profit and loss statements will be affected by the new pricing model.

    Implement an IT Chargeback System Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement an IT chargeback program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch

    Make the case for IT chargeback, then assess the financial maturity of the organization and identify a pathway to success. Create a chargeback governance model.

    • Implement IT Chargeback – Phase 1: Launch
    • IT Chargeback Kick-Off Presentation

    2. Define

    Develop a chargeback model, including identifying user-facing IT services, allocating IT costs to services, and setting up the chargeback program.

    • Implement IT Chargeback – Phase 2: Define
    • IT Chargeback Program Development & Management Tool

    3. Implement

    Communicate the rollout of the IT chargeback model and establish a process for recovering IT services costs from business units.

    • Implement IT Chargeback – Phase 3: Implement
    • IT Chargeback Communication Plan
    • IT Chargeback Rollout Presentation
    • IT Chargeback Financial Presentation

    4. Revise

    Gather and analyze feedback from business owners, making necessary modifications to the chargeback model and communicating the implications.

    • Implement IT Chargeback – Phase 4: Revise
    • IT Chargeback Change Communication Template
    [infographic]

    Workshop: Implement an IT Chargeback System

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Kick-Off IT Chargeback

    The Purpose

    Make the case for IT chargeback.

    Identify the current and target state of chargeback maturity.

    Establish a chargeback governance model.

    Key Benefits Achieved

    Investigated the benefits and challenges of implementing IT chargeback.

    Understanding of the reasons why traditional chargeback approaches fail.

    Identified the specific pathway to chargeback success.

    Activities

    1.1 Investigate the benefits and challenges of implementing IT chargeback

    1.2 Educate business owners and executives on IT chargeback

    1.3 Identify the current and target state of chargeback maturity

    1.4 Establish chargeback governance

    Outputs

    Defined IT chargeback mandate

    IT chargeback kick-off presentation

    Chargeback maturity assessment

    IT chargeback governance model

    2 Develop the Chargeback Model

    The Purpose

    Develop a chargeback model.

    Identify the customers and user-facing services.

    Allocate IT costs.

    Determine chargeable service units.

    Key Benefits Achieved

    Identified IT customers.

    Identified user-facing services and generated descriptions for them.

    Allocated IT costs to IT services.

    Identified meaningful, measurable, and manageable chargeback service units.

    Activities

    2.1 Identify user-facing services and generate descriptions

    2.2 Allocate costs to user-facing services

    2.3 Determine chargeable service units and pricing

    2.4 Track consumption

    2.5 Determine service charges

    Outputs

    High-level service catalog

    Chargeback model

    3 Communicate IT Chargeback

    The Purpose

    Communicate the implementation of IT chargeback.

    Establish a process for recovering the costs of IT services from business units.

    Share the financial results of the charge cycle with business owners.

    Key Benefits Achieved

    Managed the transition to charging and recovering the costs of IT services from business units.

    Communicated the implementation of IT chargeback and shared the financial results with business owners.

    Activities

    3.1 Create a communication plan

    3.2 Deliver a chargeback rollout presentation

    3.3 Establish a process for recovering IT costs from business units

    3.4 Share the financial results from the charge cycle with business owners

    Outputs

    IT chargeback communication plan

    IT chargeback rollout presentation

    IT service cost recovery process

    IT chargeback financial presentation

    4 Review the Chargeback Model

    The Purpose

    Gather and analyze feedback from business owners on the chargeback model.

    Make necessary modifications to the chargeback model and communicate implications.

    Key Benefits Achieved

    Gathered business stakeholder feedback on the chargeback model.

    Made necessary modifications to the chargeback model to increase satisfaction and accuracy.

    Managed changes by communicating the implications to business owners in a structured manner.

    Activities

    4.1 Address stakeholder pain points and highly disputed costs

    4.2 Update the chargeback model

    4.3 Communicate the chargeback model changes and implications to business units

    Outputs

    Revised chargeback model with business feedback, change log, and modifications

    Chargeback change communication

    Satisfy Customer Requirements for Information Security

    • Buy Link or Shortcode: {j2store}259|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $247 Average $ Saved
    • member rating average days saved: 3 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Your customers and potential customers are increasingly demanding assurance that you will meet their information security requirements.
    • Responding to these assurance demands requires ever more effort from the security team, which distracts them from their primary mission of protecting the organization.
    • Every customer seems to have their own custom security questionnaire they want you to complete, increasing the effort you have to expend to respond to them.

    Our Advice

    Critical Insight

    • Your security program can be a differentiator and help win and retain customers.
    • Value rank your customers to right-size the level of effort your security team dedicates to responding to questionnaires.
    • SOC 2 or ISO 27001 certification can be an important part of your security marketing, but only if you make the right business case.

    Impact and Result

    • CISOs need to develop a marketing strategy for their information security program.
    • Ensure that your security team dedicates the appropriate amount of effort to sales by value ranking your potential customers and aligning efforts to value.
    • Develop a business case for SOC 2 or ISO 27001 to determine if certification makes sense for your organization, and to gain support from key stakeholders.

    Satisfy Customer Requirements for Information Security Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should proactively satisfy customer requirements for information security, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Manage customer expectations for information security

    Identify your customers’ expectations for security and privacy, value rank your customers to right-size your efforts, and learn how to impress them with your information security program.

    • Satisfy Customer Requirements for Information Security – Phase 1: Manage Customer Expectations for Information Security

    2. Select a certification path

    Decide whether to obtain SOC 2 or ISO 27001 certification, and build a business case for certification.

    • Satisfy Customer Requirements for Information Security – Phase 2: Select a Certification Path
    • Security Certification Selection Tool
    • Security Certification Business Case Tool

    3. Obtain and maintain certification

    Develop your certification scope, prepare for the audit, and learn how to maintain your certification over time.

    • Satisfy Customer Requirements for Information Security – Phase 3: Obtain and Maintain Certification
    [infographic]

    Recruit and Retain More Women in IT

    • Buy Link or Shortcode: {j2store}575|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $14,532 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Attract & Select
    • Parent Category Link: /attract-and-select
    • While the number of jobs in IT has increased dramatically, the percentage of women in IT has progressed disproportionately, with only 25% of IT jobs being held by women (CIO from IDG, 2021).
    • The challenge is not a lack of talented women with the competencies to excel within IT, but rather organizations lack an effective strategy to recruit and retain women in IT.

    Our Advice

    Critical Insight

    • Retaining and attracting top women is good business, not personal. As per McKinsey Global Institute, “$4.3 trillion of additional annual GDP in 2025 could be added to the U.S. by fully bridging the gender gap.”
    • In the war on talent, having a strategy around how you will recruit & retain of women in IT is Marketing 101. What influences whether women apply for roles and stay at organizations is different than men; traditional models won’t cut it.

    Impact and Result

    To stay competitive, IT leaders need to radically change the way they recruit and retain talent, and women in IT represent one of the largest untapped markets for IT talent. CIOs need a targeted strategy to attract and retain the best, and this requires a shift in how leaders currently manage the talent lifecycle. Info-Tech offers a targeted solution that will help IT leaders:

    1. Build a Recruitment Playbook: Leverage Info-Tech tools to effectively sell to, search for, and secure top talent.
    2. Build a Retention Strategy: Follow Info-Tech’s step-by-step process to identify initiatives and opportunities to retain your top talent.

    Recruit and Retain More Women in IT Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Recruit and Retain More Women in IT Deck – A step-by-step document that walks you through how to build a recruitment and retention plan for women in IT.

    Create a targeted recruitment and retention strategy for women. Increase the number of viable candidates by leveraging best practices to sell to, search for, and secure top women in IT. Take a data-driven approach to improving retention of women by using best practices to measure and improve employee engagement.

    • Recruit and Retain More Women in IT – Phases 1-2

    2. Employee Value Proposition Tools – Build and road-test your employee value proposition to ensure that it is aligned, clear, compelling, and differentiated.

    These tools tap into best practices to help you collect the information you need to build, assess, test, and adopt an employee value proposition.

    • Employee Value Proposition (EVP) Interview Guide
    • Employee Value Proposition (EVP) Scorecard
    • Employee Value Proposition (EVP) Internal Scorecard Handout

    3. IT Behavioral Interview Question Library – A complete list of sample questions aligned with core, leadership, and IT competencies.

    Don’t hire by intuition, consider leveraging behavioral interview questions to reduce bias and uncover candidates that will be able to execute on the job.

    • IT Behavioral Interview Question Library

    4. Stay Interview Guide – Use this tool to guide one-on-one conversations with your team members to monitor employee engagement between surveys.

    Stay interviews are an effective method for monitoring employee engagement. Have these informal conversations to gain insight into what your employees really think about their jobs, what causes them to stay, and what may lead them to leave.

    • Stay Interview Guide

    Infographic

    Workshop: Recruit and Retain More Women in IT

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Make the Case for Strategically Recruiting and Retaining Women in IT

    The Purpose

    Identify the need for a targeted strategy to recruit and retain women in IT and pinpoint your largest opportunities to drive diversity in your IT team.

    Key Benefits Achieved

    Establish goals and targets for the changes to be made to your IT recruitment and retention strategies.

    Activities

    1.1 Understand trends in IT staffing.

    1.2 Assess your talent lifecycle challenges and opportunities.

    1.3 Make the case for changes to recruitment and retention strategies.

    Outputs

    Recruitment & Retention Metrics Report

    Business Case for Recruitment and Retention Changes

    2 Develop Strategies to Sell Your Organization to Wider Candidate Pool

    The Purpose

    The way you position the organization impacts who is likely to apply to posted positions. Ensure you are putting a competitive foot forward by developing a unique, meaningful, and aspirational employee value proposition and clear job descriptions.

    Key Benefits Achieved

    Implement effective strategies to drive more applications to your job postings.

    Activities

    2.1 Develop an IT employee value proposition.

    2.2 Adopt your employee value proposition.

    2.3 Write meaningful job postings.

    Outputs

    Employee Value Proposition

    EVP Marketing Plan

    Revised Job Ads

    3 Expand Your Talent Sourcing Strategy

    The Purpose

    Sourcing shouldn’t start with an open position, it should start with identifying an anticipated need and then building and nurturing a talent pipeline.

    IT participation in this is critical to effectively promote the employee experience and foster relationships before candidates even apply.

    Key Benefits Achieved

    Develop a modern job requisition form though role analysis.

    Increase your candidate pool by expanding sourcing programs.

    Activities

    3.1 Build realistic job requisition forms.

    3.2 Identify new alternative sourcing approaches for talent.

    3.3 Build a sourcing strategy.

    Outputs

    Job requisition form for key roles

    Sourcing strategy for key roles

    4 Secure Top Talent

    The Purpose

    Work with your HR department to influence the recruitment process by taking a data-driven approach to understanding the root cause of applicant drop-off and success and take corrective actions.

    Key Benefits Achieved

    Optimize your selection process.

    Implement non-bias interview techniques in your selection process.

    Activities

    4.1 Assess key selection challenges.

    4.2 Implement behavioral interview techniques.

    Outputs

    Root-Cause Analysis of Section Challenges

    Behavioral Interview Guide

    5 Retain Top Women in IT

    The Purpose

    Employee engagement is one of the greatest predictors of intention to stay.

    To retain employees you need to understand not only engagement, but also your employee experience and the moments that matter, and actively work to create positive experience.

    Key Benefits Achieved

    Identify opportunities to drive engagement across your IT organization.

    Implement tactical programs to reduce turnover in IT.

    Activities

    5.1 Measure employee engagement and review results.

    5.2 Identify new alternative sourcing approaches for talent.

    5.3 Train managers to conduct stay interviews and drive employee engagement.

    Outputs

    Identified Employee Engagement Action Plan

    Action Plan to Execute Stay Interviews

    Further reading

    Recruit and Retain More Women in IT

    Gender diversity is directly correlated to IT performance.

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    Technology has never been more important to organizations, and as a result, recruiting and retaining quality IT employees is increasingly difficult.

    • IT unemployment rates continue to hover below 2% in the US.
    • The IT talent market has evolved into one where the employer is the seller and the employee is the buyer.

    Common Obstacles

    • While the number of jobs in IT has increased dramatically, the percentage of women in IT has progressed disproportionately, with only 25% of IT jobs being held by women.*
    • The challenge is not a lack of talented women with the competencies to excel within IT, but rather organizations lack an effective strategy to recruit and retain women in IT.

    Info-Tech’s Approach

    To stay competitive, IT leaders need to radically change the way they recruit and retain talent, and women in IT represent one of the largest untapped markets. CIOs need a targeted strategy to attract and retain the best, and this requires a shift in how leaders currently manage the talent lifecycle. Info-Tech offers a targeted solution to help:

    • Build a Recruitment Playbook: Leverage Info-Tech tools to effectively sell to, search for, and secure top talent.
    • Build a Retention Strategy: Follow Info-Tech’s step-by-step process to identify initiatives and opportunities to retain your top talent.

    Info-Tech Insight

    Retaining and attracting top women is good business, not personal. Companies with greater gender diversity on executive teams were 25% more likely to have above-average profitability.1 In the war on talent, having a strategy around how you will recruit and retain women in IT is Marketing 101. What influences whether women apply for roles and stay at organizations is different than men; traditional models won’t cut it.

    *– McKinsey & Company, 2020; 2 – CIO From IDG, 2021
    The image contains a screenshot of a thought model titled: Recruit and Retain More Women in IT. Its subheading is: Gender Diversity is Directly Correlated to IT Performance. The thought model lists critical methods to recruit and retain, and also a traditional method to compare.

    Diversity & inclusion – it’s good business, not personal

    Why should organizations care about diversity?

    1. The war for talent is real. Every CIO needs a plan of attack. Unemployment rates are dropping and 54% of CIOs report that the skills shortage is holding them up from meeting their strategic objectives.
    2. Source: Harvey Nash and KPMG, 2020
    3. Diversity has clear ROI – both in terms of recruitment and retention. Eighty percent of technology managers experienced increased turnover in 2021. Not only are employee tenures decreasing, the competition for talent is fierce and the average cost of turnover is 150% of an IT worker’s salary.
    4. Source: Robert Half, 2021
    5. Inability to recruit and retain talent will reduce business satisfaction. Organizations who are continuously losing talent will be unable to meet corporate objectives due to lost productivity, keeping them in firefighting mode. An engaged workforce is a requirement for driving innovation and project success.

    ISACA’s 2020 study shows a disconnect between what men and women think is being done to recruit and retain female employees

    Key findings from ISACA’s 2020 Tech Workforce survey

    65% of men think their employers have a program to encourage hiring women. But only 51% of women agree.

    71% of men believe their employers have a program to encourage the promotion or advancement of women. But only 59% of women agree.

    49% of women compared to 44% of men in the survey feel they must work harder than their peers.

    22% of women compared to 14% of men feel they are underpaid.

    66% of women compared to 72% of men feel they are receiving sufficient resources to sustain their career.

    30% of women compared to 23% of men feel they have unequal growth opportunities.

    74% of women compared to 64% of men feel they lack confidence to negotiate their salaries.

    To see ISACA’s full report click here.
    The image contains a screenshot of a multi bar graph to demonstrate the percentage of female employees in the workforce of major tech companies. The major tech companies include: Amazon, Facebook, Apple, Google, and Microsoft.
    Image: Statista, 2021, CC BY-ND 4.0

    The chart to the left, compiled by Statista, (based on self-reported company figures) shows that women held between 23% to 25% of the tech jobs at major tech companies.

    Women are also underrepresented in leadership positions: 34% at Facebook, 31% at Apple, 29% at Amazon, 28% at Google, and 26% at Microsoft.

    (Statista, 2021)

    To help support women in tech, 78% of women say companies should promote more women into leadership positions. Other solutions include:

    • Providing mentorship opportunities (72%)
    • Offering flexible scheduling (64%)
    • Conducting unconscious bias training (57%)
    • Offering equal maternity and paternity leave (55%)
    • (HRD America, 2021)

    Traditional retention initiatives target the majority – the drivers that impact the retention of women in IT are different

    Ranked correlation of impact of engagement drivers on retention

    The image contains a screenshot that demonstrates the differences in retaining men and women in IT.

    * Recent data stays consistent, but, the importance of compensation and recognition in retaining women in IT is increasing.

    Info-Tech Research Group Employee Engagement Diagnostic; N=1,856 IT employees

    The majority of organizations take a one-size-fits-all approach to retaining and engaging employees.

    However, studies show that women are leaving IT in significantly higher proportions than men and that the drivers impacting men’s and women’s retention are different. Knowing how men and women react differently to engagement drivers will help you create a targeted retention strategy.

    In particular, to increase the retention and engagement of women, organizations should develop targeted initiatives that focus on:

    • Organizational culture
    • Employee empowerment
    • Manager relationships

    Why organizations need to focus on the recruitment and retention of women in IT

    1. Women expand the talent pool. Women represent a vast, untapped talent pool that can bolster the technical workforce. Unfortunately, traditional IT recruitment processes are targeted toward a limited IT profile – the key to closing the IT skills gap is to look for agile learners and expand your search criteria to cast a larger net.
    2. Diversity increases innovation opportunities. Groups with greater diversity solve complex problems better and faster than homogenous groups, and the presence of women is more likely to increase the problem-solving and creative abilities of the group.
    3. Women increase your ROI. Research shows that companies with the highest representation of women in their management teams have a 34% higher return on investment than those with few or no women. Further, organizations who are unable to retain top women in their organization are at risk for not being able to deliver to SLAs or project expectations and lose the institutional knowledge needed for continuous improvement.
    4. Source: Bureau of Labour Statistics; Info-Tech Research Group/McLean & Company Analysis

    Improving the representation of women in your organization requires rethinking recruitment and retention strategies

    SIGNS YOU MAY NEED A TARGETED RECRUITMENT STRATEGY…

    SIGNS YOU MAY NEED A TARGETED RETENTION STRATEGY…

    • “It takes longer than 8 weeks to fill a posted IT position.”
    • “Less than 35% of applicants to posted positions are women.”
    • “In the last year the number of applicants to posted positions has decreased.”
    • “The number of female employees who have referred employees in the last year is significantly lower than men in the department.”
    • “Less than 35% of your IT workforce is made up of women.”
    • “Proportionally women decline IT roles in higher rates than men in IT.”
    • “Voluntary turnover of high performers and high potentials is above 5%.”
    • “Turnover of women in IT is disproportionate to the percentage of IT staff.”
    • “Employee rankings of the IT department on social networking sites (e.g. Glassdoor) are low.”
    • “Employees are frequently absent from their jobs.”
    • “Less than 25% of management roles in IT are filled by women.”
    • “Employee engagement scores are lower among women than men.”

    Info-Tech’s approach to improving gender diversity at your organization

    Info-Tech takes a practical, tactical approach to improving gender diversity at organizations, which starts with straightforward tactics that will help you improve the recruitment and retention of women in your organization.

    How we can help

    1. Leverage Info-Tech’s tools to define your current challenges and opportunities for gender diversity to improve your recruitment and retention issues.
    2. Employ straightforward and tested tactics to increase talent acquisition of women in IT by optimizing how you sell to, search for, and secure top female talent.
    3. Take a data-driven approach to measure and increase the retention and engagement of women within your IT organization, and know how and when to involve your staff for optimal results.

    Leverage Info-Tech’s customizable deliverables to improve the recruitment and retention of women in your organization

    RECRUIT Top Women in IT

    If you don’t have a targeted recruitment strategy for women, you are missing out on 50% of the candidate pool. Increase the number of viable candidates by leveraging best practices to sell to, search for, and secure top women in IT.

    Key metrics to track:

    • Average number of female candidates per posting
    • Average time to fill position
    • Percentage of new hires still at the organization one year later

    RETAIN Top Women in IT

    The drivers that impact the retention of men and women are different. Take a data-driven approach to improving retention of women in your organization by using best practices to measure and improve employee engagement.

    Key metrics to track:

    • Voluntary turnover rates of men and women
    • Average tenure of men and women
    • Percentage of internal promotions going to men and women
    • Employee engagement scores

    Info-Tech’s methodology for Recruit and Retain More Women in IT

    1. Enhance Your Recruitment Strategies

    2. Enhance Your Retention Strategies

    Phase Steps

    1. Sell:
    • Develop an attractive employee value proposition.
    • Understand the impact of language on applicants.
  • Search:
    • Define meaningful job requirements
    • Evaluate various sourcing pools.
  • Secure:
    • Improve the interview experience.
    • Leverage behavioral interview questions to limit bias.
    1. Drive engagement in key areas correlated with driving higher retention of women in IT.
    2. Train managers to understand key moments that matter in the employee experience.
    3. Understand what motivates key performers to stay at your organization.

    Phase Outcomes

    Recruitment Optimization Plan

    Retention Optimization Plan

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our teams knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is 6 calls over the course of 1 to 2 months.

    1. Tactics to Recruit More Women in IT

    Call #1: Develop a strategy to better sell your organization to diverse candidates.

    Call #2: Evaluate your candidate search practices to reach a wider audience.

    Call #3: Introduce best practices in your interviews to improve the candidate experience and limit bias.

    2. Tactics to Retain More Women in IT

    Call #4: Launch focus groups to improve performance of key retention drivers.

    Call #5: Measure the employee experience and identify key moments that matter to staff.

    Call #6: Conduct stay interviews and establish actions to improve retention.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Make the Case

    Develop Strategies to Sell to a Wider Candidate Pool

    Expand Your Talent Sourcing Strategy

    Secure & Retain Top Talent

    Next Steps and Wrap-Up (offsite)

    Activities

    1.1 Understand trends in IT staffing.

    1.2 Assess your talent lifecycle.

    1.3 Make the case for changes to recruitment and retention strategies.

    2.1 Develop an IT employee value proposition (EVP).

    2.2 Adopt your employee value proposition.

    2.3 Write meaningful job postings.

    3.1 Build realistic job requisition forms.

    3.2 Identify new alternative sourcing approaches for talent.

    3.3 Build a sourcing strategy.

    4.1 Assess key selection challenges.

    4.2 Implement behavioral interview techniques.

    4.3 Measure employee engagement and review results.

    4.4 Develop programs to improve employee engagement.

    4.5 Train managers to conduct stay interviews and drive employee engagement.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Recruitment & retention metrics report
    2. Business case for recruitment and retention changes
    1. Employee Value Proposition
    2. EVP marketing plan
    3. Revised job ads
    1. Job requisition form for key roles
    2. Sourcing strategy for key roles
    1. Root-cause analysis of section challenges
    2. Behavioral interview guide
    3. Identified employee engagement action plan
    4. Action plan to execute stay interviews
    1. Completed recruitment optimization plan
    2. Completed retention optimization plan

    Phase 1

    Enhance Your Recruitment Strategies

    Phase 1

    • 1.1 Sell
    • 1.2 Search
    • 1.3 Secure

    Phase 2

    • 2.1 Engagement
    • 2.2 Employee Experience
    • 2.3 Stay Interviews

    Consider key factors within the recruitment process

    Key Talent Pipeline Opportunities:

    • In today’s talent landscape IT leaders need to be highly strategic about how they recruit new talent to the organization.
    • IT professionals have a huge number of options to choose from when considering their next career.
    • IT leaders need to actively market and expand their search to attract top talent. The “where” and “how” to recruit men and women in IT are different and your strategy should reflect this.
    • Partnering with your HR department to help you improve the number of applicants, expand your search criteria, and optimize the interview experience will all directly impact your talent pipeline.
    1. Sell
    2. How do you position the value of working for your organization and roles in a meaningful way?

    3. Search
    4. How can you expand your key search criteria and sourcing strategies to reach more candidates?

    5. Secure
    6. How can you reduce bias in your interview process and create positive candidate experiences?

    Info-Tech’s Sell-Search-Secure recruitment model

    Follow these steps to increase your pool of female candidates.

    1. Sell Tactics:
    2. 1. Develop an employee value proposition that will attract female candidates.

      2. Understand how your job postings may be deterring female candidates.

    3. Search Tactics:
    4. 3. Identify opportunities to expand your role analysis for job requisitions.

      4. Increase your candidate pool by expanding sourcing programs.

    5. Secure Tactics:
    6. 5. Identify tactics to improve women’s interview experience.

      6. Leverage behavioral interview questions to limit bias in interviews.

    Please note, this section is not a replacement or a full talent strategy. Rather, this blueprint will highlight key tactics within talent acquisition practices that the IT leadership team can help to influence to drive greater diversity in recruitment.

    Understand where leaks exist in your talent pipeline

    Start your recruitment enhancement here.

    Work with your HR department to track critical metrics around where you need to make improvements and where you can partner with your recruitment team to improve your recruitment process and build a more diverse pipeline. Identify where you have significant drops or variation in diversity or overall need and select where you’d like to focus your recruitment improvement efforts.

    Selection Process Step

    Sample Metrics to Track

    Sell

    Average time to fill a vacant position

    Average number of applicants for posted positions

    Total # of Candidates; # of Male Candidates (% of total);

    # of Female Candidates (% of total); % Difference Male & Female

    Number of page visits vs. applications for posted positions

    Total # of Candidates

    # of Male Candidates

    % of total

    # of Female Candidates

    % of total

    % Difference Male & Female

    Search

    Number of applicants coming from your different sourcing channels (one line per sourcing channel: LinkedIn Group A, website, job boards, specific events, etc.)

    Number of applicants coming from referrals

    Secure

    Number of applicants meeting qualifications

    Number of applicants selected for second interview

    Number of applicants rejecting an offer

    Number of applicants accepting an offer

    Number of employees retained for one year

    Enhance your recruitment strategies

    The way you position the organization impacts who is likely to apply to posted positions. Ensure you are putting a competitive foot forward by developing a unique, meaningful, and aspirational employee value proposition and clear job descriptions.

    Sell the organization

    What is an employee value proposition?

    An employee value proposition (EVP) is a unique and clearly defined set of attributes and benefits that capture an employee’s overall work experience within an organization. An EVP is your opportunity to showcase the unique benefits and opportunities of working at your organization, allowing you to attract a wider pool of candidates.

    How is an employee value proposition used?

    Your EVP should be used internally and externally to promote the unique benefits of working within the department. As a recruiting tool, you can use it to attract candidates, highlighting the benefits of working for your organization. The EVP is often highlighted where you are most likely to reach your target audience, whether that is through social media, in-person events, or in other advertising activities.

    Why tailor this to multiple audiences?

    While your employee value proposition should remain constant in terms of the unique benefits of working for your organization, you want to ensure that the EVP appeals to multiple audiences and that it is backed up by relevant stories that support how your organization lives your EVP every day. Candidates need to be able to relate to the EVP and see it as desirable, so ensuring that it is relatable to a diverse audience is key.

    Develop a strong employee value proposition

    Three key steps

    The image contains a cycle to demonstrate the three key steps. The steps are: Build and Assess the EVP, Test the EVP, and Adopt the EVP.

    1. Build and Assess the EVP

    Assess your existing employee value proposition and/or build a forward-looking, meaningful, authentic, aspirational EVP.

    2. Test the EVP

    Gather feedback from staff to ensure the EVP is meaningful internally and externally.

    3. Adopt the EVP

    Identify how and where you will leverage the EVP internally and externally, and integrate the EVP into your candidate experience, job ads, and employee engagement initiatives.

    As you build your EVP, keep in mind that while it’s important to brand your IT organization as an inclusive workplace to help you attract diverse candidates, be honest about your current level of diversity and your intentions to improve. Otherwise, new recruits will be disappointed and leave.

    What is an employee value proposition?

    And what are the key components?

    The employee value proposition is your opportunity to showcase the unique benefits and opportunities of working at your organization, allowing you to attract a wider pool of candidates.

    AN EMPLOYEE VALUE PROPOSITION IS:

    AN EMPLOYEE VALUE PROPOSITION IS NOT:

    • An authentic representation of the employee experience
    • Aligned with organizational culture
    • Fundamental to all stages of the employee lifecycle
    • A guide to help investment in programs and policies
    • Short and succinct
    • What the employee can do for you
    • A list of programs and policies
    • An annual project

    THE FOUR KEY COMPONENTS OF AN EMPLOYEE VALUE PROPOSITION

    Rewards

    Organizational Elements

    Working Conditions

    Day-to-Day Job Elements

    • Compensation
    • Health Benefits
    • Retirement Benefits
    • Vacation
    • Culture
    • Customer Focus
    • Organization Potential
    • Department Relationships
    • Senior Management Relationships
    • Work/Life Balance
    • Working Environment
    • Employee Empowerment
    • Development
    • Rewards & Recognition
    • Co-Worker Relationships
    • Manager Relationships

    Creating a compelling EVP that presents a picture of your employee experience, with a focus on diversity, will attract females to your team. This can lead to many internal and external benefits for your organization.

    Collect relevant information

    Existing Employee Value Proposition: If your organization or IT department has an existing employee value proposition, rather than starting from scratch, we recommend leveraging that and moving to the testing phase to see if the EVP still resonates with staff and external parties.

    Employee Engagement Results: If your organization does an employee engagement survey, review the results to identify the areas in which the IT organization is performing well. Identify and document any key comment themes in the report around why employees enjoy working for the organization or what makes your IT department a great place to work.

    Social Media Sites. Prepare for the good, the bad, and the ugly. Social media websites like Glassdoor and Indeed make it easier for employees to share their experiences at an organization honestly and candidly. While postings on these sites won’t relate exclusively to the IT department, they do invite participants to identify their department in the organization. You can search these to identify any positive things people are saying about working for the organization and potentially opportunities for improvement (which you can use as a starting point in the retention section of this report).

    Step 1.1

    Sell – Assess the current state and develop your employee value proposition

    Activities

    1.1.1 Gather feedback on unique benefits

    1.1.2 Build key messages

    1.1.3 Test your EVP

    1.1.4 Adopt your EVP

    1.1.5 Review job postings for gender bias

    1.1.1 Gather feedback

    1. Hold a series of focus groups with employees to understand what about the organization attracted them to join and to stay at the organization.
    2. Start by identifying if you will interview all employees or a subset. If you are going to use a subset, ensure you have at least one male and one female participating from each team and representation of all levels within the department.
    3. Print the EVP Interview Guide to focus your conversation, and ask each individual to take 15 minutes and respond to questions 1-3 in the Guide:
    4. Draw a quadrant on the board and mark each quadrant with four categories: Day-to-Day Elements, Organizational Elements, Compensation & Benefits, and Working Conditions. Provide each participant with sticky notes and ask them to brainstorm the top five things they value most about working at the organization. Ask them to place each sticky in the appropriate category and identify any key themes.
    5. Ask participants to hand in their EVP Interview Guides and document all of the key findings.

    Input

    Output

    • Employee opinions
    • Employee responses to four EVP components
    • Content for EVP

    Materials

    Participants

    • EVP Interview Guide handout
    • Pen and paper for documenting responses
    • Male and female employees
    • Different departments
    • Different role levels

    Download the EVP Interview Guide

    1.1.2 Build key messages

    1. Collect all of the information from the various focus groups and begin to build out the employee value proposition statements.
    2. Identify the key elements that staff felt were unique and highly valued by employees and group these into common themes.
    3. Identify categories that related to one of the five key drivers* of women’s retention in IT and highlight any key elements related to these:
    • Culture: The degree to which an employee identifies with the beliefs, values, and attitudes of the organization.
    • Company Potential: An employee’s understanding, commitment, and excitement about the organization’s mission and future.
    • Employee Empowerment: The degree to which employees have accountability and control over their work within a supported environment.
    • Learning and Development: A cooperative and continuous effort to enhance an employee’s skill set and expertise and meet an employee’s career objectives.
    • Manager Relationships: The professional and personal relationship an employee has with their manager, including trust, support, and development.
  • Identify up to four key statements to focus on for the EVP, ensuring that your EVP speaks to at least one of the five categories above.
  • Integrate these into one overall statement.
  • *See Engagement Driver Handout slides for more details on these five drivers.

    Input

    Output

    • Feedback from focus groups
    • EVP and supporting statements

    Materials

    Participants

    • EVP Interview Guide handout
    • Pen and paper for documenting responses
    • IT leadership team

    Quality test your revised EVP

    Use Info-Tech’s EVP Scorecard.

    Internally and Externally

    Use the EVP Scorecard and EVP Scorecard Handout throughout this step to assess your EVP against:

    Internal Criteria:

    • Accuracy
    • Alignment
    • Aspirational
    • Differentiation

    External Criteria:

    • Clear
    • Compelling
    • Concise
    • Differentiation
    The image contains screenshots of Info-Tech's EVP Scorecard.

    Ensure your EVP resonates with employees and prospects

    Test your EVP with internal and external audiences.

    INTERNAL TEST REVOLVES AROUND THE 3A’s

    EXTERNAL TEST REVOLVES AROUND THE 3C’s

    ALIGNED: The EVP is in line with the organization’s purpose, vision, values, and processes. Ensure policies and programs are aligned with the organization’s EVP.

    CLEAR: The EVP is straightforward, simple, and easy to understand. Without a clear message in the market, even the best intentioned EVPs can be lost in confusion.

    ACCURATE: The EVP is clear and compelling, supported by proof points. It captures the true employee experience, which matches the organization’s communication and message in the market.

    COMPELLING: The EVP emphasizes the value created for employees and is a strong motivator to join this organization. A strong EVP will be effective in drawing in external candidates. The message will resonate with them and attract them to your organization.

    ASPIRATIONAL: The EVP inspires both individuals and the IT organization as a whole. Identify and invest in the areas that are sure to generate the highest returns for employees.

    COMPREHENSIVE: The EVP provides enough information for the potential employee to understand the true employee experience and to self-assess whether they are a good fit for your organization. If the EVP lacks depth, the potential employee may have a hard time understanding the benefits and rewards of working for your organization.

    1.1.3 Test your EVP

    1. Identify the internal and external individuals who you want to gather feedback from about the EVP.
    2. For internal candidates, send a copy of the EVP and ask them to complete the Internal Assessment (ensure that you have at least 50% representation of women).
    3. For external candidates, identify first how you will reach out to them; popular options are to have team members in key roles reach out to members of their LinkedIn network who are in similar roles to themselves. Request that they look for a diverse group to gather feedback from.
    4. Have the external candidates complete the External Assessment.
    5. Collect the feedback around the EVP and enter the findings into the EVP Scorecard Tool.
    6. If you are dissatisfied with the scorecard results, go back to the employees you interviewed to ask for additional feedback, focusing on the areas that scored low.
    7. Incorporate the feedback and present the revised EVP to see if the changes resonate with stakeholders.
    8. If you are satisfied with the results, present to the leadership and HR teams for agreement and proceed to adopting the EVP in your organization.

    Input

    Output

    • Internal assessment
    • External assessment
    • Finalized EVP

    Materials

    Participants

    • EVP Internal Assessmentt
    • EVP External Assessment
    • Internal staff members
    • External IT professionals

    1.1.4 Adopt your EVP

    Identify your target audience and marketing channels.

    1. Identify the internal and external individuals who you want to gather feedback from about the EVP.
    • The target audience for your employee value proposition
    • Internal and/or external
    • Local, national, international
    • Experience
    • Applicant pool (e.g. new graduates, professionals, internship)
  • For each target audience, identify where you want to reach them with your employee value proposition.
    • Internal: Town hall meetings, fireside chats
    • External: Social media, advertising, job postings
    • Global: Professional affiliations, head hunters
  • For each target audience, build the communication strategy and identify messaging, mediums, timeline, and task ownership.
  • Input

    Output

    • Employee value proposition
    • EVP plan

    Materials

    Participants

    • Pen and paper
    • EVP participants

    Case Study

    INDUSTRY: Restaurant

    SOURCE: McDonald’s Careers, Canadian Business via McLean & Company

    McDonald’s saw a divide between employee experience and its vision. McDonald’s set out to reinvent its employer image and create the reputation it wanted.

    Challenge

    • Historically, McDonald’s has had a challenging employer brand. Founded on the goal of cost effectiveness, a “McJob” was often associated with lower pay and a poor reputation.
    • McDonald’s reached out to employees using a global survey and asked, “What is it you love most about working at McDonald’s?”

    Solution

    • McDonald’s revaluated its employer brand by creating an EVP focused on the three F’s.
    1. Future – career growth and development opportunities
    2. Flexibility – flexible working hours and job variety
    3. Family & Friends – a people-centric work culture

    Results

    • As a result of developing and promoting its EVP internally, McDonald’s has experienced higher engagement and a steady decrease in turnover.
    • Externally, McDonald’s has been recognized numerous times by the Great Place to Work Institute and has been classified by Maclean’s magazine as one of Canada’s top 50 employers for 13 years running.

    Make your job descriptions more attractive to female applicants

    10 WAYS TO REMOVE GENDER BIAS FROM JOB DESCRIPTIONS – GLASSDOOR – AN EXCERPT

    1. USE GENDER-NEUTRAL TITLES: Male-oriented titles can inadvertently prevent women from clicking on your job in a list of search results. Avoid including words in your titles like “hacker,” “rockstar,” “superhero,” “guru,” and “ninja,” and use neutral, descriptive titles like “engineer,” “project manager,” or “developer.
    2. CHECK PRONOUNS: When describing the tasks of the ideal candidate, use “they” or “you.” Example: “As Product Manager for XYZ, you will be responsible for setting the product vision and strategy.
    3. AVOID (OR BALANCE) YOUR USE OF GENDER-CHARGED WORDS: Analysis from language tool Textio found that the gender language bias in your job posting predicts the gender of the person you’re going to hire. Use a tool like Textio tool or the free Gender Decoder to identify problem spots in your word choices. Examples: “Analyze” and “determine” are typically associated with male traits, while “collaborate” and “support” are considered female. Avoid aggressive language like “crush it.
    4. AVOID SUPERLATIVES: Excessive use of superlatives such as “expert,” “superior,” and “world class” can turn off female candidates who are more collaborative than competitive in nature. Research also shows that women are less likely than men to brag about their accomplishments. In addition, superlatives related to a candidate’s background can limit the pool of female applicants because there may be very few females currently in leading positions at “world-class” firms
    5. LIMIT THE NUMBER OF REQUIREMENTS: Identify which requirements are “nice to have” versus “must have,” and eliminate the “nice to haves.” Research shows that women are unlikely to apply for a position unless they meet 100 percent of the requirements, while men will apply if they meet 60 percent of the requirements.

    For the full article please click here.

    1.1.5 Review job postings

    To understand potential gender bias

    1. Select a job posting that you are looking to fill, review the descriptions, and identify if any of the following apply:
    • Are the titles gender neutral? This doesn’t mean you can’t be creative in your naming, but consider if the name really represents the role you are looking to fill.
    • Do you use pronouns? If there are instances where the posting says “he” OR “she” change this to “they” or “you.”
    • Are you overusing superlatives? Review the posting and ensure that when words like “expert” or “world class” are used that you genuinely need someone who is at that level.
    • Are all of the tasks/responsibilities listed the ones that are absolutely essential to the job? Women are less likely to apply if they don’t have direct experience with 100% of the criteria – if it’s a non-essential, consider whether it’s needed in the posting.
    • Is there any organization-specific jargon used? Where possible, avoid using organization-specific jargon in order to create an inclusive posting. Avoid using terms/acronyms that are only known to your organization.
  • Select four to six members of your staff, both male and female, and have them highlight within the job posting what elements appeal to them and what elements do not appeal to them or would concern them about the job.
  • Review the feedback from staff, and identify potential opportunities to reduce bias within the posting.
  • Input

    Output

    • Job posting
    • Updated job posting

    Materials

    Participants

    • Pen and paper
    • IT staff members

    Case Study

    INDUSTRY: Social Media

    SOURCE: Buffer Open blog

    When the social media platform Buffer replaced one word in a job posting, it noticed an increase in female candidates.

    Challenge

    For the social media platform Buffer, all employees were called “hackers.” It had front-end hackers, back-end hackers, Android hackers, iOS hackers, and traction hackers.

    As the company began to grow and ramp up hiring, the Chief Technology Officer, Sunil Sadasivan, noticed that Buffer was seeing a very low percentage of female candidates for these “hacker” jobs.

    In researching the challenge in lack of female candidates, the Buffer team discovered that the word “hacker” may be just the reason why.

    Solution

    Understanding that wording has a strong impact on the type of candidates applying to work for Buffer started a great and important conversation on the Buffer team.

    Buffer wanted to be as inviting as possible in job listings, especially because it hires for culture fit over technical skill.

    Buffer went through a number of wording choices that could replace “hacker,” and ended on the term “developer.” All external roles were updated to reflect this wording change.

    Results

    By making this slight change to the wording used in their jobs, Buffer went from seeing a less than 2% female representation of applicants for developer jobs to around 12% female representation for the same job.

    Step 1.2

    Search – Reach more candidates by expanding key search criteria and sourcing strategies

    Activities

    1.2.1 Complete role analysis

    1.2.2 Expand your sourcing pools

    Enhance your recruitment strategies

    Sourcing shouldn’t start with an open position; it should start with identifying an anticipated need and building and nurturing a talent pipeline. IT participation in this is critical to effectively promote the employee experience and foster relationships before candidates even apply.

    Expand your search

    What is a candidate sourcing program?

    A candidate sourcing program is one element of the overall HR sourcing approach, which consists of the overall process (steps to source talent), the people responsible for sourcing, and the programs (internal talent mobility, social media, employee referral, alumni network, campus recruitment, etc.).

    What is a sourcing role analysis?

    Part of the sourcing plan will outline how to identify talent for a role, which includes both the role analysis and the market assessment. The market assessment is normally completed by the HR department and consists of analyzing the market conditions as they relate to specific talent needs. The role analysis looks at what is necessary to be successful in a role, including competencies, education, background experience, etc.

    How will this enable you to attract female candidates?

    Expanding your sourcing programs and supporting deeper role analysis will allow your HR department to reach a larger candidate pool and better understand the type of talent that will be successful in roles within your organization. By expanding from traditional pools and criteria you will open the organization up to a wider variety of talent options.

    Minimize bias in sourcing to hire the right talent and protect against risk

    Failure to take an inclusive approach to sourcing will limit your talent pool by sidelining entire groups or discouraging applicants from diverse backgrounds. Address bias in sourcing so that diverse candidates are not excluded from the start. Solutions such as removing biographical data from CVs prior to interviews may reduce bias, but they may come too late to impact diversity.

    Potential areas of bias in sourcing:

    Modifications to reduce bias:

    Intake Session

    • Describing a specific employee when identifying what it takes to be successful in the role. This may include attributes that do not actually promote success (e.g. school or program) but will decrease diversity of thought.
    • Hiring managers display a “like me” bias where they describe a successful candidate as similar to themselves.
    • Focus on competencies for the role rather than attributes of current employees or skills. Technology is changing rapidly – look for people who have demonstrated a capability over a specific skill.

    Sourcing Pools

    • Blindly hunting or sourcing individuals from a few sources, assuming that these sources are always better than others (e.g. Ivy League schools always produce the best candidates).
    • Expand sources. Don’t exclude diverse sources because they’re not popular.
    • Objectively measure source effectiveness to address underlying assumptions.

    1.2.1 Role analysis

    Customize a sourcing plan for key roles to guide talent pipeline creation.

    1. Complete a role analysis to understand key role requirements. If you are hiring for an existing role, start by taking an inventory of who your top and low performers are within the role today.
    2. Consider your top performers and identify what a successful employee can do better than a less successful one. Start by considering their alignment with job requirements, and identify the education, designations/certifications, and experiences that are necessary for this job. Do not limit yourself; carefully consider if the requirements you are including are actually necessary or just nice to have.
    3. Required Entry Criteria

      Preferred Entry Criteria

      Education

      • University Degree – Bachelors
      • University Degree – Masters

      Experience

      • 5+) years design, or related, experience
      • Experience leading a team
      • External consulting experience
      • Healthcare industry experience

      Designations/Certifications

      • ITIL Foundations
    4. Review Info-Tech’s Job Competency Library in the Workforce Planning Workbook, identify the key competencies that are ideal for this anticipated role, and write a description of how this would manifest in your organization.
    5. Competency

      Level of Proficiency

      Behavioral Descriptions

      Business Analysis

      Level 2: Capable

      • Demonstrates a basic understanding of business roles, processes, planning, and requirements in the organization.
      • Demonstrates a basic understanding of how technologies assist in business processes.
      • Develop basic business cases using internal environment analysis for the business unit level.
    6. Hold a meeting with your HR team or recruiter to highlight the types of experience and competencies you are looking for in a hire to expand the search criteria.

    Target diverse talent pools through different sources

    When looking to diversify your workforce, it’s critical that you look to attract and recruit talent from a variety of different talent pools.

    SOURCING APPROACH

    INTERNAL MOBILITY PROGRAM

    Positioning the right talent in the right place, at the right time, for the right reasons, and supporting them appropriately. Often tied to succession or workforce planning, mentorship, and learning and development.

    SOCIAL MEDIA PROGRAM

    The widely accessible electronic tools that enable anyone to publish and access information, collaborate on common efforts, and build relationships. Think beyond the traditional and consider niche social media platforms.

    EMPLOYEE REFERRAL PROGRAM

    Employees recommend qualified candidates. If the referral is hired, the referring employee typically receives some sort of reward.

    ALUMNI PROGRAM

    An alumni referral program is a formalized way to maintain ongoing relationships with former employees of the organization.

    CAMPUS RECRUITING PROGRAM

    A formalized means of attracting and hiring individuals who are about to graduate from schools, colleges, or universities.

    EVENTS & ASSOCIATION PROGRAM

    A targeted approach for participation in non-profit associations and industry events to build brand awareness of your organization and create a forward-looking talent pipeline.

    1.2.2 Expand your sourcing pools

    Increase the number of female applicants.

    1. Identify where your employees are currently being sourced from and identify how many female candidates you have gotten from each channel as a percentage of applicants.
    2. # of Candidates From Approach

      % of Female Candidates From Approach

      Target # of Female Candidates

      Internal Talent Mobility

      Social Media Program

      Employee Referral Program

      Alumni Program

      Campus Recruiting Program

      Events & Non-Profit Affiliations

      Other (job databases, corporate website, etc.)

    3. Work with your HR partner or organization’s recruiter to identify three recruitment channels from the list that you will work on expanding.
    4. Review the following two slides and identify key success factors for the implementation. Identify what role IT will play and what role HR will play in implementing the approach.
    5. Following implementation, monitor the impact of the tactics on the number of women candidates and determine whether to add additional tactics.

    Different talent sources

    Benefits and success factors of using different talent sources

    Benefits

    Keys to Success

    Internal Mobility Program

    • Drives retention by providing opportunities to develop professionally
    • Provides a ready pipeline for rapid changes
    • Reduces time and cost of recruitment
    • Identify career pathing opportunities
    • Identify potential successors for succession planning
    • Build learning and development and mentorship

    Social Media Program

    • Access to candidates
    • Taps extended networks
    • Facilitates consistent communication with candidates and talent in pipelines
    • Personalizes the candidate experience
    • Identify platforms – common and niche
    • Talk to your top performers and IT network and identify which sites they use
    • Identify how people use that platform – nature of posts and engagement
    • Define what content to share and who from IT should be engaging
    • Be timely with participation and responses

    Employee Referral Program

    • Higher applicant-to-hire rate
    • Decreased time to fill positions
    • Decreased turner
    • Increased quality of hire
    • Expands your network – women in IT often know other qualified women in IT and in project delivery
    • Educate employees (particularly female employees) to participate
    • Send reminders, incorporate into onboarding, and ask leaders to share job openings
    • Make it easy to share jobs by providing templates and shortened URLs
    • Where possible, simplify the process by avoiding paper forms, reaching out quickly
    • Select metrics that will identify areas of strength and gaps in the referral program

    Alumni Program

    • A formalized way to maintain ongoing relationship with former employees
    • Positive branding as alumni are regarded as a credible source of information
    • Source of talent – boomerang employees are doubly as valuable as they understand the organization
    • Increased referral potential provides access to a larger network and alumni know what is required to be successful in the organization
    • Identify the purpose of the network and set clear goals
    • Identify what the network will do: Will the network be virtual or in person? Who will chair? Who should participate? etc.
    • Create a simple process for alumni to share information about vacancies and refer people
    • Measure progress

    Campus Recruiting Program

    • Increases employer brand awareness among talent entering the workforce
    • Provides the opportunity to interact with large groups of potential candidates at one time
    • Offers access to a highly diverse audience
    • Identify key competencies and select programs based on relevant curriculum for building those competencies
    • Select targeted schools keeping in mind programs and existing relationships
    • Work with HR to get involved

    Events & Non-Profit Affiliations

    • Create a strong talent pipeline for future positions
    • Build relationships based on shared values in a comfortable environment for participants
    • Ability to expand diversity by targeting different types of events or by leveraging women-focused, specifically women in technology, groups
    • Look for events that attract similar participants to the skills or roles you are looking to attract, e.g. Women Who Code if you’re looking for developers
    • Actively engage and participate in the event
    • Couple this with learning and development activities, and invite female top performers to participate

    Enhance your recruitment strategies

    Work with your HR department to influence the recruitment process by taking a data-driven approach to understand the root cause of applicant drop-off and success and take corrective actions.

    Secure top candidates

    Why does the candidate experience matter?

    Until recently it was an employer’s market, so recruiters and hiring managers were able to get good talent without courting top candidates. Today, that’s not the case. You need to treat your IT candidates like customers and be mindful that this is often one of the first experiences future staff will have with the organization. It will give them their first real sense of the culture of the organization and whether they want to work for the organization.

    What can IT leaders do if they have limited influence over the interview process?

    Work with your HR department to evaluate the existing recruitment process, share challenges you’ve experienced, and offer additional support in the process. Identify where you can influence the process and if there are opportunities to build service-level agreements around the candidate experience.

    Take a data-driven approach

    Understand opportunities to enhance the talent selection process.

    While your HR department likely owns the candidate experience and processes, if you have identified challenges in diversity we recommend partnering with your HR department or recruitment team to identify opportunities for improvement within the process. If you are attracting a good amount of candidates through your sell and search tactics but aren’t finding that this is translating into more women selected, it’s time to take a look at your selection processes.

    SIMPLIFIED CANDIDATE SELECTION PROCESS STEPS

    1. Application Received
    2. Candidate Selected for Interview
    3. Offer Extended
    4. Offer Accepted
    5. Onboarding of Staff

    To understand the challenges within your selection process, start by baselining your drop-off rates throughout selection and comparing the differences in male and female candidates. Use this to pin point the issues within the process and complete a root-cause analysis to identify where to improve.

    Step 1.3

    Secure – reduce bias in your interview process and create positive candidate experiences

    Activities

    1.3.1 Identify selection challenges

    1.3.1 Identify your selection challenges

    Review your candidate data.

    1. Hold a meeting with your HR partner to identify trends in your selection data. If you have an applicant tracking system, pull all relevant information for analysis.
    2. Start by identifying the total number of candidates that move forward in each stage of the process. Record the overall number of applicants for positions (should have this number from your sourcing analysis), overall number of candidates selected for interviews, overall number of offers extended, overall number of offers rejected, and overall number of employees still employed after one year.
    3. Identify the number of female and male candidates in each of those categories and as a percentage of the total number of applicants.
    4. Selection Process Step

      Total # of Candidates

      Male Candidates

      Female Candidates

      % Difference Male & Female

      #

      #

      % of total

      #

      % of total

      Applicants for Posted Position

      150

      115

      76.7%

      35

      23.3%

      70% fewer females

      Selected for Interview

      (Selected for Second Interview)

      (Selected for Final Interview)

      Offer Extended

      Offer Rejected

      Employees Retained for One Year

    5. Identify where there are differences in the percentages of male and female candidates and where there are significant drop-off rates between steps in the process.

    Note: For larger organizations, we highly recommend analyzing differences in specific teams/roles and/or at different seniority levels. If you have that data available, repeat the analysis, controlling for those factors.

    Root-cause analysis can be conducted in a variety of ways

    Align your root-cause analysis technique with the problem that needs to be solved and leverage the skills of the root-cause analysis team.

    Brainstorming/Process of Elimination

    After brainstorming, identify which possible causes are not the issue’s root cause by removing unlikely causes.

    The Five Whys

    Use reverse engineering to delve deeper into a recruitment issue to identify the root cause.

    Ishikawa/Fishbone Diagram

    Use an Ishikawa/fishbone diagram to identify and narrow down possible causes by categories.

    Process of elimination

    Leveraging root-cause analysis techniques.

    Using the process of elimination can be a powerful tool to determine root causes.

    • To use the process of elimination to determine root cause, gather the participants from within your hiring team together once you have identified where your issues are within the recruitment process and brainstorm a list of potential causes.
    • Like all brainstorming exercises, remember that the purpose is to gather the widest possible variety of perspectives, so be sure not to eliminate any suggested causes out of hand.
    • Once you have an exhaustive list of potential causes, you can begin the process of eliminating unlikely causes to arrive at a list of likely potential causes.

    Example

    Problem: Women candidates are rejecting job offers more consistently

    Potential Causes

    • The process took too long to complete
    • Lack of information about the team and culture
    • Candidates aren’t finding benefits/salary compelling
    • Lack of clarity on role expectations
    • Lack of fit between candidate and interviewers
    • Candidates offered other positions
    • Interview tactics were negatively perceived

    As you brainstorm, ensure that you are identifying differentiators between male and female candidate experiences and rationale. If you ask candidates their rationale for turning down roles, ensure that these are included in the discussion.

    The five whys

    Leveraging root-cause analysis techniques

    Repeatedly asking “why” might seem overly simplistic, but it has the potential to be useful.

    • It can be useful, when confronting a problem, to start with the end result and work backwards.
    • According to Olivier Serrat, a knowledge management specialist at the Asian Development Bank, there are three key components that define successful use of the five whys: “(i) accurate and complete statements of problems, (ii) complete honesty in answering the questions, and (iii) the determination to get to the bottom of problems and resolve them.”
    • As a group, develop a consensus around the problem statement. Go around the room and have each person suggest a potential reason for its occurrence. Repeat the process for each potential reason (ask “why?”) until there are no more potential causes to explore.
    • Note: The total number of “whys” may be more or less than five.

    Example

    The image contains an example of the five whys activity as described in the text above.

    Ishikawa/fishbone diagram

    Leveraging root-cause analysis techniques.

    Use this technique to sort potential causes by category and match them to the problem.

    • The first step in creating a fishbone diagram is agreeing on a problem statement and populating a box on the right side of a whiteboard or a piece of chart paper.
    • Draw a horizontal line left from the box and draw several ribs on either side that will represent the categories of causes you will explore.
    • Label each rib with relevant categories. In the recruitment context, consider cause categories like technology, interview, process, etc. Go around the room and ask, “What causes this problem to happen?” Every result produced should fit into one of the identified categories. Place it there, and continue to brainstorm sub-causes.

    The image contains a screenshot example of the Ishikawa/fishbone diagram.

    Info-Tech Best Practice

    Avoid naming individuals in the fishbone diagram. The goal of the root-cause exercise is not to lay blame or zero in on a guilty party but rather to identify how you can rectify any challenges.

    Leverage behavioral interviews

    Use Info-Tech’s Behavioral Interview Questions Library.

    Reduce bias in your interviews.

    In the past, companies were pushing the boundaries of the conventional interview, using unconventional questions to find top talent, e.g. “what color is your personality?” The logic was that the best people are the ones who don’t necessarily show perfectly on a resume, and they were intent on finding the best.

    However, many companies have stopped using these questions after extensive statistical analysis revealed there was no correlation between candidates’ ability to answer them and their future performance on the job. Hiring by intuition – or “gut” – is usually dependent on an interpersonal connection being developed over a very short period of time. This means that people who were naturally likeable would be given preferential treatment in hiring decisions whether they were capable of doing the job.

    Asking behavioral interview questions based on the competency needs of the role is the best way to uncover if the candidates will be able to execute on the job.

    For more information see Info-Tech’s Behavioral Interview Question Library.

    The image contains screenshots of Info-Tech's Behavioral Interview Questions Library.

    Improve the level of diversity in your organization by considering inclusive candidate selection practices

    Key action items to create inclusivity in your candidate selection practices:

    1. Managers must be aware of how bias can influence hiring. Encourage your HR department to provide diversity training for recruiters and hiring managers. Ensure those responsible for recruitment are using best practices, are aware of the impact of unconscious bias, and are making decisions in alignment with your DEI strategy.
    2. Use a variety of interviewers to leverage multiple/diverse perspectives. Hiring decisions made by a group can offer a more balanced perspective. Include interviewers from multiple levels in the organization and both men and women.
    3. Hire for distinguished excellence. Be careful not to simply choose the same kind of people over and over, in the name of cultural fit (Source: Recruiter.com, 2015).
    4. Broaden the notion of fit:

    • Hire for skill fit: you might still hire certain types for a specific job (e.g. analytical types for analysis positions), but these candidates can still be diverse.
    • Hire for fit with your organization’s DEI values, regardless of whether the candidate is from a diverse background or not.
    • It can be tempting for hiring managers to hire individuals who are similar to themselves. However, doing so limits the amount of diversity entering your organization, and as a result, limits your organization’s ability to innovate.
  • Deliberately hire for cognitive diversity. Diverse thought processes, perspectives, and problem-solving abilities are positively correlated with firm performance (Source: Journal of Diversity Management, 2014).
  • Leverage a third-party tool

    Ensure recruiting and onboarding programs are effective by surveying your new hires.

    For a deeper analysis of your new hire processes Info-Tech’s sister company, McLean & Company, is an HR research and advisory firm that offers powerful diagnostics to measure HR processes effectiveness. If you are finding diversity issues to be systemic within the organization, leveraging a diagnostic can greatly improve your processes.

    Use this diagnostic to get vital feedback on:

    • Recruiting efforts. Find out if your job marketing efforts are successful, which paths your candidates took to find you, and whether your company is maintaining an attractive profile.
    • Interviewing process. Ensure candidates experience an organized, professional, and ethical process that accurately sets their expectations for the job.
    • Onboarding process. Make sure your new hires are being trained and integrated into their team effectively.
    • Organizational culture. Is your culture welcoming and inclusive? You need to know if top talent enjoy the environment you have to offer.
    The image contains a screenshot of the New Hire Survey.

    For more information on the New Hire Survey click here. If you are interested in referring your HR partner please contact your account manager.

    Phase 2

    Enhance Your Retention Strategies

    Phase 1

    • 1.1 Sell
    • 1.2 Search
    • 1.3 Secure

    Phase 2

    • 2.1 Engagement
    • 2.2 Employee Experience
    • 2.3 Stay Interviews

    Actively engage female staff to retain them

    Employee engagement: the measurement of effective management practices that create a positive emotional connection between the employee and the organization.

    Engaged employees do what’s best for the organization: they come up with product/service improvements, provide exceptional service to customers, consistently exceed performance expectations, and make efficient use of their time and resources. The result is happy customers, better products/services, and saved costs.

    Today, what we find is that 54% of women in IT are not engaged,* but…

    …engaged employees are: 39% more likely to stay at an organization than employees who are not engaged.*

    Additionally, engaging your female staff also has the additional benefit of increasing willingness to innovate by 30% and performance by 28%. The good news is that increasing employee engagement is not difficult, it just requires dedication and an effective toolkit to monitor, analyze, and implement tactics.*

    * Info-Tech and McLean & Company Diagnostics; N=1,308 IT employees

    Don’t seek to satisfy; drive IT success through engagement

    The image contains a screenshot of a diagram that highlights the differences between satisfied and engaged employees.

    Engagement drivers that impact retention for men and women are different – tailor your strategy to your audience

    Ranked correlation of impact of engagement drivers on retention

    The image contains a screenshot that demonstrates the differences in retaining men and women in IT.

    * Recent data stays consistent, but the importance of compensation and recognition in retaining women in IT is increasing.

    Info-Tech Research Group Employee Engagement Diagnostic; N=1,856 IT employees.

    An analysis of the differences between men and women in IT’s drivers indicates that women in IT are significantly less likely than men in IT to agree with the following statements:

    Culture:

    • They identify well with the organization’s values.
    • The organization has a very friendly atmosphere.

    Employee Empowerment:

    • They are given the chance to fully leverage their talents through their job.

    Manager Relationships:

    • They can trust their manager.
    • Their manager cares about them as a person

    Working Environment:

    • They have not seen incidents of discrimination at their organization based on age, gender, sexual orientation, religion, or ethnicity.

    Enhance your retention strategies

    Employee engagement is one of the greatest predictors of intention to stay. To retain you need to understand not only engagement but also your employee experience – the moments that matter – and actively work to create a positive experience.

    Improve employee engagement

    What differentiates an engaged employee?

    Engaged employees do what’s best for the organization: they come up with product/service improvements, provide exceptional service to customers, consistently exceed performance expectations, and make efficient use of their time and resources. The result is happy customers, better products/services, and saved costs.

    Why measure engagement when looking at retention?

    Engaged employees report 39%1 higher intention to stay at the organization than disengaged employees. The cost of losing an employee is estimated to be 150% to 200% of their annual salary.2 Can you afford to not engage your staff?

    Why should IT leadership be responsible for their staff engagement?

    Engagement happens every day, through every interaction, and needs to be tailored to individual team members to be successful. When engagement is owned by IT leadership, engagement initiatives are incorporated into daily experiences and personalized to their employees based on what is happening in real time. It is this active, dynamic leadership that inspires ongoing employee engagement and differentiates those who talk about engagement from those who succeed in engaging their teams.

    Sources: 1 - McLean & Company Employee Engagement Survey, 2 - Gallup, 2019

    Step 2.1

    Improve employee engagement

    Activities

    2.1.1 Review employee engagement results and trends

    2.1.2 Focus on areas that impact retention of women

    Take a data-driven approach

    Info-Tech’s employee engagement diagnostics are low-effort, high-impact programs that will give you detailed report cards on the organization’s engagement levels. Use these insights to understand your employees’ engagement levels by a variety of core demographics.

    FULL ENGAGEMENT DIAGNOSTIC

    EMPLOYEE EXPERIENCE MONITOR

    The full engagement diagnostic provides a comprehensive view of your organization’s engagement levels, informing you of what motivates employees and providing a detailed view of what engagement drivers to focus on for optimal results.

    Info-Tech & McLean & Company’s Full Engagement Diagnostic Survey has 81 questions in total.

    The survey should be completed annually and typically takes 15-20 minutes to complete.

    The EXM Dashboard is designed to give organizations a real-time view of employee engagement while being minimally intrusive.

    This monthly one-question survey allows organizations to track the impact of events and initiatives on employee engagement as they happen, creating a culture of engagement.

    The survey takes less than 30 seconds to complete and is fully automated.

    For the purpose of improving retention of women in IT, we encourage you to leverage the EXM tool, which will allow you to track how this demographic group’s engagement changes as you implement new initiatives.

    Engagement survey

    For a detailed breakdown of staff overall engagement priorities.

    Overall Engagement Results

    • A clear breakdown of employee engagement results by demographic, gender, and team.
    • Detailed engagement breakdown and benchmarking.
    The image contains a screenshot of the overall engagement results.

    Priority Matrix and Driver Scores

    • A priority matrix specific to your organization.
    • A breakdown of question scores by priority matrix quadrant.
    • Know what not to focus your effort on – not all engagement drivers will have a high impact on engagement.
    The image contains a screenshot of the priority matrix and driver scores.

    EXM dashboard

    Reporting to track engagement in real time.

    EXM Dashboard

    • Leverage Info-Tech’s real-time Employee Experience Monitor dashboard to track your team’s engagement levels over time.
    • Track changes in the number of supporters and detractors and slice the data by roles, teams, and gender.
    The image contains a screenshot of the EXM dashboard.

    Time Series Trends

    • As you implement new initiatives to improve the engagement and retention of staff, track their impact and continuously course correct.
    • Empower your leaders to actively manage their team culture to drive innovation, retention, and productivity.
    The image contains a screenshot of the time series trends.

    Start your diagnostic now

    Leverage your Info-Tech membership to seamlessly launch your employee engagement survey.

    Info-Tech’s dedicated team of program managers will facilitate this diagnostic program remotely, providing you with a convenient, low-effort, high-impact experience.

    We will guide you through the process with your goals in mind to deliver deep insight into your successes and areas to improve.

    What You Need to Do:

    Info-Tech’s Program Manager Will:

    1. Contact Info-Tech to launch the program.
    2. Review the two survey options to select the right survey for your organization.
    3. Work with an Info-Tech analyst to set up your personal diagnostic.
    4. Identify who you would like to take the survey.
    5. Customize Info-Tech’s email templates.
    6. Participate in a one-hour results call with an Info-Tech executive advisor.
    1. Work with you to define your engagement strategy and goals.
    2. Launch, maintain, and support the diagnostic in the field.
    3. Provide you with response rates throughout the process.
    4. Explore your results in a one-hour call with an executive advisor to fully understand key insights from the data.
    5. Provide quarterly updates and training materials for your leadership team.

    Start Now

    2.1.1 Review employee engagement results

    Identify trends

    1. In a call with one of Info-Tech’s executive advisors, review the results of your employee engagement survey.
    2. Identify which departments are most and least engaged and brainstorm some high-level reasons.
    3. Review the demographic information and highlight any inconsistencies or areas with high levels of variance. Document which demographics have the most and least engaged, disengaged, and indifferent employees.
    4. With help from the Info-Tech executive advisor, identify and document any dramatic differences in the demographic data, particularly around gender.
    5. Identify if the majority of issues effecting engagement are at an organization or department level and which stakeholders you need to engage to support the process moving forward.
    6. Identify next steps.
    Input
    • Employee engagement results
    Participants
    • CIO
    • Info-Tech Advisor

    2.1.2 Focus on areas that impact retention of women

    Hold focus groups with IT staff and focus on the five areas with the greatest impact on women’s retention.

    1. Review the handout slides on the following pages to get a better understanding of the definition of each of the top five drivers impacting women’s retention. Depending on your team’s size, pick one to three drivers to focus on for your first focus group.
    2. Divide the participants into teams and on flip chart paper or using sticky notes have the teams brainstorm what you can stop/start/continue doing to help you improve on your assigned driver.
    • Continue: actions that work for the team related to this driver and should proceed.
    • Start: actions/initiatives that the team would like to begin.
    • Stop: actions/initiatives that the team would like to stop.
  • Prioritize the initiatives by considering: Is this initiative something you feel will make an impact on the engagement driver? Eliminate any initiatives that would not make an impact.
  • Have the groups present back and vote on two to three initiatives to implement to drive improvements within that area.
  • Culture

    Engagement driver handout

    Culture: The degree to which an employee identifies with the beliefs, values, and attitudes of the organization.

    Questions:

    • I identify well with the organization’s values.
    • This organization has a collaborative work environment.
    • This organization has a very friendly atmosphere.
    • I am a fit for the organizational culture.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #1
    • Men in IT: #2

    Company Potential

    Engagement driver handout

    Company Potential: An employee’s understanding of and commitment to the organization’s mission, and the employee’s excitement about the organization’s mission and future.

    Questions:

    • This organization has a bright future.
    • I am impressed with the quality of people at this organization.
    • People in this organization are committed to doing high-quality work.
    • I believe in the organization’s overall business strategy.
    • This organization encourages innovation.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #2
    • Men in IT: #1

    Employee Empowerment

    Engagement driver handout

    Employee Empowerment: The degree to which employees have accountability and control over their work within a supported environment.

    Questions:

    • I am not afraid of trying out new ideas in my job.
    • If I make a suggestion to improve something in my department I believe it will be taken seriously.
    • I am empowered to make decisions about how I do my work.
    • I clearly understand what is expected of me on the job.
    • I have all the tools I need to do a great job.
    • I am given the chance to fully leverage my talents through my job.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #3
    • Men in IT: #6

    Learning and Development

    Engagement driver handout

    Learning and Development: A cooperative and continuous effort between an employee and the organization to enhance an employee’s skill set and expertise and meet an employee’s career objectives and the organization’s needs.

    Questions:

    • I can advance my career in this organization.
    • I am encouraged to pursue career development activities.
    • In the last year, I have received an adequate amount of training.
    • In the last year, the training I have received has helped me do my job better.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #4
    • Men in IT: #5

    Manager Relationships

    Engagement driver handout

    Manager Relationships: The professional and personal relationship an employee has with their manager. Manager relationships depend on the trust that exists between these two individuals and the extent that a manager supports and develops the employee.

    Questions:

    • My manager inspires me to improve.
    • My manager provides me with high-quality feedback.
    • My manager helps me achieve better results.
    • I trust my manager.
    • My manager cares about me as a person.
    • My manager keeps me well informed about decisions that affect me.

    Ranked Correlation of Impact of Engagement Driver on Retention:

    • Women in IT: #5
    • Men in IT: #11

    Step 2.2

    Examine employee experience

    Activities

    2.2.1 Identify moments that matter

    Understand why and when employees plan to depart

    Leverage “psychology of quitting” expertise.

    Train your managers to provide them with the skills and expertise to recognize the warning signs of an employee’s departure and know how to re-engage and retain them.

    • The majority of resignations are not spur of the moment. They are the result of a compilation of events over a period of time. Normally, these instances are magnified by a stimulant. The final straw or the breaking point drives the employee to make a change. In fact, it has been estimated that a shock jumpstarts 65% of departures.*
      • These shocks could be a lack of promotion, loss of privilege or development opportunity, or a quarrel with a manager.
    • Employees rarely leave right away. Most wait until they have confirmed a new job opportunity before leaving. This creates a window in which you can reengage and retain them.
    • The majority of employees show signs that they are beginning to think of leaving. Whether that is leaving immediately, putting in the bare minimum of effort, or job searching online at work. Train your managers to know the signs and to keep an eye out for potentially dissatisfied and searching employees.*
    • It is easier and less costly to reengage an employee than to start the hiring process from the beginning.
    *Source: The Career Café, 2017

    Examine employee experience (EX)

    Look beyond engagement drivers to drive retention.

    Employee experience (EX) is the employee’s perception of their cumulative lived experiences with the organization. It is gauged by how well the employee’s expectations are met within the parameters of the workplace, especially by the “moments that matter” to them. Individual employee engagement is the outcome of a strong overall EX.

    The image contains a diagram as an example of examining employee experience.

    Drive a positive employee experience

    Identify moments that matter.

    Moments that matter are defining pieces or periods in an employee’s experience that create a critical turning point or memory that is of significant importance to them.

    These are moments that dramatically change the path of the emotional journey, influence the quality of the final outcome, or end the journey prematurely.

    To identify the moment that matters look for significant drops in the emotional journey that your organization needs to improve or significant bumps that your organization can capitalize on. Look for these drops or bumps in the journey and take stock of everything you have recorded at that point in the process. To improve the experience, analyze the hidden needs and how they are or aren’t being met.

    The image contains a screenshot of an example graph to demonstrate opportunities and issues to help drive a positive employee experience.

    Info-Tech Insight

    The moment that matters is key and it could be completely separate from organizational life, like the death of a family member. Leaders can more proactively address these moments that matter by identifying them and determining how to make the touchpoint at that moment more impactful.

    2.2.1 Identify moments that matter

    1. Review your Employee Experience Monitor weekly trends by logging into your dashboard and clicking on “Time Series Trends.”
    2. With your management team, identify any weekly trends where your Employee Experience Score has seen changes in the number of detractor, passive, or promoter responses.
    3. For each significant change identify:
    • Increase in promoters or decrease in detractors:
      • What can we do to duplicate positive moments that occurred this week?
      • What did I do as a leader to create positive employee experiences?
      • What happened in the organization that created a positive employee experience?
    • Increase in detractors or decrease in promoters:
      • What difficult change was delivered this week?
      • What about this change was negatively perceived?
      • During the difficult situation how did we as a leadership team support our staff?
      • Who did we engage and recognize during the difficult situation?
      • Was this situation a one-off issue or is this likely to occur again?
  • Consider your interactions with employees and identify how you made moments matter during those times related to four key engagement drivers impacting women in IT:
    • How did you promote a positive culture and friendly atmosphere?
    • How did you empower female staff to leverage their talents?
    • How did you interact with staff?
    • How did you promote a positive work environment? Where did you see bias in decisions?
  • Independently as manager, document three to five lessons learned from the changes in your detractors and promoters, and determine what action you will take.
  • Measured benefits of positive employee experience

    Positive employee experiences lead to engaged employees, and engaged employees are eight times more likely to recommend the organization (McLean & Company Employee Engagement Database, 2017; N=74,671).

    Retention

    Employees who indicate they are having a positive experience at work have a 52% higher level of intent to stay (Great Place To Work Institute, 2021)

    The bottom line

    Organizations that make employee experience a focus have: 23% higher profitability 10% higher customer loyalty (Achievers, 2021)

    Case Study

    INDUSTRY: Post-Secondary Education

    SOURCE: Adam Grant, “Impact and the Art of Motivation Maintenance: The Effects of Contact with Beneficiaries on Persistence Behavior”

    The future is here! Is your data architecture practice ready?

    Challenge

    A university call center, tasked with raising scholarship money from potential donors, had high employee turnover and low morale.

    Solution

    A study led by Grant arranged for a test group of employees to meet and interact with a scholarship recipient. In the five-minute meeting, employees learned what the student was studying.

    Results

    Demonstrating the purpose behind their work had significant returns. Employees who had met with the student demonstrated:

    More than two times longer “talk time” with potential donors.

    A productivity increase of 400%: the weekly average in donations went from $185.94 to $503.22 for test-group employees.

    Enhance your retention strategies

    Do not wait until employees leave to find out what they were unhappy with or why they liked the organization. Instead, perform stay interviews with top and core talent to create a holistic understanding of what they are perceiving and feeling.

    Conduct stay interviews

    What is a stay interview?

    A stay interview is a conversation with current employees. It should be performed on a yearly basis and is an informal discussion to generate deeper insight into the employee’s opinions, perspectives, concerns, and complaints. Stay interviews can have a multitude of uses. In this project they will be used to understand why top and core talent chose to stay with the organization to ensure that organizations understand and build upon their current strengths.

    When should you do stay interviews?

    We recommend completing stay interviews at least on an annual, if not quarterly, basis to truly understand how staff are feeling about the organization and their job, why they stay at the organization, and what would cause them to leave. Couple the outcomes of these interviews with employee engagement action planning to ensure that you are able to address talent needs.

    Step 2.3

    Conduct stay interviews and learn why employees stay

    Activities

    2.3.1 Conduct stay interviews

    Conduct regular “stay” or “retention” interviews

    Build stay interviews into the regular routine. By incorporating stay interviews into your schedule, they are more likely to stick. This regularity provides several advantages:

    1. Ensures that retention issues do not take you by surprise. With a finger on the pulse of the organization you will be aware of potential issues.
    2. Acts as a supplement to the engagement survey by providing additional information and context for the current level of emotion within the organization.
    3. Begins to build a wealth of information that can be analyzed to identify themes and trends. This can be used to track whether the reasons why individuals stay are consistent or if are they changing. This will ensure that the retention strategy remains up to date.

    Stay interview best practices:

    • Ideally is performed by managers, but can be performed by HR.
      • Ideally completed by managers as they are more familiar with their employees, have a greater reach, can hold meetings in a more informal setting, and will receive information first hand.
      • If conducted by managers, it’s a best practice to ensure that there is a central repository of themes so that you can identify if there are any trends in the responses, that consistent questions are asked, and that all of the information is in one place
    • Should be an informal conversation.
    • Should be conducted in a non-critical time in the business year.
    • Ask three types of questions:
      • What do you enjoy about working here?
      • What would you change about your working environment?
      • What would encourage or force you to leave the organization?
    • Interview a diverse employee base:
      • Demographics
      • Role
      • Performance level
      • Location
    Source: Talent Management & HT, 2013

    Leverage stay interviews

    Use Info-Tech’s Stay Interview Guide.

    Proactively identify opportunities to drive retention.

    The Stay Interview Guide helps managers conduct interviews with current employees, enabling the manager to understand:

    • The employee's current engagement level.
    • The employee's satisfaction with current role and responsibilities.
    • Suggestions for potential improvements.
    • An employee's intent to stay with the organization.

    Use this template to help you understand how you can best engage your employees and identify any challenges, in terms of moments that mattered, that negatively impacted their intention to stay at the organization.

    The image contains a screenshot of Info-Tech's Stay Interview Guide.

    2.3.1 Conduct stay interviews

    1. If you are using the Employee Experience Monitor, prepare for your stay interviews by reviewing your results and identifying if there have been any changes in the results over the previous six weeks. Identify which demographics have the highest and lowest engagement levels – and identify any changes in experience between different demographics.
    2. Identify a meeting schedule and cadence that seems appropriate for your stay interviews. For example, you likely will not do all staff at the same time and it may be beneficial to space out your meetings throughout the year. Select a candidate for your first stay interview and invite them for a one-on-one meeting. If it’s unusual for you to meet with this employee, we recommend providing some light context around the rationale, such as that you are looking for opportunities to strengthen the organizational culture and better understand how you can improve retention and engagement at the organization.
    3. Download the Stay Interview Template, review all of the questions beforehand, and identify the key questions that you want to ask in the meeting.
    • TIP: Even though this is called a “stay interview,” really it should be more of a conversation, and certainly not an interrogation. Know the questions you want to ask, and ask your staff member if it’s ok if you jot down some notes. It may even be beneficial to have the meeting outside of the office, over lunch, or out for coffee.
  • Hold your meeting with the employee and thank them for their time.
  • Following the meeting, send them a thank-you email to thank them for providing feedback, summarize your top three to five key takeaways from the meeting, verify with them that this aligns with their perspective, and see if they have anything else to add to the conversation. Identify any initiatives or changes that you will make as a result of the information – set a date for execution and follow-up.
  • If you are in the process of recruiting new employees to the organization, don’t forget to remind them of your referral program and ask if they might know of any candidates that would be a good fit for the organization.
  • Download the Stay Interview Guide

    Ten tips for best managing stay interviews

    Although stay interviews are meant to be informal, you should schedule them as you would any other meeting. Simply invite the employee for a chat.

    1. Step out of the office if possible. Opt for your local coffee shop, a casual lunch destination, or another public but informal location.
    2. Keep the conversation short, no more than 15 to 20 minutes. If there are any areas of concern that you think warrant action, ask the employee if they would like to discuss them another time. Suggest another meeting to delve deeper into specific issues.
    3. Be clear about the purpose of the conversation. Stay interviews are not performance reviews.
    4. Focus on what you can do for them. Ask about the employee’s preferences when it comes to feedback and communication (frequency, method, etc.) as well as development (preferences around methods, e.g. coaching or rotations, and personal goals).
    5. Be positive. Ask your employee what they like about their job and use positively framed questions.
    6. Ask about what they like doing. People enjoy talking about what they like to do. Ask employees about the talents and skills they would like to incorporate into their work duties.
    7. Show that you’re listening – paraphrase, ask for clarification, and use appropriate gestures.
    8. Refrain from taking notes during the meeting to preserve a conversational atmosphere.
    9. Pay attention to the employee’s body language and tone. If it appears that they are uncomfortable talking to you, stop the interview or pause to let them collect themselves.
    10. Be open to suggestions, but remember that you can’t control everything. If the employee brings up issues that are beyond your control, tell them that you will do all you can to improve the situation but can’t guarantee anything.

    Related Info-Tech Research

    Recruit and Retain People of Color in IT

    • To stay competitive, IT leaders need to be more involved and commit to a plan to recruit and retain people of color in their departments and organizations. A diverse team is an answer to innovation that can differentiate your company.
    • Treat recruiting and retaining a diverse team as a business challenge that requires full engagement. Info-Tech offers a targeted solution that will help IT leaders build a plan to attract, recruit, engage, and retain people of color.

    Recruit Top IT Talent

    • Changing workforce dynamics and increased transparency have shifted the power from employers to job seekers, stiffening the competition for talent.
    • Candidate expectations match high consumer expectations and affect the employer brand, the consumer brand, and overall organizational reputation. Delivering a positive candidate experience (CX2) is no longer optional.

    Acquire the Right Hires with Effective Interviewing

    • Talk is cheap. Hiring isn’t.
    • Gain insight into and understand the need for a strong interview process.
    • Strategize and plan your interview process.
    • Understand various hiring scenarios and how an interview process may be modified to reflect your organization’s scenario.

    Bibliography

    “4 Hiring Trends Technology Managers Need to Know.” Robert Half Talent Solutions, 4 Oct. 2021. Accessed 4 Feb. 2022.

    “89% of CIOs are concerned about Talent Retention: SOTD CIO.” 2016 Harvey Nash/KPMG CIO Survey, CIO From IDG, 12 Aug. 2016. Web.

    Angier, Michelle, and Beth Axelrod. “Realizing the power of talented women.” McKinsey Insights, Sept. 2014. Web.

    Beansontoast23. “Not being trained on my first dev job.” Reddit, 29 July 2016. Web.

    Birt, Martin. “How to develop a successful mentorship program: 8 steps.” Financial Post, 5 Dec. 2014. Web.

    Bort, Julie. “The 25 Best Tech Employers For Women [Ranked].” Business Insider, 18 Nov. 2014. Web.

    Bradford, Laurence. “15 of the Most Powerful Women in Tech.” The Balance Careers, Updated 4 Feb. 2018. Web.

    “Building A Stronger, Better, More Diverse eBay.” eBay Inc., 31 July 2014. Web.

    “Canada’s Best Employers 2015: The Top 50 Large Companies.” Canadian Business, 2014. Article.

    Cao, Jing, and Wei Xue. “What are the Best practices to Promote High-Ranking Female Employees Within Organizations?” Cornell University ILR School, Spring 2013. Web.

    Cheng, Roger. “Women in Tech: The Numbers Don't Add Up.” CNET, 6 May 2015. Web.

    “CIO Survey 2020: Everything Changed. Or Did It?” Harvey Nash and KPMG, 2020. Accessed 24 Feb. 2022.

    Daley, Sam. “Women in Tech Statistics Show the Industry Has a Long Way to Go.” Built In, 5 May 2021. Accessed 1 March 2022.

    Dixon-Fyle, Sundiatu, et al. “Diversity wins: How inclusion matters.” McKinsey & Company, 19 May 2020. Accessed 24 Feb. 2022.

    Donovan, Julia. “How to Quantify the Benefits of Enhancing Your Employee Experience.” Achievers Solution Inc., 21 Sept. 2021. Web.

    “Engage Me! Employee Engagement Explored.” SoftSolutions, 12 Jan. 2016. Web.

    Erb, Marcus. Global Employee Engagement Benchmark Study. Great Place to Work Institute, 29 Nov. 2021. Accessed 15 Feb. 2022.

    Garner, Mandy. “How to attract and recruit a more gender diverse team.” Working Mums, 4 March 2016. Web.

    Gaur, Shubhra. “Women in IT: Their path to the top is like a maze.” Firstpost, 28 Aug. 2015. Web.

    “Girls Gone Wired Subreddit.” Reddit, n.d. Web.

    Glassdoor Team. “10 Ways to Remove Gender Bias from Job Descriptions.” Glassdoor for Employers Blog, 9 May 2017. Web.

    Grant, Adam. “Impact and the Art of Motivation Maintenance: The Effects of Contact with Beneficiaries on Persistence Behavior.” Organizational Behavior and Human Decision Processes, vol. 103, no. 1, 2007, pp. 53-67. Accessed on ScienceDirect.

    IBM Smarter Workforce Institute. The Employee Experience Index. IBM Corporation, 2016. Web.

    ISACA. “Tech Workforce 2020: The Age and Gender Perception Gap.” An ISACA Global Survey Report, 2019. Accessed 17 Feb. 2022.

    Johnson, Stephanie K., David R. Hekman, and Elsa T. Chan. “If There’s Only One Woman in Your Candidate Pool, There’s Statistically No Chance She’ll Be Hired.” Harvard Business Review, 26 April 2016. Web.

    Kessler, Sarah. “Tech's Big Gender Diversity Push One Year In.” Fast Company, 19 Nov. 2015. Web.

    Kosinski, M. “Why You Might Want to Focus a Little Less on Hiring for Cultural Fit.” Recruiter.com, 11 Aug. 2015. Web.

    Krome, M. A. “Knowledge Transformation: A Case for Workforce Diversity.” Journal of Diversity Management (JDM), vol. 9, no. 2, Nov. 2014, pp. 103-110.

    Ladimeij, Kazim. “Why Staff Resign; the Psychology of Quitting.” The Career Café, 31 March 2017. Updated 9 Jan. 2018. Web.

    Loehr, Anne. “Why You Need a New Strategy For Retaining Female Talent.” ReWork, 10 Aug. 2015. Web.

    Lucas, Suzanne. “How Much Employee Turnover Really Costs You.” Inc., 30 Aug. 2013. Web.

    Marttila, Paula. “5 Step Action Plan To Attract Women Join Tech Startups.” LinkedIn, 10 March 2016. Web.

    Mayor, Tracy. “Women in IT: How deep is the bench?” Computerworld, 19 Nov. 2012. Web.

    McCracken, Douglas M. “Winning the Talent War for Women: Sometimes It Takes a Revolution.” Harvard Business Review, Nov.-Dec. 2000. Web.

    McDonald’s Careers. McDonald’s, n.d. Web.

    McFeely, Shane, and Ben Wigert. “This Fixable Problem Costs U.S. Businesses $1 Trillion.” Gallup, Inc., 31 March 2019. Accessed 4 March 2022.

    Morgan, Jacob. The Employee Experience Advantage: How to Win the War for Talent by Giving Employees the Workspaces they Want, the Tools they Need, and a Culture They Can Celebrate. John Wiley & Sons, Inc., 2017. Print.

    Napolitano, Amy. “How to Build a Successful Mentoring Program.” Training Industry, 20 April 2015. Web.

    Peck, Emily. “The Stats On Women In Tech Are Actually Getting Worse.” Huffington Post. 27 March 2015. Updated 6 Dec. 2017. Web. 20

    Porter, Jane. “Why Are Women Leaving Science, Engineering, And Tech Jobs?” Fast Company, 15 Oct. 2014. Web.

    Pratt, Siofra. “Emma Watson: Your New Recruitment Guru - How to: Attract, Source and Recruit Women.” SocialTalent, 25 Sept. 2014. Web.

    “RBC Diversity Blueprint 2012-2015.” 2012-2015 Report Card, RBC, 2015. Web.

    Richter, Felix. “Infographic: Women’s Representation in Big Tech.” Statista Infographics, 1 July 2021. Web.

    Rogers, Rikki. “5 Ways Companies Can Attract More Women (Aside From Offering to Freeze Their Eggs).” The Muse, n.d. Web.

    Sazzoid. “HOWTO recruit and retain women in tech workplaces.” Geek Feminism Wiki, 10 Jan. 2012. Updated 18 Aug. 2016. Web.

    Seiter, Courtney. “Why We Removed the Word ‘Hacker’ From Buffer Job Descriptions.” Buffer Open blog, 13 March 2015. Updated 31 Aug. 2018. Web.

    Serebrin, Jacob. “With tech giants like Google going after female talent, how can startups compete?” The Globe and Mail, 18 Jan. 2016. Updated 16 May 2018. Web.

    Snyder, Kieran. “Why women leave tech: It's the culture, not because 'math is hard'.” Fortune, 2 Oct. 2014. Web.

    Stackpole, Beth. “5 ways to attract and retain female technologists.” Computerworld, 7 March 2016. Web.

    Sullivan, John. “4 Stay Interview Formats You Really Should Consider.” Talent Management & HT, 5 Dec. 2013. Web.

    Syed, Nurhuda. “IWD 2021: Why Are Women Underrepresented in the C-Suite?” HRD America, 5 March 2021. Web.

    Sylvester, Cheryl. “How to empower women in IT (and beyond) on #InternationalWomenDay.” ITBUSINESS.CA, 31 March 2016. Web.

    “The Power of Parity: Advancing Women’s Equality in the United States.” McKinsey Global Institute, April 2016. Web.

    White, Cindy. “How to Promote Gender Equality in the Workplace.” Chron, 8 Aug. 2018. Web.

    White, Sarah. “Women in Tech Statistics: The Hard Truths of an Uphill Battle.” CIO From IDG Communication, Inc., 8 March 2021. Accessed 24 Feb. 2022.

    Essentials of Vendor Management for Small Business

    • Buy Link or Shortcode: {j2store}229|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Each year, SMB IT organizations spend more money “outsourcing” tasks, activities, applications, functions, and other items.
    • Many SMBs lack the affordability of implementing a sophisticated vendor management initiative or office.
    • The increased spend and associated outsourcing leads to less control, and more risk for IT organizations. Managing this becomes a higher priority for IT, but many IT organizations are ill-equipped to do this proactively.

    Our Advice

    Critical Insight

    • Vendor management is not “plug and play” – each organization’s vendor management initiative (VMI) needs to fit its culture, environment, and goals. There are commonalities among vendor management initiatives, but the key is to adapt vendor management principles to fit your needs, not the other way around.
    • All vendors are not of equal importance to an organization. Internal resources are a scarce commodity and should be deployed so that they provide the best return on the organization’s investment. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.
    • Having a solid foundation is critical to the VMI’s ongoing success. Whether you will be creating a formal vendor management office or using vendor management techniques, tools, and templates “informally”, starting with the basics is essential. Make sure you understand why the VMI exists and what it hopes to achieve, what is in and out of scope for the VMI, what strengths the VMI can leverage and the obstacles it will have to address, and how it will work with other areas within your organization.

    Impact and Result

    • Build and implement a vendor management initiative tailored to your environment.
    • Create a solid foundation to sustain your vendor management initiative as it evolves and matures.
    • Leverage vendor management-specific tools and templates to manage vendors more proactively and improve communication.
    • Concentrate your vendor management resources on the right vendors.
    • Build a roadmap and project plan for your vendor management journey to ensure you reach your destination.
    • Build collaborative relationships with critical vendors.

    Essentials of Vendor Management for Small Business Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand how changes in the vendor landscape and customer reliance on vendors have made a vendor management initiative indispensible.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Plan

    This phase helps you organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI.

    • Essentials of Vendor Management for Small Business – Phase 1: Plan
    • Phase 1 Small Business Tools and Templates Compendium

    2. Build

    This phase helps you configure and create the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan.

    • Essentials of Vendor Management for Small Business – Phase 2: Build
    • Phase 2 Small Business Vendor Classification Tool
    • Phase 2 Small Business Risk Assessment Tool
    • Phase 2 Small Business Tools and Templates Compendium

    3. Run

    This phase helps you begin operating the VMI. The main outcomes from this phase are guidance and the steps required to implement your VMI.

    • Essentials of Vendor Management for Small Business – Phase 3: Run

    4. Review

    This phase helps the VMI identify what it should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.

    • Essentials of Vendor Management for Small Business – Phase 4: Review
    [infographic]

    Further reading

    Essentials of Vendor Management for Small Business

    Create and implement a vendor management framework to begin obtaining measurable results in 90 days.


    EXECUTIVE BRIEF

    Analyst Perspective

    Vendor Management Challenge

    Small businesses are often challenged by the growth and complexity of their vendor ecosystem, including the degree to which the vendors control them. Vendors are increasing, obtaining more and more budget dollars, while funding for staff or headcount is decreasing as a result of cloud-based applications and an increase in our reliance on Managed Service Providers. Initiating a vendor management initiative (VMI) vs. creating a fully staffed vendor management office will get you started on the path of proactively controlling your vendors instead of consistently operating in a reactionary mode. This blueprint is designed with that very thought: to assist small businesses in creating the essentials of a vendor management initiative.

    This is a picture of Steve Jeffery

    Steve Jeffery
    Principal Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Each year, IT organizations "outsource" tasks, activities, functions, and other items. During 2021:

    • Spend on as-a-service providers increased 38% over 2020.*
    • Spend on managed service providers increased 16% over 2020.*
    • IT service providers increased their merger and acquisition numbers by 47% over 2020.*

    This leads to more spend, less control, and more risk for IT organizations. Managing this becomes a higher priority for IT, but many IT organizations are ill-equipped to do this proactively.

    Common Obstacles

    As new contracts are negotiated and existing contracts are renegotiated or renewed, there is a perception that the contracts will yield certain results, output, performance, solutions, or outcomes. The hope is that these will provide a measurable expected value to IT and the organization. Oftentimes, much of the expected value is never realized. Many organizations don't have a VMI to help:

    • Ensure at least the expected value is achieved.
    • Improve on the expected value through performance management.
    • Significantly increase the expected value through a proactive VMI.

    Info-Tech's Approach

    Vendor Management is a proactive, cross-functional lifecycle. It can be broken down into four phases:

    • Plan
    • Build
    • Run
    • Review

    The Info-Tech process addresses all four phases and provides a step-by-step approach to configure and operate your VMI. The content in this blueprint helps you quickly establish your VMI and sets a solid foundation for its growth and maturity.

    Info-Tech Insight

    Vendor management is not a one-size-fits-all initiative. It must be configured:

    • For your environment, culture, and goals.
    • To leverage the strengths of your organization and personnel.
    • To focus your energy and resources on your critical vendors.

    Executive Summary

    Your challenge

    Spend on managed service providers and as-a-service providers continues to increase. In addition, IT services vendors continue to be active in the mergers and acquisitions arena. This increases the need for a VMI to help with the changing IT vendor landscape.

    38%

    2021

    16%

    2021

    47%

    2021

    Spend on as-a-service providers

    Spend on managed services providers

    IT services merger & acquisition growth (transactions)

    Source: Information Services Group, Inc., 2022.

    Executive Summary

    Common obstacles

    When organizations execute, renew, or renegotiate a contract, there is an "expected value" associated with that contract. Without a robust VMI, most of the expected value will never be realized. With a robust VMI, the realized value significantly exceeds the expected value during the contract term.

    A contract's realized value with and without a vendor management initiative

    This is an image of a bar graph showing the difference in value between those with and without a VMI, with and for those with a VMI, with Vendor Collaboration and with Vendor Performance Management. The data for those with a VMI have substantially more value.

    Source: Based on findings from Geller & Company, 2003.

    Executive Summary

    Info-Tech's approach

    A sound, cyclical approach to vendor management will help you create a VMI that meets your needs and stays in alignment with your organization as they both change (i.e. mature and grow).

    This is an image of the 4 Step Vendor Management Process. The four steps are: 1. Plan; 2. Build; 3. Run; 4. Review.

    Info-Tech's methodology for creating and operating your vmi

    Phase 1 - Plan Phase 2 - Build Phase 3 - Run Phase 4 - Review
    Phase Steps

    1.1 Mission Statement and Goals

    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    2.1 Classification Model

    2.2 Risk Assessment Tool

    2.3 Scorecards and Feedback

    2.4 Business Alignment Meeting Agenda

    2.5 Relationship Alignment Document

    2.6 Vendor Orientation

    2.7 3-Year Roadmap

    2.8 90-Day Plan

    2.9 Quick Wins2.10 Reports

    3.1 Classify Vendors

    3.2 Compile Scorecards

    3.3 Conduct Business Alignment Meetings

    3.4 Work the 90-Day Plan

    3.5 Manage the 3-Year Roadmap

    3.6 Develop/Improve Vendor Relationships

    4.1 Incorporate Leading Practices

    4.2 Leverage Lessons Learned

    4.3 Maintain Internal Alignment

    Phase Outcomes This phase helps you organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI. This phase helps you configure and create the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan. This phase helps you begin operating the VMI. The main outcomes from this phase are guidance and the steps required to implement your VMI. This phase helps the VMI identify what it should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.

    Insight Summary

    Insight 1

    Vendor management is not "plug and play" – each organization's vendor management initiative (VMI) needs to fit its culture, environment, and goals. While there are commonalities and leading practices associated with vendor management, your initiative won't look exactly like another organization's. The key is to adapt vendor management principles to fit your needs.

    Insight 2

    All vendors are not of equal importance to your organization. Internal resources are a scarce commodity and should be deployed so that they provide the best return on the organization's investment. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.

    Insight 3

    Having a solid foundation is critical to the VMI's ongoing success. Whether you will be creating a formal vendor management office or using vendor management techniques, tools, and templates "informally", starting with the basics is essential. Make sure you understand why the VMI exists and what it hopes to achieve, what is in and out of scope for the VMI, what strengths the VMI can leverage and the obstacles it will have to address, and how it will work with other areas within your organization.

    Blueprint benefits

    IT benefits

    • Identify and manage risk proactively.
    • Reduce costs and maximize value.
    • Increase visibility with your critical vendors.
    • Improve vendor performance.
    • Create a collaborative environment with key vendors.
    • Segment vendors to allocate resources more effectively and more efficiently.

    Business benefits

    • Improve vendor accountability.
    • Increase collaboration between departments.
    • Improve working relationships with your vendors.
    • Create a feedback loop to address vendor/customer issues before they get out of hand or are more costly to resolve.
    • Increase access to meaningful data and information regarding important vendors.

    Phase 1 - Plan

    Phase 1

    Phase 2 Phase 3 Phase 4

    1.1 Mission Statement and Goals

    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    2.1 Classification Model

    2.2 Risk Assessment Tool

    2.3 Scorecards and Feedback

    2.4 Business Alignment Meeting Agenda

    2.5 Relationship Alignment Document

    2.6 Vendor Orientation

    2.7 3-Year Roadmap

    2.8 90-Day Plan

    2.9 Quick Wins

    2.10 Reports

    3.1 Classify Vendors

    3.2 Compile Scorecards

    3.3 Conduct Business Alignment Meetings

    3.4 Work the 90-Day Plan

    3.5 Manage the 3-Year Roadmap

    3.6 Develop/Improve Vendor Relationships

    4.1 Incorporate Leading Practices

    4.2 Leverage Lessons Learned

    4.3 Maintain Internal Alignment

    This phase will walk you through the following activity:

    • Organizing your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, and a desired future state for the VMI.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Procurement/Sourcing
    • IT
    • Others as needed

    Vendor Management Initiative Basics for the Small/Medium Businesses

    Phase 1 – Plan

    Get Organized

    Phase 1 – Plan focuses on getting organized. Foundational elements (Mission Statement, Goals, Scope, Strengths and Obstacles, Roles and Responsibilities, and Process Mapping) will help you define your VMI. These and the other elements of this Phase will follow you throughout the process of starting up your VMI and running it.

    Spending time up front to ensure that everyone is on the same page will help avoid headaches down the road. The tendency is to skimp (or even skip) on these steps to get to "the good stuff." To a certain extent, the process provided here is like building a house. You wouldn't start building your dream home without having a solid blueprint. The same is true with vendor management. Leveraging vendor management tools and techniques without the proper foundation may provide some benefit in the short term, but in the long term it will ultimately be a house of cards waiting to collapse.

    Step 1.1 – Mission statement and goals

    Identify why the VMI exists and what it will achieve

    Whether you are starting your vendor management journey or are already down the path, it is important to know why the vendor management initiative exists and what it hopes to achieve. The easiest way to document this is with a written declaration in the form of a Mission Statement and Goals. Although this is the easiest way to proceed, it is far from easy.

    The Mission Statement should identify at a high level the nature of the services provided by the VMI, who it will serve, and some of the expected outcomes or achievements. The Mission Statement should be no longer than one or two sentences.

    The complement to the Mission Statement is the list of goals for the VMI. Your goals should not be a reassertion of your Mission Statement in bullet format. At this stage it may not be possible to make them SMART (Specific, Measurable, Achievable/Attainable, Relevant, Time-Bound/Time-Based), but consider making them as SMART as possible. Without some of the SMART parameters attached, your goals are more like dreams and wishes. At a minimum, you should be able to determine the level of success achieved for each of the VMI goals.

    Although the VMI's Mission Statement will stay static over time (other than for significant changes to the VMI or organization as a whole), the goals should be reevaluated periodically using a SMART filter, and adjusted as needed.

    1.1.1 – Mission statement and goals

    20 – 40 Minutes

    1. Meet with the participants and use a brainstorming activity to list, on a whiteboard or flip chart, the reasons why the VMI will exist.
    2. Review external mission statements for inspiration.
    3. Review internal mission statements from other areas to ensure consistency.
    4. Draft and document your Mission Statement in the Phase 1 Tools and Templates Compendium – Tab 1.1 Mission Statement and Goals.
    5. Continue brainstorming and identify the high-level goals for the VMI.
    6. Review the list of goals and make them as SMART (Specific, Measurable, Achievable/Attainable, Relevant, Time-Bound/Time-Based) as possible.
    7. Document your goals in the Phase 1 Tools and Templates Compendium– Tab 1.1 Mission Statement and Goals.
    8. Obtain signoff on the Mission Statement and goals from stakeholders and executives as required.

    Input

    • Brainstorming results
    • Mission statements from other internal and external sources

    Output

    • Completed Mission Statement and Goals

    Materials

    • Whiteboard/Flip Charts
    • Phase 1 Tools and Templates Compendium – Tab 1.1 Mission Statement and Goals

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 1 Tools and Templates Compendium

    Step 1.2 – Scope

    Determine what is in scope and out of scope for the VMI

    Regardless of where your VMI resides or how it operates, it will be working with other areas within your organization. Some of the activities performed by the VMI will be new and not currently handled by other groups or individuals internally; at the same time, some of the activities performed by the VMI may be currently handled by other groups or individuals internally. In addition, executives, stakeholders, and other internal personnel may have expectations or make assumptions about the VMI. As a result, there can be a lot of confusion about what the VMI does and doesn't do, and the answers cannot always be found in the VMI's Mission Statement and Goals.

    One component of helping others understand the VMI landscape is formalizing the VMI Scope. The Scope will define boundaries for the VMI. The intent is not to fence itself off and keep others out but provide guidance on where the VMI's territory begins and ends. Ultimately, this will help clarify the VMI's roles and responsibilities, improve workflow, and reduce errant assumptions.

    When drafting your VMI scoping document, make sure you look at both sides of the equation (similar to what you would do when following best practices for a statement of work). Identify what is in scope and what is out of scope. Be specific when describing the individual components of the VMI Scope, and make sure executives and stakeholders are onboard with the final version.

    1.2.1 – Scope

    20 - 40 Minutes

    1. Meet with the participants and use a brainstorming activity to list, on a whiteboard or flip chart, the activities and functions in scope and out of scope for the VMI.
      1. Be specific to avoid ambiguity and improve clarity.
      2. Go back and forth between in scope and out of scope as needed; it is not necessary to list all the in-scope items and then turn your attention to the out-of-scope items.
    2. Review the lists to make sure there is enough specificity. An item may be in scope or out of scope, but not both.
    3. Use the Phase 1 Tools and Templates Compendium – Tab 1.2 Scope to document the results.
    4. Obtain signoff on the Scope from stakeholders and executives as required.

    Input

    • Brainstorming results
    • Mission Statement and Goals

    Output

    • Completed list of items in and out of scope for the VMI

    Materials

    • Whiteboard/Flip Charts
    • Phase 1 Tools and Templates Compendium – Tab 1.2 Scope

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 1 Tools and Templates Compendium

    Step 1.3 – Strengths and obstacles

    Pinpoint the VMI's strengths and obstacles

    A SWOT analysis (strengths, weaknesses, opportunities, and threats) is a valuable tool, but it is overkill for your VMI at this point. However, using a modified and simplified form of this tool (strengths and obstacles) will yield significant results and benefit the VMI as it grows and matures.

    Your output will be two lists: the strengths associated with the VMI and the obstacles the VMI is facing. For example, strengths could include items such as smart people working within the VMI and executive support. Obstacles could include items such as limited headcount and training required for VMI staff.

    The goals are 1) to harness the strengths to help the VMI be successful and 2) to understand the impact of the obstacles and plan accordingly. The output can also be used to enlighten executives and stakeholders about the challenges associated with their directives or requests (e.g. human bandwidth may not be sufficient to accomplish some of the vendor management activities and there is a moratorium on hiring until the next budget year).

    For each strength identified, determine how you will or can leverage it when things are going well or when the VMI is in a bind. For each obstacle, list the potential impact on the VMI (e.g. scope, growth rate, and number of vendors that can actively be part of the VMI).

    As you do your brainstorming, be as specific as possible and validate your lists with stakeholders and executives as needed.

    1.3.1 – Strengths and obstacles

    20 - 40 Minutes

    Meet with the participants and use a brainstorming activity to list, on a whiteboard or flip chart, the VMI's strengths and obstacles.

    Be specific to avoid ambiguity and improve clarity.

    Go back and forth between strengths and obstacles as needed; it is not necessary to list all the strengths first and then all the obstacles.

    It is possible for an item to be a strength and an obstacle; when this happens, add details to distinguish the situations.

    Review the lists to make sure there is enough specificity.

    Determine how you will leverage each strength and how you will manage each obstacle.

    Use the Phase 1 Tools and Templates Compendium – Tab 1.3 Strengths and Obstacles to document the results.

    Obtain signoff on the strengths and obstacles from stakeholders and executives as required.

    Input

    • Brainstorming
    • Mission Statement and Goals
    • Scope

    Output

    • Completed list of items impacting the VMI's ability to be successful: strengths the VMI can leverage and obstacles the VMI must manage

    Materials

    • Whiteboard/Flip Charts
    • Phase 1 Tools and Templates Compendium – Tab 1.3 Strengths and Obstacles

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 1 Tools and Templates Compendium

    Step 1.4 – Roles and responsibilities

    Obtain consensus on who is responsible for what

    One crucial success factor for VMIs is gaining and maintaining internal alignment. There are many moving parts to an organization, and a VMI must be clear on the various roles and responsibilities related to the relevant processes. Some of this information can be found in the VMI's Scope referenced in Step 1.2, but additional information is required to avoid stepping on each other's toes; many of the processes require internal departments to work together. (For example, obtaining requirements for a request for proposal takes more than one person or department). While it is not necessary to get too granular, it is imperative that you have a clear understanding of how the VMI activities will fit within the larger vendor management lifecycle (which is comprised of many sub processes) and who will be doing what.

    As we have learned through our workshops and guided implementations, a traditional RACI* or RASCI* Chart does not work well for this purpose. These charts are not intuitive, and they lack the specificity required to be effective. For vendor management purposes, a higher-level view and a slightly different approach provide much better results.

    This step will lead your through the creation of an OIC* Chart to determine vendor management lifecycle roles and responsibilities. Afterward, you'll be able to say, "Oh, I see clearly who is involved in each part of the process and what their role is."

    *RACI – Responsible, Accountable, Consulted, Informed

    *RASCI – Responsible, Accountable, Support, Consulted, Informed

    *OIC – Owner, Informed, Contributor

    This is an image of a table, where the row headings are: Role 1-5, and the Column Headings are: Step 1-5.

    Step 1.4 – Roles and responsibilities (cont'd)

    Obtain consensus on who is responsible for what

    To start, define the vendor management lifecycle steps or process applicable to your VMI. Next, determine who participates in the vendor management lifecycle. There is no need to get too granular – think along the lines of departments, subdepartments, divisions, agencies, or however you categorize internal operational units. Avoid naming individuals other than by title; this typically happens when a person oversees a large group (e.g. the CIO [chief information officer] or the CPO [chief procurement officer]). Be thorough, but don't let the chart get out of hand. For each role and step of the lifecycle, ask whether the entry is necessary; does it add value to the clarity of understanding the responsibilities associated with the vendor management lifecycle? Consider two examples, one for roles and one for lifecycle steps. 1) Is IT sufficient or do you need IT Operations and IT Development? 2) Is "negotiate contract documents" sufficient or do you need negotiate the contract and negotiate the renewal? The answer will depend on your culture and environment but be wary of creating a spreadsheet that requires an 85-inch monitor to view it.

    After defining the roles (departments, divisions, agencies) and the vendor management lifecycle steps or process, assign one of three letters to each box in your chart:

    • O – Owner – who owns the process; they may also contribute to it.
    • I – Informed – who is informed about the progress or results of the process.
    • C – Contributor – who contributes or works on the process; it can be tangible or intangible contributions.

    This activity can be started by the VMI or done as a group with representatives from each of the named roles. If the VMI starts the activity, the resulting chart should be validated by the each of the named roles.

    1.4.1 – Roles and responsibilities

    1 – 6 hours

    1. Meet with the participants and configure the OIC Chart in the Phase 1 Tools and Templates Compendium – Tab 1.4 OIC Chart.
      1. Review the steps or activities across the top of the chart and modify as needed.
      2. Review the roles listed along the left side of the chart and modify as needed.
    2. For each activity or step across the top of the chart, assign each role a letter – O for owner of that activity or step, I for informed, or C for contributor. Use only one letter per cell.
    3. Work your way across the chart. Every cell should have an entry or be left blank if it is not applicable.
    4. Review the results and validate that every activity or step has an O assigned to it; there must be an owner for every activity or step.
    5. Obtain signoff on the OIC Chart from stakeholders and executives as required.

    Input

    • A list of activities or steps to complete a project starting with requirements gathering and ending with ongoing risk management.
    • A list of internal areas (departments, divisions, agencies, etc.) and stakeholders that contribute to completing a project.

    Output

    • Completed OCI chart indicating roles and responsibilities for the VMI and other internal areas.

    Materials

    • Phase 1 Tools and Templates Compendium – Tab 1.4 OIC Chart

    Participants

    • VMI team
    • Procurement/Sourcing
    • IT
    • Representatives from other areas as needed
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 1 Tools and Templates Compendium

    Phase 2 - Build

    Create and configure tools, templates, and processes

    Phase 1

    Phase 2Phase 3Phase 4

    1.1 Mission Statement and Goals

    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    2.1 Classification Model

    2.2 Risk Assessment Tool

    2.3 Scorecards and Feedback

    2.4 Business Alignment Meeting Agenda

    2.5 Relationship Alignment Document

    2.6 Vendor Orientation

    2.7 3-Year Roadmap

    2.8 90-Day Plan

    2.9 Quick Wins

    2.10 Reports

    3.1 Classify Vendors

    3.2 Compile Scorecards

    3.3 Conduct Business Alignment Meetings

    3.4 Work the 90-Day Plan

    3.5 Manage the 3-Year Roadmap

    3.6 Develop/Improve Vendor Relationships

    4.1 Incorporate Leading Practices

    4.2 Leverage Lessons Learned

    4.3 Maintain Internal Alignment

    This phase will walk you through the following activities:

    • Configuring and creating the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Human Resources
    • Legal
    • Others as needed

    Vendor Management Initiative Basics for the Small/Medium Businesses

    Phase 2 – Build

    Create and configure tools, templates, and processes

    Phase 2 – Build focuses on creating and configuring the tools and templates that will help you run your VMI. Vendor management is not a plug and play environment, and unless noted otherwise, the tools and templates included with this blueprint require your input and thought. The tools and templates must work in concert with your culture, values, and goals. That will require teamwork, insights, contemplation, and deliberation.

    During this Phase you'll leverage the various templates and tools included with this blueprint and adapt them for your specific needs and use. In some instances, you'll be starting with mostly a blank slate; while in others, only a small modification may be required to make it fit your circumstances. However, it is possible that a document or spreadsheet may need heavy customization to fit your situation. As you create your VMI, use the included materials for inspiration and guidance purposes rather than as absolute dictates.

    Step 2.1 – Classification model

    Configure the COST vendor classification tool

    One of the functions of a VMI is to allocate the appropriate level of vendor management resources to each vendor since not all vendors are of equal importance to your organization. While some people may be able intuitively to sort their vendors into vendor management categories, a more objective, consistent, and reliable model works best. Info-Tech's COST model helps you assign your vendors to the appropriate vendor management category so that you can focus your vendor management resources where they will do the most good.

    COST is an acronym for Commodity, Operational, Strategic, and Tactical. Your vendors will occupy one of these vendor management categories, and each category helps you determine the nature of the resources allocated to that vendor, the characteristics of the relationship desired by the VMI, and the governance level used.

    The easiest way to think of the COST model is as a 2 x 2 matrix or graph. The model should be configured for your environment so that the criteria used for determining a vendor's classification align with what is important to you and your organization. However, at this point in your VMI's maturation, a simple approach works best. The Classification Model included with this blueprint requires minimal configuration to get your started, and that is discussed on the activity slide associated with this Step 2.1.

    This is an image of the COST Vendor Classification Tool.

    Step 2.1 – Classification model (cont'd)

    Configure the COST vendor classification tool

    Common characteristics by vendor management category

    Operational

    Strategic
    • Low to moderate risk and criticality; moderate to high spend and switching costs
    • Product or service used by more than one area
    • Price is a key negotiation point
    • Product or service is valued by the organization
    • Quality or the perception of quality is a differentiator (i.e. brand awareness)
    • Moderate to high risk and criticality; moderate to high spend and switching costs
    • Few competitors and differentiated products and services
    • Product or service significantly advances the organization's vision, mission, and success
    • Well-established in their core industry

    Commodity

    Tactical
    • Low risk and criticality; low spend and switching costs
    • Product or service is readily available from many sources
    • Market has many competitors and options
    • Relationship is transactional
    • Price is the main differentiator
    • Moderate to high risk and criticality; low to moderate spend and switching costs
    • Vendor offerings align with or support one or more strategic objectives
    • Often IT vendors "outside" of IT (i.e. controlled and paid for by other areas)
    • Often niche or new vendors

    Source: Compiled in part from Guth, Stephen. "Vendor Relationship Management Getting What You Paid for (And More)." 2015.

    2.1.1 – Classification model

    15 – 30 Minutes

    1. Meet with the participants to configure the spend ranges in Phase 2 Vendor Classification Tool – Tab 1. Configuration for your environment.
    2. Collect your vendors and their annual spend to sort by largest to lowest.
    3. Update cells F14-J14 in the Classification Model based on your actual data.
      1. Cell F14 – Set the boundary at a point between the spend for your 10th and 11th ranked vendors. For example, if the 10th vendor by spend is $1,009, 850 and the 11th vendor by spend is $980,763, the range for F14 would be $1,000,00+.
      2. Cell G14 – Set the bottom of the range at a point between the spend for your 30th and 31st ranked vendors; the top of the range will be $1 less than the bottom of the range specified in F14.
      3. Cell H14 – Set the bottom of the range slightly below the spend for your 50th ranked vendor; the top of the range will be $1 less than the bottom of the range specified in G14.
      4. Cells I14 and J14 – Divide the remaining range in half and split it between the two cells; for J14 the range will be $0 to $1 less than the bottom range in I14.
    4. Ignore the other variables at this time.

    Input

    • Phase 1 List of Vendors by Annual Spend

    Output

    • Configured Vendor Classification Tool

    Materials

    • Phase 2 Vendor Classification Tool – Tab 1. Configuration

    Participants

    • VMI team

    Download the Info-Tech Phase 2 Vendor Classification Tool

    Step 2.2 – Risk assessment tool

    Identify risks to measure, monitor, and report on

    One of the typical drivers of a VMI is risk management. Organizations want to get a better handle on the various risks their vendors pose. Vendor risks originate from many areas: financial, performance, security, legal, and others. However, security risk is the high-profile risk, and the one organizations often focus on almost exclusively, which leaves the organization vulnerable in other areas.

    Risk management is a program, not a project; there is no completion date. A proactive approach works best and requires continual monitoring, identification, and assessment. Reacting to risks after they occur can be costly and have other detrimental effects on the organization. Any risk that adversely affects IT will adversely affect the entire organization.

    While the VMI won't necessarily be quantifying or calculating the risk directly, it generally is the aggregator of risk information across the risk categories, which it then includes in its reporting function (see Steps 2.12 and 3.8).

    At a minimum, your risk management strategy should involve:

    • Identifying the risks you want to measure and monitor.
    • Identifying your risk appetite (the amount of risk you are willing to live with).
    • Measuring, monitoring, and reporting on the applicable risks.
    • Developing and deploying a risk management plan to minimize potential risk impact.

    Vendor risk is a fact of life, but you do have options for how to handle it. Be proactive and thoughtful in your approach, and focus your resources on what is important.

    2.2.1 – Risk assessment tool

    30 - 90 Minutes

    1. Meet with the participants to configure the risk indicators in Phase 2 Vendor Risk Assessment Tool – Tab 1. Set parameters for your environment.
    2. Review the risk categories and determine which ones you will be measuring and monitoring.
    3. Review the risk indicators under each risk category and determine whether the indicator is acceptable as written, is acceptable with modifications, should be replaced, or should be deleted.
    4. Make the necessary changes to the risk indicators; these changes will cascade to each of the vendor tabs. Limit the number of risk indicators to no more than seven per risk category.
    5. Gain input and approval as needed from sponsors, stakeholders, and executives as required.

    Input

    • Scope
    • OIC Chart
    • Process Maps
    • Brainstorming

    Output

    • Configured Vendor Risk Assessment Tool

    Materials

    • Phase 2 Vendor Risk Assessment Tool – Tab 1. Set Parameters

    Participants

    • VMI team

    Download the Info-Tech Phase 2 Vendor Classification Tool

    Step 2.3 – Scorecards and feedback

    Design a two-way feedback loop with your vendors

    A vendor management scorecard is a great tool for measuring, monitoring, and improving relationship alignment. In addition, it is perfect for improving communication between you and the vendor.

    Conceptually, a scorecard is similar to a school report card. At the end of a learning cycle, you receive feedback on how well you do in each of your classes. For vendor management, the scorecard is also used to provide periodic feedback, but there are some nuances and additional benefits and objectives when compared to a report card.

    Although scorecards can be used in a variety of ways, the focus here will be on vendor management scorecards – contract management, project management, and other types of scorecards will not be included in the materials covered in this Step 2.3 or in Step 3.4.

    This image contains a table with the score for objectives A-D. The scores are: A4, B3, C5, D4.

    Step 2.3 – Scorecards and feedback (cont'd)

    Design a two-way feedback loop with your vendors

    Anatomy

    The Info-Tech scorecard includes five areas:

    • Measurement categories. Measurement categories help organize the scorecard. Limit the number of measurement categories to three to five; this allows the parties to stay focused on what's important. Too many measurement categories make it difficult for the vendor to understand the expectations.
    • Criteria. The criteria describe what is being measured. Create criteria with sufficient detail to allow the reviewers to fully understand what is being measured and to evaluate it. Criteria can be objective or subjective. Use three to five criteria per measurement category.
    • Measurement category weights. Not all your measurement categories may be of equal importance to you; this area allows you to give greater weight to a measurement category when compiling the overall score.
    • Rating. Reviewers will be asked to assign a score to each criteria using a 1 to 5 scale.
    • Comments. A good scorecard will include a place for reviewers to provide additional information regarding the rating, or other items that are relevant to the scorecard.

    An overall score is calculated based on the rating for each criteria and the measurement category weights.

    Step 2.3 – Scorecards and feedback (cont'd)

    Design a two-way feedback loop with your vendors

    Goals and objectives

    Scorecards can be used for a variety of reasons. Some of the common ones are:

    • Improving vendor performance.
    • Conveying expectations to the vendor.
    • Identifying and recognizing top vendors.
    • Increasing alignment between the parties.
    • Improving communication with the vendor.
    • Comparing vendors across the same criteria.
    • Measuring items not included in contract metrics.
    • Identifying vendors for "strategic alliance" consideration.
    • Helping the organization achieve specific goals and objectives.

    Identifying and resolving issues before they impact performance or the relationship.

    Identifying your scorecard drivers first will help you craft a suitable scorecard.

    Step 2.3 – Scorecards and feedback (cont'd)

    Design a two-way feedback loop with your vendors

    Info-Tech recommends starting with simple scorecards to allow you and the vendors to acclimate to the new process and information. As you build your scorecards, keep in mind that internal personnel will be scoring the vendors and the vendors will be reviewing the scorecard. Make your scorecard easy for your personnel to fill out, and containing meaningful content to drive the vendor in the right direction. You can always make the scorecard more complex in the future.

    Our recommendation of five categories is provided below. Choose three to five of the categories that help you accomplish your scorecard goals and objectives:

    1. Timeliness – Responses, resolutions, fixes, submissions, completions, milestones, deliverables, invoices, etc.
    2. Cost – Total cost of ownership, value, price stability, price increases/decreases, pricing models, etc.
    3. Quality – Accuracy, completeness, mean time to failure, bugs, number of failures, etc.
    4. Personnel – Skilled, experienced, knowledgeable, certified, friendly, trustworthy, flexible, accommodating, etc.
    5. Risk – Adequate contractual protections, security breaches, lawsuits, finances, audit findings, etc.

    Some criteria may be applicable in more than one category. The categories above should cover at least 80% of the items that are important to your organization. The general criteria listed for each category is not an exhaustive list, but most things break down into time, money, quality, people, and risk issues.

    Step 2.3 – Scorecards and feedback (cont'd)

    Design a two-way feedback loop with your vendors

    Additional Considerations

    • Even a good rating system can be confusing. Make sure you provide some examples or a way for reviewers to discern the differences between a 1, 2, 3, 4, and 5. Don't assume your "rating key" will be intuitive.
    • When assigning weights, don't go lower than 10% for any measurement category. If the weight is too low, it won't be relevant enough to have an impact on the total score. If it doesn't "move the needle", don't include it.
    • Final sign-off on the scorecard template should occur outside the VMI. The heavy lifting can be done by the VMI to create it, but the scorecard is for the benefit of the organization overall, and those impacted by the vendors specifically. You may end up playing arbiter or referee, but the scorecard is not the exclusive property of the VMI. Try to reach consensus on your final template whenever possible.
    • You should notice improved ratings and total scores over time for your vendors. One explanation for this is the Pygmalion Effect: "The Pygmalion [E]ffect describes situations where someone's high expectations improves our behavior and therefore our performance in a given area. It suggests that we do better when more is expected of us."* Convey your expectations and let the vendors' competitive juices take over.
    • While creating your scorecard and materials to explain the process to internal personnel, identify those pieces that will help you explain it to your vendors during vendor orientation (see Steps 2.6 and 3.4). Leveraging pre-existing materials is a great shortcut.

    *Source: The Decision Lab, n.d.

    Step 2.3 – Scorecards and feedback (cont'd)

    Design a two-way feedback loop with your vendors

    Vendor Feedback

    After you've built your scorecard, turn your attention to the second half of the equation – feedback from the vendor. A communication loop cannot be successful without dialogue flowing both ways. While this can happen with just a scorecard, a mechanism specifically geared toward the vendor providing you with feedback improves communication, alignment, and satisfaction.

    You may be tempted to create a formal scorecard for the vendor to use; avoid that temptation until later in your maturity or development of the VMI. You'll be implementing a lot of new processes, deploying new tools and templates, and getting people to work together in new ways. Work on those things first.

    For now, implement an informal process for obtaining information from the vendor. Start by identifying information that you will find useful – information that will allow you to improve overall, to reduce waste or time, to improve processes, to identify gaps in skills. Incorporate these items into your business alignment meetings (see Steps 2.4 and 3.5). Create three to five good questions to ask the vendor and include these in the business alignment meeting agenda. The goal is to get meaningful feedback, and that starts with asking good questions.

    Keep it simple at first. When the time is right, you can build a more formal feedback form or scorecard. Don't be in a rush; as long as the informal method works, keep using it.

    2.3.1 – Scorecards and feedback

    30 – 60 Minutes

    1. Meet with the participants and brainstorm ideas for your scorecard measurement categories:
      1. What makes a vendor valuable to your organization?
      2. What differentiates a "good" vendor from a "bad" vendor?
      3. What items would you like to measure and provide feedback on to the vendor to improve performance, the relationship, risk, and other areas?
    2. Select three, but no more than five, of the following measure categories: timeliness, cost, quality, personnel, and risk.
    3. Within each measurement category, list two or three criteria that you want to measure and track for your vendors. Choose items that are as universal as possible rather than being applicable to one vendor or one vendor type.
    4. Assign a weight to each measurement category, ensuring that the total weight is 100% for all measurement categories.
    5. Document your results as you go in Phase 2 Tools and Templates Compendium – Tab 2.3 Scorecard.

    Input

    • Brainstorming

    Output

    • Configured Scorecard template

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.3 Scorecard

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    2.3.2 – Scorecards and feedback

    15 to 30 Minutes

    1. Meet with the participants and brainstorm ideas for feedback to seek from your vendors during your business alignment meetings. During the brainstorming, identify questions to ask the vendor about your organization that will:
      1. Help you improve the relationship.
      2. Help you improve your processes or performance.
      3. Help you improve ongoing communication.
      4. Help you evaluate your personnel.
    2. Identify the top five questions you want to include in your business alignment meeting agenda. (Note: you may need to refine the actual questions from the brainstorming activity before they are ready to include in your business alignment meeting agenda.)
    3. Document both your brainstorming activity and your final results in Phase 2 Tools and Templates Compendium – Tab 2.3 Feedback. The brainstorming questions can be used in the future as your VMI matures and your feedback transforms from informal to formal. The results will be used in Steps 2.4 and 3.5.

    Input

    • Brainstorming

    Output

    • Feedback questions to include with the business alignment meeting agenda

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.3 Feedback

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.4 – Business alignment meeting agenda

    Craft an agenda that meets the needs of the VMI

    A business alignment meeting (BAM) is a multi-faceted tool to ensure the customer and the vendor stay focused on what is important to the customer at a high level. BAMs are not traditional operational meetings where the parties get into the details of the contracts, deal with installation problems, address project management issues, or discuss specific cost overruns. The focus of the BAM is the scorecard (see Step 2.3), but other topics are discussed, and other purposes are served. For example:

    • You can use the BAM to develop the relationship with the vendor's leadership team so that if escalation is ever needed, your organization is more than just a name on a spreadsheet or customer list.
    • You can learn about innovations the vendor is working on (without the meeting turning into a sales call).
    • You can address high-level performance trends and request corrective action as needed.
    • You can clarify your expectations.
    • You can educate the vendor about your industry, culture, and organization.
    • You can learn more about the vendor.

    As you build your BAM Agenda, someone in your organization may say, "Oh, that's just a quarterly business review (QBR) or top-to-top meeting." In most instances, an existing QBRs or top-to-top meeting is not the same as a BAM. Using the term QBR or top-to-top meeting instead of BAM can lead to confusion internally. The VMI may say to the business unit, procurement, or another department, "We're going to start running some QBRs for our strategic vendors." The typical response is, "There's no need; we already run QBRs/top-to-top meetings with our important vendors." This may be accompanied by an invitation to join their meeting, where you may be an afterthought, have no influence, and get five minutes at the end to talk about your agenda items. Keep your BAM separate so that it meets your needs.

    Step 2.4 – Business alignment meeting agenda (cont'd)

    Craft an agenda that meets the needs of the VMI

    As previously noted, using the term BAM more accurately depicts the nature of the VMI meeting and prevents confusion internally with other meetings already occurring. In addition, hosting the BAM yourself rather than piggybacking onto another meeting ensures that the VMI's needs are met. The VMI will set and control the BAM agenda and determine the invite list for internal personnel and vendor personnel. As you may have figured out by now, having the right customer and vendor personnel attend will be essential.

    BAMs are conducted at the vendor level, not the contract level. As a result, the frequency of the BAMs will depend on the vendor's classification category (see Steps 2.1 and 3.1). General frequency guidelines are provided below, but they can be modified to meet your goals:

    • Commodity vendors – Not applicable
    • Operational vendors – Biannually or annually
    • Strategic vendors – Quarterly
    • Tactical vendors – Quarterly or biannually

    BAMs can help you achieve some additional benefits not previously mentioned:

    • Foster a collaborative relationship with the vendor.
    • Avoid erroneous assumptions by the parties.
    • Capture and provide a record of the relationship (and other items) over time.

    Step 2.4 – Business alignment meeting agenda (cont'd)

    Craft an agenda that meets the needs of the VMI

    As with any meeting, building the proper agenda will be one of the keys to an effective and efficient meeting. A high-level BAM agenda with sample topics is set out below:

    BAM Agenda

    • Opening remarks
      • Welcome and introductions
      • Review of previous minutes
    • Active discussion
      • Review of open issues
      • Scorecard and feedback
      • Current status of projects to ensure situational awareness by the vendor
      • Roadmap/strategy/future projects
      • Accomplishments
    • Closing remarks
      • Reinforce positives (good behavior, results, and performance, value added, and expectations exceeded)
      • Recap
    • Adjourn

    2.4.1 – Business alignment meeting agenda

    20 – 45 Minutes

    1. Meet with the participants and review the sample agenda in Phase 2 Tools and Templates Compendium – Tab 2.4 BAM Agenda.
    2. Using the sample agenda as inspiration and brainstorming activities as needed, create a BAM agenda tailored to your needs.
      1. Select the items from the sample agenda applicable to your situation.
      2. Add any items required based on your brainstorming.
      3. Add the feedback questions identified during Activity 2.3.2 and documented in Phase 2 Tools and Templates Compendium – Tab 2.3 Feedback.
    3. Gain input and approval from sponsors, stakeholders, and executives as required or appropriate.
    4. Document the final BAM agenda in Phase 2 Tools and Templates Compendium –Tab 2.4 BAM Agenda.

    Input

    • Brainstorming
    • Phase 2 Tools and Templates Compendium – Tab 2.3 Feedback

    Output

    • Configured BAM agenda

    Materials

    • Phase 2 Tools and Templates Compendium – Tab2 .4 BAM Agenda

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.5 – Relationship alignment document

    Draft a document to convey important VMI information to your vendors

    Throughout this blueprint, alignment is mentioned directly (e.g. business alignment meetings [Steps 2.4 and 3.3]) or indirectly implied. Ensuring you and your vendors are on the same page, have clear and transparent communication, and understand each other's expectations is critical to fostering strong relationships. One component of gaining and maintaining alignment with your vendors is the Relationship Alignment Document (RAD). Depending upon the Scope of your VMI and what your organization already has in place, your RAD will fill in the gaps on various topics.

    Early in the VMI's maturation, the easiest approach is to develop a short document (1 one page) or a pamphlet (i.e. the classic trifold) describing the rules of engagement when doing business with your organization. The RAD can convey expectations, policies, guidelines, and other items. The scope of the document will depend on:

    1. What you believe is important for the vendors to understand.
    2. Any other similar information already provided to the vendors.

    The first step to drafting a RAD is to identify what information vendors need to know to stay on your good side. You may want vendors to know about your gift policy (e.g. employees may not accept vendor gifts above a nominal value, such as a pen or mousepad). Next, compare your list of what vendors need to know and determine if the content is covered in other vendor-facing documents such as a vendor code of conduct or your website's vendor portal. Lastly, create your RAD to bridge the gap between what you want and what is already in place. In some instances, you may want to include items from other documents to reemphasize them with the vendor community.

    Info-Tech Insight

    The RAD can be used with all vendors regardless of classification category. It can be sent directly to the vendors or given to them during vendor orientation (see Step 3.3)

    2.5.1 – Relationship alignment document

    1 to 4 Hours

    1. Meet with the participants and review the RAD sample and checklist in Phase 2 Tools and Templates Compendium – Tab 2.5 Relationship Alignment Doc.
    2. Determine:
      1. Whether you will create one RAD for all vendors or one RAD for strategic vendors and another RAD for tactical and operational vendors; whether you will create a RAD for commodity vendors.
      2. The concepts you want to include in your RAD(s).
      3. The format for your RAD(s) – traditional, pamphlet, or other.
      4. Whether signoff or acknowledgement will be required by the vendors.
    3. Draft your RAD(s) and work with other internal areas, such as Marketing to create a consistent brand for the RADS, and Legal to ensure consistent use and preservation of trademarks or other intellectual property rights and other legal issues.
    4. Review other vendor-facing documents (e.g. supplier code of conduct, onsite safety and security protocols) for consistencies between them and the RAD(s).
    5. Obtain signoff on the RAD(s) from stakeholders, sponsors, executives, Legal, Marketing, and others as needed.

    Input

    • Brainstorming
    • Vendor-facing documents, policies, and procedures

    Output

    • Completed Relationship Alignment Document(s)

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.5 Relationship Alignment Doc

    Participants

    • VMI team
    • Marketing, as needed
    • Legal, as needed

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.6 – Vendor orientation

    Create a VMI awareness process to build bridges with your vendors

    Your organization is unique. It may have many similarities with other organizations, but your culture, risk tolerance, mission, vision, and goals, finances, employees, and "customers" (those that depend on you) make it different. The same is true of your VMI. It may have similar principles, objectives, and processes to other organizations' VMIs, but yours is still unique. As a result, your vendors may not fully understand your organization and what vendor management means to you.

    Vendor orientation is another means to helping you gain and maintain alignment with your important vendors, educate them on what is important to you, and provide closure when/if the relationship with the vendor ends. Vendor orientation is comprised of three components, each with a different function:

    • Orientation
    • Reorientation
    • Debrief

    Vendor orientation focuses on the vendor management pieces of the puzzle (e.g. the scorecard process) rather than the operational pieces (e.g. setting up a new vendor in the system to ensure invoices are processed smoothly).

    Step 2.6 – Vendor orientation (cont'd)

    Create a VMI awareness process to build bridges with your vendors

    Reorientation

    • Reorientation is either identical or similar to orientation, depending upon the circumstances. Reorientation occurs for several reasons, and each reason will impact the nature and detail of the reorientation content. Reorientation occurs whenever:
    • There is a significant change in the vendor's products or services.
    • The vendor has been through a merger, acquisition, or divestiture.
    • A significant contract renewal/renegotiation has recently occurred.
    • Sufficient time has passed from orientation; commonly 2 to 3 years.
    • The vendor has been placed in a "performance improvement plan" or "relationship improvement plan" protocol.
    • Significant turnover has occurred within your organization (executives, key stakeholders, and/or VMI personnel).
    • Substantial turnover has occurred at the vendor at the executive or account management level.
    • The vendor has changed vendor classification categories after the most current classification.
    • As the name implies, the goal is to refamiliarize the vendor with your current VMI situation, governances, protocols, and expectations. The drivers for reorientation will help you determine the reorientation's scope, scale, and frequency.

    Step 2.6 – Vendor orientation (cont'd)

    Create a VMI awareness process to build bridges with your vendors

    Debrief

    To continue the analogy from orientation, debrief is like an exit interview for an employee when their employment is terminated. In this case, debrief occurs when the vendor is no longer an active vendor with your organization - all contracts have terminated or expired, and no new business with the vendor is anticipated within the next three months.

    Similar to orientation and reorientation, debrief activities will be based on the vendor's classification category within the COST model. Strategic vendors don't go away very often; usually, they transition to operational or tactical vendors first. However, if a strategic vendor is no longer providing products or services to you, dig a little deeper into their experiences and allocate extra time for the debrief meeting.

    The debrief should provide you with feedback on the vendor's experience with your organization and their participation in your VMI. Additionally, it can provide closure for both parties since the relationship is ending. Be careful that the debrief does not turn into a finger-pointing meeting or therapy session for the vendor. It should be professional and productive; if it is going off the rails, terminate the meeting before more damage can occur.

    End the debrief on a high note if possible. Thank the vendor, highlight its key contributions, and single out any personnel who went above and beyond. You never know when you will be doing business with this vendor again – don't burn bridges!

    Step 2.6 – Vendor orientation (cont'd)

    Create a VMI awareness process to build bridges with your vendors

    As you create your vendor orientation materials, focus on the message you want to convey.

    • For orientation and reorientation:
      • What is important to you that vendors need to know?
      • What will help the vendors understand more about your organization and your VMI?
      • What and how are you different from other organizations overall, and in your "industry"?
      • What will help them understand your expectations?
      • What will help them be more successful?
      • What will help you build the relationship?
    • For debrief:
      • What information or feedback do you want to obtain?
      • What information or feedback to you want to give?

    The level of detail you provide strategic vendors during orientation and reorientation may be different from the information you provide tactical and operational vendors. Commodity vendors are not typically involved in the vendor orientation process. The orientation meetings can be conducted on a one-to-one basis for strategic vendors and a one-to-many basis for operational and tactical vendors; reorientation and debrief are best conducted on a one-to-one basis. Lastly, face-to-face or video meetings work best for vendor orientation; voice-only meetings, recorded videos, or distributing only written materials seldom hit their mark or achieve the desired results.

    Step 2.7 – Three-year roadmap

    Plot your path at a high level

    1. The VMI exists in many planes concurrently:
    2. It operates both tactically and strategically.

    It focuses on different timelines or horizons (e.g., the past, the present, and the future). Creating a three-year roadmap facilitates the VMI's ability to function effectively across these multiple landscapes.

    The VMI roadmap will be influenced by many factors. The work product from Phase 1 – Plan, input from executives, stakeholders, and internal clients, and the direction of the organization are great sources of information as you begin to build your roadmap.

    To start, identify what you would like to accomplish in year 1. This is arguably the easiest year to complete: budgets are set (or you have a good idea what the budget will look like), personnel decisions have been made, resources have been allocated, and other issues impacting the VMI are known with a higher degree of certainty than any other year. This does not mean things won't change during the first year of the VMI, but expectations are usually lower, and the short event horizon makes things more predictable during the year-1 ramp-up period.

    Years 2 and 3 are more tenuous, but the process is the same: identify what you would like to accomplish or roll out in each year. Typically, the VMI maintains the year-1 plan into subsequent years and adds to the scope or maturity. For example, you may start year 1 with BAMs and scorecards for three of your strategic vendors; during year 2, you may increase that to five vendors; and during year 3, you may increase that to nine vendors. Or, you may not conduct any market research during year 1, waiting to add it to your roadmap in year 2 or 3 as you mature.

    Breaking things down by year helps you identify what is important and the timing associated with your priorities. A conservative approach is recommended. It is easy to overcommit, but the results can be disastrous and painful.

    2.7.1 – Three-year roadmap

    45 – 90 Minutes

    1. Meet with the participants and decide how to coordinate year 1 of your three-year roadmap with your existing fiscal year or reporting year. Year 1 may be shorter or longer than a calendar year.
    2. Review the VMI activities listed in Phase 2 Tools and Templates Compendium – Tab 2.7 Three-year roadmap. Use brainstorming and your prior work product from Phase 1 and Phase 2 to identify additional items for the roadmap and add them at the bottom of the spreadsheet.
    3. Starting with the first activity, determine when that activity will begin and put an X in the corresponding column; if the activity is not applicable, leave it blank or insert N/A.
    4. Go back to the top of the list and add information as needed.
      1. For any year-1 or year-2 activities, add an X in the corresponding columns if the activity will be expanded/continued in subsequent periods (e.g., if a Year 2 activity will continue in year 3, put an X in year 3 as well).
      2. Use the comments column to provide clarifying remarks or additional insights related to your plans or "X's". For example, "Scorecards begin in year 1 with three vendors and will roll out to five vendors in year 2 and nine vendors in year 3."
    5. Obtain signoff from stakeholders, sponsors, and executives as needed.

    Input

    • Phase 1 work product
    • Steps 2.1 – 2.6 work product
    • Brainstorming

    Output

    • High level three-year roadmap for the VMI

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.7 Three-Year Roadmap

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.8 – 90-day plan

    Pave your short-term path with a series of detailed quarterly plans

    Now that you have prepared a three-year roadmap, it's time to take the most significant elements from the first year and create action plans for each three-month period. Your first 90-day plan may be longer or shorter if you want to sync to your fiscal or calendar quarters. Aligning with your fiscal year can make it easier for tracking and reporting purposes; however, the more critical item is to make sure you have a rolling series of four 90-day plans to keep you focused on the important activities and tasks throughout the year.

    The 90-day plan is a simple project plan that will help you measure, monitor, and report your progress. Use the Info-Tech tool to help you track:

    Activities.

    • Tasks comprising each activity.
    • Who will be performing the tasks.
    • An estimate of the time required per person per task.
    • An estimate of the total time to achieve the activity.
    • A due date for the activity.
    • A priority of the activity.

    The first 90-day plan will have the greatest level of detail and should be as thorough as possible; the remaining three 90-day plans will each have less detail for now. As you approach the middle of the first 90-day plan, start adding details to the next 90-day plan; toward the end of the first quarter add a high-level 90-day plan to the end of the chain. Continue repeating this cycle each quarter and consult the three-year roadmap and the leadership team, as necessary.

    2.8.1 – 90-day plan

    45 – 90 Minutes

    1. Meet with the participants and decide how to coordinate the first "90-day" plan with your existing fiscal year or reporting cycles. Your first plan may be shorter or longer than 90 days.
    2. Looking at the year-1 section of the three-year roadmap, identify the activities that will be started during the next 90 days.
    3. Using the Phase 2 Tools and Templates Compendium – Tab 2.8 90-Day Plan, enter the following information into the spreadsheet for each activity to be accomplished during the next 90 days:
      1. Activity description.
      2. Tasks required to complete the activity (be specific and descriptive).
      3. The people who will be performing each task.
      4. The estimated number of hours required to complete each task.
      5. The start date and due date for each task or the activity.
    4. Validate the tasks are a complete list for each activity and the people performing the tasks have adequate time to complete the tasks by the due date(s).
    5. Assign a priority to each Activity.

    Input

    • Three-Year Roadmap
    • Phase 1 work product
    • Steps 2.1 – 2.7 work product
    • Brainstorming

    Output

    • Detailed plan for the VMI for the next quarter or "90" days

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.8 90-Day Plan

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.9 – Quick wins

    Identify potential short-term successes to gain momentum and show value immediately

    As the final step in the timeline trilogy, you are ready to identify some quick wins for the VMI. Using the first 90-day plan and a brainstorming activity, create a list of things you can do in 15 to 30 days that add value to your initiative and build momentum.

    As you evaluate your list of potential candidates, look for things that:

    • Are achievable within the stated timeline.
    • Don't require a lot of effort.
    • Involve stopping a certain process, activity, or task; this is sometimes known as a "stop doing stupid stuff" approach.
    • Will reduce or eliminate inefficiencies; this is sometimes known as the war on waste.
    • Have a moderate to high impact or bolster the VMI's reputation.

    As you look for quick wins, you may find that everything you identify does not meet the criteria. That's okay; don't force the issue. Return your focus to the 90-day plan and three-year roadmap and update those documents if the brainstorming activity associated with Step 2.9 identified anything new.

    2.9.1 – Quick wins

    15 - 30 Minutes

    1. Meet with the participants and review the three-year roadmap and 90-day plan. Determine if any item on either document can be completed:
      1. Quickly (30 days or less).
      2. With minimal effort.
      3. To provide or show moderate to high levels of value or provide the VMI with momentum.
    2. Brainstorm to identify any other items that meet the criteria in step 1 above.
    3. Compile a comprehensive list of these items and select up to five to pursue.
    4. Document the list in the Phase 2 Tools and Templates Compendium – Tab 2.9 Quick Wins.
    5. Manage the quick wins list and share the results with the VMI team and applicable stakeholders and executives.

    Input

    • Three-Year Roadmap
    • 90-Day Plan
    • Brainstorming

    Output

    • A list of activities that require low levels of effort to achieve moderate to high levels of value in a short period

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.9 Quick Wins

    Participants

    • VMI team

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.10 – Reports

    Construct your reports to resonate with your audience

    Issuing reports is a critical piece of the VMI since the VMI is a conduit of information for the organization. It may be aggregating risk data from internal areas, conducting vendor research, compiling performance data, reviewing market intelligence, or obtaining relevant statistics, feedback, comments, facts, and figures from other sources. Holding onto this information minimizes the impact a VMI can have on the organization; however, the VMI's internal clients, stakeholders, and executives can drown in raw data and ignore it completely if it is not transformed into meaningful, easily-digested information.

    Before building a report, think about your intended audience:

    • What information are they looking for? What will help them understand the big picture?
    • What level of detail is appropriate, keeping in mind the audience may not be like-minded?
    • What items are universal to all the readers and what items are of interest to one or two readers?
    • How easy or hard will it be to collect the data? Who will be providing it, and how time consuming will it be?
    • How accurate, valid, and timely will the data be?
    • How frequently will each report need to be issued?

    Step 2.10 – Reports (cont'd)

    Construct your reports to resonate with your audience

    Use the following guidelines to create reports that will resonate with your audience:

    • Value information over data, but sometimes data does have a place in your report.
    • Use pictures, graphics, and other representations more than words, but words are often necessary in small, concise doses.
    • Segregate your report by user; for example, general information up top, CIO information below that on the right, CFO information to the left of CIO information, etc.
    • Send a draft report to the internal audience and seek feedback, keeping in mind you won't be able to cater to or please everyone.

    2.10.1 – Reports

    15 – 45 Minutes

    1. Meet with the participants and review the applicable work product from Phase 1 and Phase 2; identify qualitative and quantitative items the VMI measures, monitors, tracks, or aggregates.
    2. Determine which items will be reported and to whom (by category):
      1. Internally to personnel within the VMI.
      2. Internally to personnel outside the VMI.
      3. Externally to vendors.
    3. Within each category above, determine your intended audiences/recipients. For example, you may have a different list of recipients for a risk report than you do a scorecard summary report. This will help you identify the number of reports required.
    4. Create a draft structure for each report based on the audience and the information being conveyed. Determine the frequency of each report and person responsible for creating for each report.
    5. Document your final choices in Phase 2 Tools and Templates Compendium – Tab 2.10 Reports.

    Input

    • Brainstorming
    • Phase 1 work product
    • Steps 2.1 – 2.11 work product

    Output

    • A list of reports used by the VMI
    • For each report
      • The conceptual content
      • A list of who will receive or have access
      • A creation/distribution frequency

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.10 Reports

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Phase 3 - Run

    Implement your processes and leverage your tools and templates

    Phase 1

    Phase 2Phase 3Phase 4

    1.1 Mission Statement and Goals

    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    2.1 Classification Model

    2.2 Risk Assessment Tool

    2.3 Scorecards and Feedback

    2.4 Business Alignment Meeting Agenda

    2.5 Relationship Alignment Document

    2.6 Vendor Orientation

    2.7 3-Year Roadmap

    2.8 90-Day Plan

    2.9 Quick Wins

    2.10 Reports

    3.1 Classify Vendors

    3.2 Compile Scorecards

    3.3 Conduct Business Alignment Meetings

    3.4 Work the 90-Day Plan

    3.5 Manage the 3-Year Roadmap

    3.6 Develop/Improve Vendor Relationships

    4.1 Incorporate Leading Practices

    4.2 Leverage Lessons Learned

    4.3 Maintain Internal Alignment

    This phase will walk you through the following activity:

    • Beginning to operate the VMI. The main outcomes from this phase are guidance and the steps required to initiate your VMI.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Others as needed

    Vendor Management Initiative Basics for the Small/Medium Businesses

    Phase 3 – Run

    Implement your processes and leverage your tools and templates

    All the hard work invested in Phase 1 – Plan and Phase 2 – Build begins to pay off in Phase 3 – Run. It's time to stand up your VMI and ensure that the proper level of resources is devoted to your vendors and the VMI itself. There's more hard work ahead, but the foundational elements are in place. This doesn't mean there won't be adjustments and modifications along the way, but you are ready to use the tools and templates in the real world; you are ready to begin reaping the fruits of your labor.

    Phase 3 – Run guides you through the process of collecting data, monitoring trends, issuing reports, and conducting effective meetings to:

    • Manage risk better.
    • Improve vendor performance.
    • Improve vendor relationships.
    • Identify areas where the parties can improve.
    • Improve communication between the parties.
    • Increase the value proposition with your vendors.

    Step 3.1 – Classify vendors

    Begin classifying your top 25 vendors by spend

    Step 3.1 sets the table for many of the subsequent steps in Phase 3 – Run. The results of your classification process will determine which vendors go through the scorecarding process (Step 3.2); which vendors participate in BAMs (Step 3.3), and which vendors you will devote relationship-building resources to (Step 3.6).

    As you begin classifying your vendors, Info-Tech recommends using an iterative approach initially to validate the results from the classification model you configured in Step 2.1.

    1. Identify your top 25 vendors by spend.
    2. Run your top 10 vendors by spend through the classification model and review the results.
      1. If the results are what you expected and do not contain any significant surprises, go to 3. on the next page.
      2. If the results are not what you expected or do contain significant surprises, look at the configuration page of the tool (Tab 1) and adjust the weights or the spend categories slightly. Be cautious in your evaluation of the results before modifying the configuration page - some legitimate results are unexpected, or are surprises based on bias. If you modify the weighting, review the new results and repeat your evaluation. If you modify the spend categories, review the answers on the vendor tabs to ensure that the answers are still accurate; review the new results and repeat your evaluation.

    Step 3.1 – Classify vendors (cont'd)

    Review your results and adjust the classification tool as needed

    1. Run your top 11-through-25 vendors by spend through the classification model and review the results. Identify any unexpected results. Determine if further configuration makes sense and repeat the process outlined in 2.b., previous page, as necessary. If no further modifications are required, continue to 4., below.
    2. Share the preliminary results with the leadership team, executives, and stakeholders to obtain their approval or adjustments to the results.
      1. They may have questions and want to understand the process before approving the results.
      2. They may request that you move a vendor from one quadrant to another based on your organization's roadmap, the vendor's roadmap, or other information not available to you.
    3. Identify the vendors that will be part of the VMI at this stage – how many and which ones. Based on this number and the VMI's scope (Step 1.2), make sure you have the resources necessary to accommodate the number of vendors participating in the VMI. Proceed cautiously and gradually increase the number of vendors participating in the VMI.

    Step 3.1 – Classify vendors (cont'd)

    Finalize the results and update VMI tools and templates

    1. Update the vendor inventory tool (Step 1.7) to indicate the current classification status for the top 25 vendors by spend. Once your vendors have been classified, you can sort the vendor inventory tool by classification status to see all the vendors in that category at once.
    2. Review your three-year roadmap (Step 2.9) and 90-day plans (Step 2.6) to determine if any modifications are needed to the activities and timelines.

    Additional classification considerations:

    • You should only have a few vendors that fit in the strategic category. As a rough guideline, no more than 5% to 10% of your IT vendors should end up in the strategic category. If you have many vendors, even 5% may be too many. the classification model is an objective start to the classification process, but common sense must prevail over the "math" at the end of the day.
    • At this point, there is no need to go beyond the top 25 by spend. Most VMIs starting out can't handle more than three to five strategic vendors initially. Allow the VMI to run a pilot program with a small sample size, work out any bugs, make adjustments, and then ramp up the VMI's rollout in waves. Vendors can be added quarterly, biannually, or annually, depending upon the desired goals and available resources.

    Step 3.1 – Classify vendors (cont'd)

    Align your vendor strategy to your classification results

    As your VMI matures, additional vendors will be part of the VMI. Review the table below and incorporate the applicable strategies into your deployment of vendor management principles over time. Stay true to your mission, goals, and scope, and remember that not all your vendors are of equal importance.

    Operational

    Strategic
    • Focus on spend containment
    • Concentrate on lowering total cost of ownership
    • Invest moderately in cultivating the relationship
    • Conduct BAMs biannually or annually
    • Compile scorecards quarterly or biannually
    • Identify areas for performance and cost improvement
    • Focus on value, collaboration, and alignment
    • Review market intelligence for the vendor's industry
    • Invest significantly in cultivating the relationship
    • Initiate executive-to-executive relationships
    • Conduct BAMs quarterly
    • Compile scorecards quarterly
    • Understand how the vendors view your organization

    Commodity

    Tactical
    • Investigate vendor rationalization and consolidation
    • Negotiate for the best-possible price
    • Leverage competition during negotiations
    • Streamline the purchasing and payment process
    • Allocate minimal VMI resources
    • Assign the lowest priority for vendor management metrics
    • Conduct risk assessments biannually or annually
    • Cultivate a collaborative relationship based on future growth plans or potential with the vendor
    • Conduct BAMs quarterly or biannually
    • Compile scorecards quarterly
    • Identify areas of performance improvement
    • Leverage innovation and creative problem solving

    Step 3.1 – Classify vendors (cont'd)

    Be careful when using the word "partner" with your strategic and other vendors

    For decades, vendors have used the term "partner" to refer to the relationship they have with their clients and customers. This is often an emotional ploy used by the vendors to get the upper hand. To fully understand the terms "partner" and "partnership", let's evaluate them through two more objective, less cynical lenses.

    If you were to talk to your in-house or outside legal counsel, you may be told that partners share in profits and losses, and they have a fiduciary obligation to each other. Unless there is a joint venture between the parties, you are unlikely to have a partnership with a vendor from this perspective.

    What about a "business" partnership — one that doesn't involve sharing profits and losses? What would that look like? Here are some indicators of a business partnership (or preferably a strategic alliance):

    • Trust and transparent communication exist.
    • You have input into the vendor's roadmap for products and services.
    • The vendor is aligned with your desired outcomes and helps you achieve success.
    • You and the vendor are accountable for actions and inactions, with both parties being at risk.
    • There is parity in the peer-to-peer relationships between the organizations (e.g. C-Level to C-Level).
    • The vendor provides transparency in pricing models and proactively suggests ways for you to reduce costs.
    • You and the vendor work together to make each party better, providing constructive feedback on a regular basis.
    • The vendor provides innovative suggestions for you to improve your processes, performance, the bottom line, etc.
    • Negotiations are not one-sided; they are meaningful and productive, resulting in an equitable distribution of money and risk.

    Step 3.1 – Classify vendors (cont'd)

    Understand the implications and how to leverage the words "partner" and "partnership"

    By now you might be thinking, "What's all the fuss? Why does it matter?" At Info-Tech, we've seen firsthand how referring to the vendor as a partner can have the following impact:

    • Confidences are disclosed unnecessarily.
    • Negotiation opportunities and leverage are lost.
    • Vendors no longer have to earn the customer's business.
    • Vendor accountability is missing due to shared responsibilities.
    • Competent skilled vendor resources are assigned to other accounts.
    • Value erodes over time since contracts are renewed without being competitively sourced.
    • One-sided relationships are established, and false assurances are provided at the highest levels within the customer organization.

    Proceed with caution when using partner or partnership with your vendors. Understand how your organization benefits from using these terms and mitigate the negatives outlined above by raising awareness internally to ensure people understand the psychology behind the terms. Finally, use the term to your advantage when warranted by referring to the vendor as a partner when you want or need something that the vendor is reluctant to provide. Bottom line: be strategic in how you refer to vendors and know the risks.

    Step 3.2 – Compile scorecards

    Begin scoring your top vendors

    The scorecard process typically is owned and operated by the VMI, but the actual rating of the criteria within the measurement categories is conducted by those with day-to-day interactions with the vendors, those using or impacted by the services and products provided by the vendors, and those with the skills to research other information on the scorecard (e.g. risk). Chances are one person will not be able to complete an entire scorecard by themselves. As a result, the scorecard process is a team sport comprised of sub-teams where necessary.

    The VMI will compile the scores, calculate the final results, and aggregate all the comments into one scorecard. There are two common ways to approach this task:

    1. Send out the scorecard template to those who will be scoring the vendor and ask them to return it when completed, providing them with a due date a few days before you need it; you'll need time to compile, calculate, and aggregate.
    2. Invite those who will be scoring the vendor to a meeting and let the contributors use that time to score the vendors; make VMI team members available to answer questions and facilitate the process.

    Step 3.2 – Compile scorecards (cont'd)

    Gather input from stakeholders and others impacted by the vendors

    Since multiple people will be involved in the scorecarding process or have information to contribute, the VMI will have to work with the reviewers to ensure he right mix of data is provided. For example:

    • If you are tracking lawsuits filed by or against the vendor, one person from Legal may be able to provide that, but they may not be able to evaluate any other criteria on the scorecard.
    • If you are tracking salesperson competencies, multiple people from multiple areas may have valuable insights.
    • If you are tracking deliverable timeliness, several project managers may want to contribute across several projects.

    Where one person is contributing exclusively to limited criteria, make it easy for them to identify the criteria they are to evaluate. When multiple people from the same functional area will provide insights, they can contribute individually (and the VMI will average their responses) or they can respond collectively after reaching consensus as a group.

    After the VMI has compiled, calculated, and aggregated, share the results with executives, impacted stakeholders, and others who will be attending the BAM for that vendor. Depending upon the comments provided by internal personnel, you may need to create a sanitized version of the scorecard for the vendor.

    Make sure your process timeline has a buffer built in. You'll be sending the final scorecard to the vendor three to five days before the BAM, and you'll need some time to assemble the results. The scorecarding process can be perceived as a low-priority activity for people outside of the VMI, and other "priorities" will arise for them. Without a timeline buffer, the VMI may find itself behind schedule and unprepared, due to things beyond its control.

    Step 3.3 – Conduct business alignment meetings

    Determine which vendors will participate and how long the meetings will last

    At their core, BAMs aren't that different from any other meeting. The basics of running a meeting still apply, but there are a few nuances that apply to BAMs. Set out below are leading practices for conducing your BAMs; adapt them to meet your needs and suit your environment.

    Who

    Initially, BAMs are conducted with the strategic vendors in your pilot program. Over time you'll add vendors until all your strategic vendors are meeting with you quarterly. After that, roll out the BAMs to those tactical and operational vendors located close to the strategic quadrant in the classification model (Steps 2.1 and 3.1) and as VMI resources allow. It may take several years before you are holding regular BAMs with all your strategic, tactical, and operational vendors.

    Duration

    Keep the length of your meetings reasonable. The first few with a vendor may need to be 60 to 90 minutes long. After that, you should be able to trim them to 45 minutes to 60 minutes. The BAM does not have to fill the entire time. When you are done, you are done.

    Step 3.3 – Conduct business alignment meetings (cont'd)

    Identify who will be invited and send out invitations

    Invitations

    Set up a recurring meeting whenever possible. Changes will be inevitable but keeping the timeline regular works to your advantage. Also, the vendors included in your initial BAMs won't change for twelve months. For the first BAM with a vendor, provide adequate notice; four weeks is usually sufficient, but calendars will fill up quickly for the main attendees from the vendor. Treat the meeting as significant and make sure your invitation reflects this. A simple meeting request will often be rejected, treated as optional, or ignored completely by the vendor's leadership team (and maybe yours as well!).

    Invitees

    Internal invitees should include those with a vested interest in the vendor's performance and the relationship. Other functional areas may be invited based on need or interest. Be careful the attendee list doesn't get too big. Based on this, internal BAM attendees often include representatives from IT, Sourcing/Procurement, and the applicable business units. At times, Finance and Legal are included.

    From the vendor's side, strive to have decision makers and key leaders attend. The salesperson/account manager is often included for continuity, but a director or vice president of sales will have more insights and influence. The project manager is not needed at this meeting due to the nature of the meeting and its agenda; however, a director or vice president from the product or service delivery area is a good choice. Bottom line: get as high into the vendor's organization as possible whenever possible; look at the types of contracts you have with that vendor to provide guidance on the type of people to invite.

    Step 3.3 – Conduct business alignment meetings (cont'd)

    Prepare for the Meetings and Maintain Control

    Preparation

    Send the scorecard and agenda to the vendor five days prior to the BAM. The vendor should provide you with any information you require for the meeting five days prior, as well.

    Decide who will run the meeting. Some customers like to lead, and others let the vendor present. How you craft the agenda and your preferences will dictate who runs the show.

    Make sure the vendor knows what materials they should bring to the meeting or have access to. This will relate to the agenda and any specific requests listed under the discussion points. You don't want the vendor to be caught off guard and unable to discuss a matter of importance to you.

    Running the BAM

    Regardless of which party leads, make sure you manage the agenda to stay on topic. This is your meeting – not the vendor's, not IT's, not Procurement's or Sourcing's. Don't let anyone hijack it.

    Make sure someone is taking notes. If you are running this virtually, consider recording the meeting. Check with your legal department first for any concerns, notices, or prohibitions that may impact your recording the session.

    Remember, this is not a sales call, and it is not a social activity. Innovation discussions are allowed and encouraged, but that can quickly devolve into a sales presentation. People can be friendly toward one another, but the relationship building should not overwhelm the other purposes.

    Step 3.3 – Conduct business alignment meetings (cont'd)

    Follow these additional guidelines to maximize your meetings

    More leading practices

    • Remind everyone that the conversation may include items covered by various confidentiality provisions or agreements.
    • Publish the meeting minutes on a timely basis (within 48 hours).
    • Focus on the bigger picture by looking at trends over time; get into the details only when warranted.
    • Meet internally immediately beforehand to prepare – don't go in cold. Review the agenda and the roles and responsibilities for the attendees.
    • Physical meetings are better than virtual meetings, but travel constraints, budgets, and pandemics may not allow for physical meetings.

    Final thoughts

    • When performance or the relationship is suffering, be constructive in your feedback and conversations rather than trying to assign blame; lead with the carrot rather than the stick.
    • Look for collaborative solutions whenever possible and avoid referencing the contract if possible. Communicate your willingness to help resolve outstanding issues.
    • Use inclusive language and avoid language that puts the vendor on the defensive.
    • Make sure that your meetings are not focused exclusively on the negative, but don't paint a rosy picture where one doesn't exist.
    • A vendor that is doing well should be commended. This is an important part of relationship building.

    Step 3.4 – Work the 90-day plan

    Monitor your progress and share your results

    Having a 90-day plan is a good start, but assuming the tasks on the plan will be accomplished magically or without any oversight can lead to failure. While it won't take a lot of time to work the plan, following a few basic guidelines will help ensure the 90-day plan gets results and wasn't created in vain.

    1. Measure and track your progress against the initial/current 90-day plan at least weekly; with a short timeline, any delay can have a huge impact.
    2. If adjustments are needed to any elements of the plan, understand the cause and the impact of those adjustments before making them.
    3. Make adjustments ONLY when warranted. The temptation will be to push activities and tasks further out on the timeline (or to the next 90-day plan!) when there is any sort of hiccup along the way, especially when personnel outside the VMI are involved. Hold true to the timeline whenever possible; once you start slipping, it often becomes a habit.
    4. Report on progress every week and hold people accountable for their assignments and contributions.
    5. Take the 90-day plan seriously and treat it as you would any significant project. This is part of the VMI's branding and image.

    Step 3.5 – Manage the three-year roadmap

    Keep an eye on the future since it will feed the present

    The three-year roadmap is a great planning tool, but it is not 100% reliable. There are inherent flaws and challenges. Essentially, the roadmap is a set of three "crystal balls" attempting to tell you what the future holds. The vision for year 1 may be clear, but for each subsequent year, the crystal ball becomes foggier. In addition, the timeline is constantly changing; before you know it, tomorrow becomes today and year 2 becomes year 1.

    To help navigate through the roadmap and maximize its potential, follow these principles:

    • Manage each year of the roadmap differently.
      • Review the year-1 map each quarter to update your 90-day plans (See steps 2.10 and 3.4).
      • Review the year-2 map every six months to determine if any changes are necessary. As you cycle through this, your vantage point of year 2 will be 6 months or 12 months away from the beginning of year 2, and time moves quickly.
      • Review the year-3 map annually, and determine what needs to be added, changed, or deleted. Each time you review year 3, it will be a "new" year 3 that needs to be built.
    • Analyze the impact on the proposed modifications from two perspectives: 1) What is the impact if a requested modification is made? 2) What is the impact if a requested modification is not made?
    • Validate all modifications with leadership and stakeholders before updating the three-year roadmap to ensure internal alignment.

    Step 3.6 – Develop/improve vendor relationships

    Drive better performance through better relationships

    One of the key components of a VMI is relationship management. Good relationships with your vendors provide many benefits for both parties, but they don't happen by accident. Do not assume the relationship will be good or is good merely because your organization is buying products and services from a vendor.

    In many respects, the VMI should mirror a vendor's sales organization by establishing relationships at multiple levels within the vendor organizations, not just with the salesperson or account manager. Building and maintaining relationships is hard work, but the return on investment makes it worthwhile.

    Business relationships are comprised of many components, not all of which must be present to have a great relationship. However, there are some essential components. Whether you are trying to develop, improve, or maintain a relationship with a vendor, make sure you are conscious of the following:

    • Focusing your energies on strategic vendors first and then tactical and operational vendors.
    • Being transparent and honest in your communications.
    • Continuously building trust by being responsive and honoring commitments (timely).
    • Creating a collaborative environment and build upon common ground.
    • Thanking the vendor when appropriate.
    • Resolving disputes early, avoiding the "blame game", and being objective when there are disagreements.

    Phase 4 - Review

    Keep your VMI up to date and running smoothly

    Phase 1

    Phase 2Phase 3Phase 4

    1.1 Mission Statement and Goals

    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    2.1 Classification Model

    2.2 Risk Assessment Tool

    2.3 Scorecards and Feedback

    2.4 Business Alignment Meeting Agenda

    2.5 Relationship Alignment Document

    2.6 Vendor Orientation

    2.7 3-Year Roadmap

    2.8 90-Day Plan

    2.9 Quick Wins

    2.10 Reports

    3.1 Classify Vendors

    3.2 Compile Scorecards

    3.3 Conduct Business Alignment Meetings

    3.4 Work the 90-Day Plan

    3.5 Manage the 3-Year Roadmap

    3.6 Develop/Improve Vendor Relationships

    4.1 Incorporate Leading Practices

    4.2 Leverage Lessons Learned

    4.3 Maintain Internal Alignment

    This phase will walk you through the following activity:

    • Helping the VMI identify what it should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Others as needed

    Vendor Management Initiative Basics for the Small/Medium Businesses

    Phase 4 – Review

    Keep your VMI up to date and running smoothly

    As the adage says, "The only thing constant in life is change." This is particularly true for your VMI. It will continue to mature, people inside and outside of the VMI will change, resources will expand or contract from year to year, your vendor base will change. As a result, your VMI needs the equivalent of a physical every year. In place of bloodwork, x-rays, and the other paces your physician may put you through, you'll assess compliance with your policies and procedures, incorporate leading practices, leverage lessons learned, maintain internal alignment, and update governances.

    Be thorough in your actions during this Phase to get the most out of it. It requires more than the equivalent of gauging a person's health by taking their temperature, measuring their blood pressure, and determining their body mass index. Keeping your VMI up-to-date and running smoothly takes hard work.

    Some of the items presented in this Phase require an annual review; others may require quarterly review or timely review (i.e. when things are top of mind and current). For example, collecting lessons learned should happen on a timely basis rather than annually, and classifying your vendors should occur annually rather than every time a new vendor enters the fold.

    Ultimately, the goal is to improve over time and stay aligned with other areas internally. This won't happen by accident. Being proactive in the review of your VMI further reinforces the nature of the VMI itself – proactive vendor management, not reactive!

    Step 4.1 – Incorporate leading practices

    Identify and evaluate what external VMIs are doing

    The VMI's world is constantly shifting and evolving. Some changes will take place slowly, while others will occur quickly. Think about how quickly the cloud environment has changed over the past five years versus the 15 years before that; or think about issues that have popped up and instantly altered the landscape (we're looking at you COVID and ransomware). As a result, the VMI needs to keep pace, and one of the best ways to do that is to incorporate leading practices.

    At a high level, a leading practice is a way of doing something that is better at producing a particular outcome or result or performing a task or activity than other ways of proceeding. The leading practice can be based on methodologies, tools, processes, procedures, and other items. Leading practices change periodically due to innovation, new ways of thinking, research, and other factors. Consequently, a leading practice is to identify and evaluate leading practices each year.

    Step 4.1 – Incorporate leading practices (cont'd)

    Update your VMI based on your research

    • A simple approach for incorporating leading practices into your regular review process is set out below:
    • Research:
      • What other VMIs in your industry are doing.
      • What other VMIs outside your industry are doing.
      • Vendor management in general.
    • Based on your results, list specific leading practices others are doing that would improve your VMI (be specific – e.g. other VMIs are incorporating risk into their classification process).
    • Evaluate your list to determine which of these potential changes fit or could be modified to fit your culture and environment.
    • Recommend the proposed changes to leadership (with a short business case or explanation/justification, as needed) and gain approval.

    Remember: Leading practices or best practices may not be what is best for you. In some instances, you will have to modify them to fit in your culture and environment; in other instances, you will elect not to implement them at all (in any form).

    Step 4.2 – Leverage lessons learned

    Tap into the collective wisdom and experience of your team members

    There are many ways to keep your VMI running smoothly, and creating a lessons learned library is a great complement to the other ways covered in this Phase 4 - Review. By tapping into the collective wisdom of the team and creating a safe feedback loop, the VMI gains the following benefits:

    • Documented institutional wisdom and knowledge normally found only in the team members' brains.
    • The ability for one team member to gain insights and avoid mistakes without having to duplicate the events leading to the insights or mistakes.
    • Improved methodologies, tools, processes, procedures, skills, and relationships.

    Many of the processes raised in this Phase can be performed annually, but a lessons learned library works best when the information is deposited in a timely manner. How you choose to set up your lessons learned process will depend on the tools you select and your culture. You may want to have regular input meetings to share the lessons as they are being deposited, or you may require team members to deposit lessons learned on a regular basis (within a week after they happen, monthly, or quarterly). Waiting too long can lead to vague or lost memories and specifics; timeliness of the deposits is a crucial element.

    Step 4.2 – Leverage lessons learned (cont'd)

    Create a library to share valuable information across the team

    Lessons learned are not confined to identifying mistakes or dissecting bad outcomes. You want to reinforce good outcomes, as well. When an opportunity for a lessons-learned deposit arises, identify the following basic elements:

    • A brief description of the situation and outcome.
    • What went well (if anything) and why did it go well?
    • What didn't go well (if anything) and why didn't it go well?
    • What would/could you do differently next time?
    • A synopsis of the lesson(s) learned.

    Info-Tech Insights

    The lessons learned library needs to be maintained. Irrelevant material needs to be culled periodically, and older or duplicate material may need to be archived.

    the lessons learned process should be blameless. The goal is to share insightful information, not to reward or punish people based on outcomes or results.

    Step 4.3 – Maintain internal alignment

    Review the plans of other internal areas to stay in sync

    Maintaining internal alignment is essential for the ongoing success of the VMI. Over time, it is easy to lose sight of the fact that the VMI does not operate in a vacuum; it is an integral component of a larger organization whose parts must work well together to function optimally. Focusing annually on the VMI's alignment within the enterprise helps reduce any breakdowns that could derail the organization.

    To ensure internal alignment:

    • Review the key components of the applicable materials from Phase 1 - Plan and Phase 2 - Build with the appropriate members of the leadership team (e.g. executives, sponsors, and stakeholders). Not every item from those Phases and Steps needs to be reviewed but err on the side of caution for the first set of alignment discussions, and be prepared to review each item. You can gauge the audience's interest on each topic and move quickly when necessary or dive deeper when needed. Identify potential changes required to maintain alignment.
    • Review the strategic plans (e.g. 1-, 3-, and 5- year plans) for various portions of the organization if you have access to them or gather insights if you don't have access.
      • If the VMI is under the IT umbrella, review the strategic plans for IT and its departments.
      • Review the strategic plans for the areas the VMI works with (e.g. Procurement, Business Units).
      • The organization itself.
    • Create and vet a list of modifications to the VMI and obtain approval.
    • Develop a plan for making the necessary changes.

    Summary of Accomplishment

    Problem solved

    Vendor management is a broad, often overwhelming, comprehensive spectrum that encompasses many disciplines. By now, you should have a great idea of what vendor management can or will look like in your organization. Focus on the basics first: Why does the VMI exist and what does it hope to achieve? What is it's scope? What are the strengths you can leverage, and what obstacles must you manage? How will the VMI work with others? From there, the spectrum of vendor management will begin to clarify and narrow.

    Leverage the tools and templates from this blueprint and adapt them to your needs. They will help you concentrate your energies in the right areas and on the right vendors to maximize the return on your organization's investment in the VMI of time, money, personnel, and other resources. You may have to lead by example internally and with your vendors at first, but they will eventually join you on your path if you stay true to your course.

    At the heart of a good VMI is the relationship component. Don't overlook its value in helping you achieve your vendor management goals. The VMI does not operate in a vacuum, and relationships (internal and external) will be critical.

    Lastly, seek continual improvement from the VMI and from your vendors. Both parties should be held accountable, and both parties should work together to get better. Be proactive in your efforts, and you, the VMI, and the organization will be rewarded.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop

    Contact your account representative for more information

    workshops@infotech.com
    1-888-670-8889

    Related Info-Tech Research

    Prepare for Negotiations More Effectively
    Don't leave negotiation preparations and outcomes to chance. Learn how to prepare for negotiations more effectively and improve your results.

    Understand Common IT Contract Provisions to Negotiate More Effectively
    Info-Tech's guidance and insights will help you navigate the complex process of contract review and identify the key details necessary to maximize the protections for your organization.

    Capture and Market the ROI of Your VMO
    Calculating the impact or value of a vendor management office (VMO) can be difficult without the right framework and tools. Let Info-Tech's tools and templates help you account for the contributions made by your VMO.

    Bibliography

    Slide 5 – ISG Index 4Q 2021, Information Services Group, Inc., 2022.

    Slide 6 – ISG Index 4Q 2021, Information Services Group, Inc., 2022.

    Slide 7 – Geller & Company. "World-Class Procurement — Increasing Profitability and Quality." Spend Matters. 2003. Web. Accessed 4 Mar. 2019.

    Slide 26 – Guth, Stephen. The Vendor Management Office: Unleashing the Power of Strategic Sourcing. Lulu.com, 2007. Print. Protiviti. Enterprise Risk Management. Web. 16 Feb. 2017.

    Slide 34 – "Why Do We Perform Better When Someone Has High Expectations of Us?" The Decision Lab. Accessed January 31, 2022.

    Slide 56 - Top 10 Tips for Creating Compelling Reports," October 11, 2019, Design Eclectic. Accessed March 29, 2022.

    Slide 56 – "Six Tips for Making a Quality Report Appealing and Easy To Skim," Agency for Health Research and Quality. Accessed March 29, 2022.

    Slide 56 –Tucker, Davis. Marketing Reporting: Tips to Create Compelling Reports, March 28, 2020, 60 Second Marketer. Accessed March 29, 2022.

    Stabilize Release and Deployment Management

    • Buy Link or Shortcode: {j2store}453|cart{/j2store}
    • member rating overall impact (scale of 10): 9.6/10 Overall Impact
    • member rating average dollars saved: $38,699 Average $ Saved
    • member rating average days saved: 37 Average Days Saved
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management

    Lack of control over the release process, poor collaboration between teams, and manual deployments lead to poor quality releases at a cost to the business.

    Our Advice

    Critical Insight

    • Manage risk. Release management should stabilize the IT environment. A poorly designed release can take down the whole business. Rushing releases out the door leads to increased risk for the business.
    • Quality processes are key. Standardized process will enable your release and deployment management teams to have a framework to deploy new releases with minimal chance of costly downtime further down the production chain.
    • Business must own the process. Release managers need oversight of the business to remain good stewards of the release management process.

    Impact and Result

    • Be prepared with a release management policy. With vulnerabilities discovered and published at an alarming pace, organizations have to build a plan to address and fix them quickly. A detailed release and patch policy should map out all the logistics of the deployment in advance, so that when necessary, teams can handle rollouts like a well-oiled machine.
    • Automate your software deployment and patch management strategy. Replace tedious and time-consuming manual processes with the use of automated release and patch management tools. Some organizations have a variety of release tools for various tasks and processes to ensure all or most of the required processes are covered across a diverse development environment.
    • Test deployments and monitor your releases. Larger organizations may have the luxury of a test environment prior to deployment, but that may be cost prohibitive for smaller organizations. If resources are a constraint, roll out the patch gradually and closely monitor performance to be able to quickly revert in the event of an issue.

    Stabilize Release and Deployment Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should control and stabilize your release and deployment management practice while improving the quality of releases and deployments, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Analyze current state

    Begin improving release management by assessing the current state and gaining a solid understanding of how core operational processes are actually functioning within the organization.

    • Stabilize Release and Deployment Management – Phase 1: Analyze Current State
    • Release Management Maturity Assessment
    • Release Management Project Roadmap Tool
    • Release Management Workflow Library (Visio)
    • Release Management Workflow Library (PDF)
    • Release Management Standard Operating Procedure
    • Patch Management Policy
    • Release Management Policy
    • Release Management Deployment Tracker
    • Release Management Build Procedure Template

    2. Plan releases and deployments

    Plan releases to gather all the pieces in one place and define what, why, when, and how a release will happen.

    • Stabilize Release and Deployment Management – Phase 2: Release and Deployment Planning

    3. Build, test, deploy

    Take a holistic and comprehensive approach to effectively designing and building releases. Get everything right the first time.

    • Stabilize Release and Deployment Management – Phase 3: Build, Test, Deploy

    4. Measure, manage, improve

    Determine desired goals for release management to ensure both IT and the business see the benefits of implementation.

    • Stabilize Release and Deployment Management – Phase 4: Measure, Manage, Improve
    [infographic]

    Workshop: Stabilize Release and Deployment Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Analyze Current State

    The Purpose

    Release management improvement begins with assessment of the current state.

    Key Benefits Achieved

    A solid understanding of how core operational processes are actually functioning within the organization.

    Activities

    1.1 Evaluate process maturity.

    1.2 Assess release management challenges.

    1.3 Define roles and responsibilities.

    1.4 Review and rightsize existing policy suite.

    Outputs

    Maturity Assessment

    Release Management Policy

    Release Management Standard Operating Procedure

    Patch Management Policy

    2 Release Management Planning

    The Purpose

    In simple terms, release planning puts all the pertinent pieces in one place.

    Key Benefits Achieved

    It defines the what, why, when, and how a release will happen.

    Activities

    2.1 Design target state release planning process.

    2.2 Define, bundle, and categorize releases.

    2.3 Standardize deployment plans and models.

    Outputs

    Release Planning Workflow

    Categorization and prioritization schemes

    Deployment models aligned to release types

    3 Build, Test, and Deploy

    The Purpose

    Take a holistic and comprehensive approach to effectively designing and building releases.

    Key Benefits Achieved

    Standardize build and test procedures to begin to drive consistency.

    Activities

    3.1 Standardize build procedures for deployments.

    3.2 Standardize test plans aligned to release types.

    Outputs

    Build procedure for hardware and software releases

    Test models aligned to deployment models

    4 Measure, Manage, and Improve

    The Purpose

    Determine and define the desired goals for release management as a whole.

    Key Benefits Achieved

    Agree to key metrics and success criteria to start tracking progress and establish a post-deployment review process to promote continual improvement.

    Activities

    4.1 Determine key metrics to track progress.

    4.2 Establish a post-deployment review process.

    4.3 Understand and define continual improvement drivers.

    Outputs

    List of metrics and goals

    Post-deployment validation checklist

    Project roadmap

    Assess Your Readiness to Implement UCaaS

    • Buy Link or Shortcode: {j2store}305|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Voice & Video Management
    • Parent Category Link: /voice-video-management
    • Employees no longer work in the office all the time and have adopted a hybrid or remote policy.
    • Security is on your mind when it comes to the risks associated with data and voice across the internet.
    • You are unaware of the technology used by other departments, such as sales and marketing.

    Our Advice

    Critical Insight

    • The importance of doing your due diligence and building out requirements is paramount to deciding on what UCaaS solution works for you. Even if you decide not to pursue this cloud-based service, at least you have done your homework.
    • There are five reasons you should migrate to UCaaS: flexibility & scalability, productivity, enhanced security, business continuity, and cost savings. Challenge your selection with these criteria at your foundation and you cannot go wrong.

    Impact and Result

    With features such as messaging, collaboration tools, and video conferencing, UCaaS enables users to be more effective regardless of location and device. This can lead to quicker decision making and reduce communication delays.

    Assess Your Readiness to Implement UCaaS Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess Your Readiness to Implement UCaaS Storyboard – Research that reviews the business drivers to move to a UCaaS solution.

    In addition to examining the benefits of UCaaS, this deck covers how to drive toward an RFP and convince the C-suite to champion your UCaaS strategy.

    • Assess Your Readiness to Implement UCaaS Storyboard

    2. UCaaS Readiness Questionnaire – Three sets of questions to help determine your organization's readiness to move to a UCaaS platform.

    This questionnaire is a starting point. Sections include: 1) Current State Questionnaire, 2) IT Infrastructure Readiness Questionnaire, and 3) UCaaS Vendor Questionnaire. These questions can also be added to an RFP for UCaaS vendors you may want to work with.

    • UCaaS Readiness Questionnaire
    [infographic]

    Further reading

    Assess Your Readiness to Implement UCaaS

    Unified communication as a service (UCaaS) is already here. Find the right solution for your organization, whether it is Teams Phone or another solution.

    Analyst Perspective

    UCaaS is the solution to the hybrid and remote working world

    Hybrid/remote work is a reality and there is little evidence to prove otherwise despite efforts to return employees to the office. A 2023 survey from Zippia says 74% of US companies are planning to or have implemented hybrid work policies. Given the reality of the new ways people work, there’s a genuine need for a UCaaS solution.

    The days of on-premises private branch exchange (PBX) and legacy voice over internet protocol (VoIP) solutions are numbered, and organizations are examining alternative solutions to redundant desk phones. The stalwarts of voice solutions, Cisco and Avaya, have seen the writing on the wall for some time: the new norm must be a cloud-based solution that integrates via API with content resource management (CRM), email, chat, and collaboration tools.

    Besides remaining agile when accommodating different work locations, it’s advantageous to be able to quickly scale and meet the needs of organizations and their employees. New technology is moving at such a pace that utilizing a UCaaS service is truly beneficial, especially given its AI, analytics, and mobile capabilities. Being held back by an on-premises solution that is capitalized over several years is not a wise option.

    Photo of John Donovan
    John Donovan
    Principle Research Director, I&O Practice
    Info-Tech Research Group

    Insight Summary

    Improved integration and communication in a hybrid world
    Unified communication as a service (UCaaS) integrates several tools into one platform to provide seamless voice, video, chat, collaboration, sharing and much more. The ability to work from anywhere and the ability to use application programming interfaces (APIs) to integrate content resource management (CRM) and other productivity tools into a unified environment is a key component of employee productivity, whether at the office or remote, or even on mobile devices.

    Simplify your maintenance, management, and support
    Communication and voice using a cloud provisioner has many benefits and makes life easier for your IT staff. No more ongoing maintenance, upgrades, patching and managing servers or private branch exchanges (PBXs). UCaaS is easy to deploy, and due to its scalability and flexibility, users can easily be added or removed. Now businesses can retire their legacy technical debt of voice hardware and old desk phones that clutter the office.

    Oversight on security
    The utilization of a software as a service (SaaS) platform in UCaaS form does by design risk data breaches, phishing, and third-party malware. Fortunately, you can safeguard your organization’s security by ensuring the vendor you choose features SOC2 certification, taking care of encryption, firewalls, two-factor authentication and security incident handling, and disaster recovery. The big players in the UCaaS world have these features.

    Executive Summary

    Your Challenge

    So, your legacy PBX is ready to be replaced. It has no support or maintenance contract, and you face a critical decision. You could face these challenges:

    • Employees no longer work in the office all the time and have adopted a hybrid or remote policy
    • Security risks associated with data and voice across the internet
    • Limited awareness of the technology used by some departments, such as sales and marketing

    Common Obstacles

    Businesses may worry about several obstacles when it’s time to choose a voice and collaboration solution. For example:

    • Concern over internet connectivity or disruptions
    • Uncertainty integrating systems with the platform
    • Unsure whether employees will embrace new tools/workflows that completely change how they work, collaborate, and communicate
    • Failure to perform due diligence when trying to choose the right solution for an organization

    Info-Tech’s Approach

    It’s critically important to perform due diligence and build out requirements when deciding what UCaaS solution works for you. Even if you decide not to pursue this cloud-based service, at least you will:

    • Determine your business case
    • Evaluate your roadmap for unified communication
    • Ask all the right questions to determine suitability

    In this advisory deck, you will see a set of questions you must ask including whether Teams is suitable for your business.

    Info-Tech Insight

    Determine your communication and collaboration needs. Evaluate your current use of voice, video, chat, collaboration, sharing, and mobility whether for the office or remote work. Evaluate your security and regulatory requirements and needs. Determine the integration requirements when evaluating top vendors.

    The evolution of unified communication

    How we moved from fax machines and desk phones to an integrated set of tools on one platform in the cloud

    A diagram that shows the evolution of unified communication from 1980s to 2020s.

    Business drivers for moving to UCaaS

    What organizations look to gain or save by moving to UCaaS solutions

    Flexibility and scalability
    Ability to add/remove users and services as appropriate for changing business needs, allowing for quick adaptation to changing markets.

    Productivity
    Offering features like messaging, collaboration tools, and video conferencing enables users to be more effective regardless of location and device. May lead to quicker decision making and reduced communication delays.

    Cost savings
    Eliminating the need for on-premises hardware and software, reducing maintenance and support costs. Predictable monthly billing.

    Business continuity
    Reducing risks of disruption or disaster. Allowing users to work from anywhere when the physical office is unavailable. Additional features can include disaster recovery and backup services.

    Enhanced security
    UCaaS providers usually offer advanced security and compliance features including encryption, firewall, intrusion detection, and certifications like HIPAA and SOC 2.

    KPIs to demonstrate success

    What key metrics should businesses measure to demonstrate a successful UCaaS project?
    What improvements are needed?
    What can be optimized?

    KPI Measurement
    User adoption rate
    • % of employees utilizing UCaaS solutions
    • # of users who completed UCaaS training/onboarding
    • # of calls or messages sent per user
    Call quality and reliability
    • % of calls with good to excellent quality
    • # of dropped calls or call disruption
    • Mean opinion score (MOS) for video and voice quality
    Cost savings
    • TCO for UCaaS compared to previous solution
    • Cost per month for UCaaS
    • Reduced hardware/maintenance and communication costs
    Improved productivity
    • Time saved with streamlined comms workflows
    • # of successful collaborative projects or meetings
    • Improved speed and quality for customer service or support
    Customer satisfaction
    • Net promoter score or CSAT
    • Positive customer reviews
    • Time-to-resolution of customer issues
    Scalability
    • Ability to add/remove/change user features as needed
    • Time to deploy new UCaaS features
    • Scalability of network to support increased UCaaS usage

    What are the surveys telling us?

    Different organizations adopt UCaaS solutions for different reasons

    95%

    Collaboration: No Jitter’s study on team collaboration found that 95% of survey respondents think collaborative communication apps are a necessary component of a successful communications strategy.
    Source: No Jitter, 2018.

    95%

    Security: When deploying remote communication solutions, 95% of businesses say they want to use VPN connections to keep data private.
    Source: Mitel, 2018.

    31%

    Flexibility: While there are numerous advantages to cloud-based communications, 31% of companies intend to use UCaaS to eliminate technical debt from legacy systems and processes.
    Source: Freshworks, 2019.

    UCaaS adoption

    While many organizations are widely adopting UCaaS, they still have data security concerns

    UCaaS deployments are growing

    UCaaS is growing at a rate that shows the market for UC is moving toward cloud-based voice and collaboration solutions at a rate of 29% year over year.

    Source: Synergy Research Group, 2017.

    Security is still a big concern

    While it’s increasingly popular to adopt cloud-based unified communication solutions, 70% of those companies are still concerned about their data security.

    Source: Masergy, 2022.


    Concerns around security range from encrypting conversations to controlling who has access to what data in the organization’s network to how video is managed on emerging video communications platforms.

    Info-Tech Insight

    Ensure you maintain a robust security posture with your data regardless of where it is being stored. Security breaches can happen at any location.

    UCaaS vs. on-premises UC

    A diagram that shows UCaaS benefits

    Main benefits of UCaaS

    • Rapid deployment: Cloud hosting provides the ability to deploy quickly.
    • Ease of management: It’s no longer necessary for companies to manage communications across multiple platforms and devices.
    • Better connection: The communication flow across teams and with customers is faster and easier with phone, messaging, audio and video conferencing available in one place.
    • Scalability: Since UCaaS is an on-demand service, companies can scale their communication needs to what’s immediately required at an affordable price.

    Info-Tech Insight

    There are five reasons you should migrate to UCaaS. They are advanced technology, easily scalable, cost efficiencies, highly available, and security. There are always outliers, but these five criteria are a reliable foundation when assessing a vendor/product.

    UCaaS architecture

    The 6 primary elements of UCaaS

    Unified communications as a service (UCaaS) is a cloud-based subscription service primarily for communication tools such as voice, video, messaging, collaboration, content sharing, and other cloud services over the internet. It uses VoIP to process calls.

    The popularity of UCaaS is increasing with the recent trend of users working remotely full or part-time and requiring collaboration tools for their work.

    • The main benefit to businesses is the ability to remove on-premises hardware and reduce technical debt.
    • Additionally, it removes the need for expensive up-front capital costs and reduces communications costs.
    • From a productivity perspective, delivering these services under one platform/service increases effective collaboration and allows instant communication regardless of device or location.

    A diagram that shows protocols

    Features available to UCaaS/UC

    Must-haves vs. nice-to-haves

    A diagram that shows Must-haves vs. nice-to-haves UC features

    Info-Tech Insight

    Decide what matters most to the organization when choosing the UC platform and applications. Divide criteria into must-have vs. nice-to-have categories.

    Security and UCaaS

    • Maintain company integrity
    • Enhance data security
    • Regulatory compliance
    • Reduce risk of fraud
    • Protect data for multiple devices

    What are the concerns? What is at risk?

    • DDoS attacks: Enterprise transactions are paralyzed by flooding of data across the network preventing access
    • Phishing: Users are tricked into clicking a URL and sharing an organization’s sensitive data
    • Ransomware: Malicious attack preventing the business from accessing data and demanding a ransom for access
    • Third-party malware: Software infected with a virus, trojan horse, worms, spyware, or even ransomware with malicious intent

    Security solutions in UCaaS

    End-to-end encryption is critical

    SRTP

    • Secure real-time protocol is a cryptographic protocol used to secure voice & video calls over IP networks
    • SRTP provides encryption, message authentication, and integrity protection for voice and data packets. Using advanced encryption standard (AES) reduces chance of DDoS attacks

    TLS

    • Transport layer security (TLS) is a cryptographic protocol that secures data in transit over the internet, protecting from interception and tampering

    VPNs and firewalls

    • Virtual private networks (VPNs) are used to secure and encrypt connections between remote devices and the network. UCaaS providers can use VPN to secure access from remote locations
    • Firewalls are your primary line of defense against unauthorized traffic entering or leaving the network

    SIP

    • Session initiated protocol (SIP) over TLS is used to initiate and terminate video and voice calls over the internet. UCaaS providers often use SIP over TLS to encrypt and secure SIP messages

    SSH

    • Secure shell (SSH) is a cryptographic network protocol used to secure remote access and communications over the network. SSH is often used by UCaaS providers to secure remote management and configuration of systems

    Info-Tech Insight

    Encryption is a must for securing data and voice packets across the internet. These packets can be vulnerable to eavesdropping techniques and local area network (LAN) breaches. This risk must be mitigated from end to end.

    UCaaS

    Seven vendors competing with Microsoft’s integrated suite of collaboration tools

    Zoom

    A logo of Zoom
    Best for large meetings and webinars

    Key features:

    • Virtual meetings up to 300 users, up to 1,000 with enterprise version
    • Team chat
    • Digital whiteboard
    • Phone

    RingCentral

    A logo of RingCentral
    Best for project management collaboration tools

    Key features:

    • Video conferencing up to 200 users
    • Chat
    • Voice calls
    • Video polls and captioning
    • Digital whiteboard

    Nextiva

    A logo of Nextiva
    Best for CRM support, best-in-class functionality and features

    Key features:

    • Single dashboard
    • Chat
    • Cospace collaboration tool
    • Templates
    • Voice and call pop

    GoTo Connect

    A logo of GoTo Connect
    Best for integration with other business apps

    Key features:

    • Video conferencing up to 250 participants
    • Meeting transcripts
    • Dial plan

    Dialpad

    A logo of Dialpad
    Best for small companies under 15 users

    Key features:

    • Video meetings up to 15 participants
    • AI transcripts with call summary
    • Call controls share screen, switch between devices
    • Channel conversations with calendar app

    WebEx

    A logo of WebEx
    Only vendor offering real-time translation & closed captioning

    Key features:

    • Video meetings up to 200 participants
    • Calling features with noise removal, call recording, and transcripts
    • Live polling and Q&A

    Google Workspace

    A logo of Google Workspace
    Best for whole team collaboration for docs and slides

    Key features:

    • Google meet video
    • Collaboration on docs, sheets, and slides
    • Google chat and spaces
    • Calendars with sync updates with Gmail and auto-reminders

    Avaya and Cisco

    The major players in the VoIP on-premises PBX world have moved to a cloud experience to compete with Microsoft and other UCaaS players

    Avaya offers the OneCloud UC platform. It is one of the last UC vendors to offer on-premises solutions. In a market which is moving to the cloud at a serious pace, Avaya retains a 14% share. It made a strategic partnership with RingCentral in 2019 and in February 2021 they formed a joint venture which is now called Avaya Cloud Office, a UCaaS solution that integrates Avaya’s communication and collaboration solution with the RingCentral cloud platform.

    With around 33% of the UC market, Cisco also has a selection of UC products and services for on-premises deployment and the cloud, including WebEx Calling, Jabber, Unity Connections for voice messaging, and Single Number Reach for extensive telephony features.

    Both vendors support on-premises and cloud-based solutions for UC.

    Services provided by Avaya and Cisco in the UCaaS space

    A logo of Avaya Cloud Office
    Avaya Cloud Office

    • Voice calling: Cloud-based phone system over the internet with call forwarding, call transfer, voice mail, and more
    • Video conferencing: Virtual meetings for real-time collaboration, screen sharing, virtual backgrounds, video layout, meeting recording, whiteboarding and annotation, and virtual waiting room
    • Messaging: A feature that allows users to send and receive instant messages and SMS text messaging on the same platform
    • Collaboration: Work together on documents and projects in real time. File sharing and task management
    • Contact center: Manage customer interactions across voice, email, chat, and social media
    • Mobile app: Allows users to access communication and collaboration features on smartphones and tablets

    A logo of Cisco WebEx
    Cisco WebEx

    • Voice calling: Cisco WebEx calling provides cloud-based phone system over the internet including call forwarding, transfer, and voice mail
    • Video conferencing: Features include virtual meeting and real-time collaboration, screen sharing, and virtual backgrounds and layouts, highly scalable to large audiences
    • Messaging: Features include chat and SMS
    • Collaboration: Allows users to work together on docs and projects in real time, including file sharing and task management
    • Contact center: Multiple contact center solutions offered for small, medium, and large enterprises
    • Mobile app: Software clients for Jabber on cellphones
    • Artificial intelligence: Business insights, automatic transcripts, notes, and highlights to capture the meeting

    Service desk and contact center cloud options

    INDUSTRY: All industries
    SOURCE: Software reviews

    What vendors offer and what they don’t

    RingCentral integrates with some popular contact centers such as Five 9, Talkdesk and Sharpen. They also have a built-in contact center solution that can be integrated with their messaging and video conferencing tools.

    GoToConnect integrates with several leading customer service providers including Zendesk and Salesforce Service Cloud They also offer a built-in contact center solution with advanced call routing and management features.

    WebEx integrates with a variety of contact center and customer service platforms including Five9, Genesys, and ServiceNow.

    Dialpad integrates with contact center platforms such as Talkdesk and ServiceNow as well as CRM tools such as Salesforce and HubSpot.

    Google Workspace integrates with third-party contact center platforms through their Google Cloud Contact Center AI offering.

    SoftwareReviews

    A diagram that shows some top cloud options in Software reviews

    UCaaS comparison table

    A diagram of a UCaaS comparison table
    * Some reported issues around sound and voice quality may be due to network
    **Limited to certain plans

    Differences between UCaaS and CPaaS

    UCaaS

    CPaaS

    Defined

    Unified communication as a service – a cloud-based platform providing a suite of tools like voice, video messaging, file sharing & contact center.

    Communication platform as a service – a cloud-based platform allowing developers to use APIs to integrate real-time communications into their own applications.

    Functionality

    Designed for end users accessing a suite of tools for communication and collaboration through a unified platform.

    Designed for developers to create and integrate comms features into their own applications.

    Use cases

    Replace aging on-premises PBX systems with consolidated voice and collaboration services.

    Embedded communications capabilities into existing applications through SDKs, Java, and .NET libraries.

    Cost

    Often has a higher cost depending on services provided which can be quite comprehensive.

    Can be more cost effective than UCaaS if the business only requires a few communication features Integrated into their apps.

    Customization

    Offers less customization as it provides a predefined suite of tools that are rarely customized.

    Highly flexible and customizable so developers can build and integrate to fit unique use cases.

    Vendors

    Zoom, MS Teams, Cisco WebEx, RingCentral 8x8, GoTo Meeting, Slack, Avaya & many more.

    Twilio, Vonage, Pivo, MessageBird, Nexmo, SignalWire, CloudTalk, Avaya OneCloud, Telnyx, Voximplant, and others.

    Microsoft Teams Phone

    UCaaS for Microsoft 365

    Consider your approach to the telephony question. Microsoft incorporates telephony functionality with their broader collaboration suite. Other providers do the opposite.

    Microsoft’s voice solution

    These options allow you to plan for an all-cloud solution, connect to your own carrier, or use a combination of all cloud with a third-party carrier. Caveat: Calling plans must be available in your country or region.

    How do you connect with the public switched telephone network (PSTN)?

    Microsoft has three options for connecting the phone system to the PSTN:

    Calling Plan

    • Uses Microsoft's phone system and adds a domestic and international calling plan, which enables worldwide calling but depends on your chosen license
    • Since PSTN Calling Plan operates out of Microsoft 365, you are not required to deploy/maintain on-premises hardware
    • Customers can connect a supported session border controller (SBC) via direct routing if it’s necessary to operate with third-party PBX analog devices or other voice solutions supported by the SBC
    • You can assign your phone numbers directly in the Teams Admin Center

    This plan will work for you if:

    • There is a calling plan available in your region
    • You don’t need to maintain your PSTN carrier
    • You want to use Microsoft's managed PSTN
    • No SBC is necessary in your organization
    • Teams provides all the features your business needs

    Operator Connect

    • Leverage existing contracts or find a new operator from a selection of participating operators
    • Operator-managed infrastructure, your operator manages PSTN calling services and SBC
    • Faster, easier deployment, quickly connect to your operator and assign phone numbers directly from Teams Admin Center
    • Enhanced support and reliability, operators provide technical support and shared service level agreements
    • Customers can connect a supported SBC via Direct Routing for interoperability with third-party PBXs, analog devices, and other third-party voice solution equipment supported by SBC

    This plan will work for you if:

    • There is no calling plan available in your region
    • Your preferred carrier participates in the Microsoft operator connect plan
    • You are looking to get a new operator that enables calling in Teams

    Direct Routing

    • Connect your own supported SBC to Microsoft Phone System directly without needing additional on-premises software
    • Use virtually any voice solution carrier with Microsoft Phone System
    • Can be configured and managed by customers or by your carrier or partner (ask if your carrier or partner provides this option)
    • Configure interoperability between your voice solution equipment (e.g., a third-party PBX and analog devices) and Microsoft Phone System
    • Assign phone numbers directly from Teams Admin Center

    This plan will work for you if:

    • You want to use Teams with Phone System
    • You need to retain your current PSTN carrier
    • You want to mix routing – some calls are going via Calling Plans, some via your carrier
    • You need to interoperate with third-party PBXs and/or equipment such as overhead pagers, analog devices
    • Teams has all the features that your organization requires


    For more information, go to Microsoft Teams call flows.

    Teams phone architecture

    Microsoft offers three options that can be deployed based on several factors and questions you must answer.

    Microsoft Teams phone considerations when connecting to a PSTN

    • Do you want to move on-premises users to the cloud?
    • Is Microsoft's PSTN Calling Plan available in your region?
    • Is your preferred operator a participant in the Microsoft Operator Connect Program?
    • Do you want or need to keep your current voice carrier (e.g., does an existing contract require you to do so)?
    • Do you have an existing on-premises legacy PBX that you want or need to keep?
    • Does your current legacy PBX offer unique business-critical features?
    • Do all/any of your users require features not currently offered in Phone System?

    1. Phone System with Calling Plan

    All in the cloud for Teams users
    A diagram that shows Phone System with Calling Plan.

    Infrastructure requirements:

    Requires uninterrupted connection with Microsoft 365 Yes
    Available worldwide* No
    Requires deploying and maintaining a supported session border controller (SBC) No
    Requires contract with third-party carrier No

    *List of countries where calling plans are available: aka.ms/callingplans

    2. Phone System with own carrier via operator connect

    Phone system in the cloud; connectivity to on-premises voice network for Teams users
    A diagram that shows Phone System with own carrier via operator connect

    Infrastructure requirements:

    Requires uninterrupted connection with Microsoft 365 Yes
    Available worldwide* No
    Requires deploying and maintaining a supported session border controller (SBC) No
    Requires contract with third-party carrier Yes

    *List of countries where Operator Connect is available: aka.ms/operatorconnect

    3. Phone System with own carrier via Direct Routing

    Phone system in the cloud; connectivity to on-premises voice network for Teams users
    A diagram that shows Phone System with own carrier via Direct Routing

    Infrastructure requirements:

    Requires uninterrupted connection with Microsoft 365 Yes
    Available worldwide Yes
    Requires deploying and maintaining a supported session border controller (SBC) Yes
    Requires contract with third-party carrier* Yes

    *Unless deployed as an option to provide connection to third-party PBX, analog devices, or other voice equipment for users who are on Phone System with Calling Plans


    A Metrigy study found that 70% of organizations adopting MS Teams are using direct routing to connect to the PSTN
    Note: Complex organizations with varying needs can adopt all three options simultaneously.

    Avoid overpurchasing Microsoft telephony

    Microsoft telephony products on a page

    A diagram that shows Microsoft telephony products

    Pros:

    • The complete package: sole-sourcing your environment for simpler management
    • Users familiar with Microsoft will only have one place to go for telephony
    • You can bring your own provider and manage your own routing, giving you more choice
    • This can keep costs down as you do not have to pay for calling plan services
    • You can choose your own third-party solution while still taking advantage of the integrations that make Microsoft so attractive as a vendor

    Cons:

    • The most expensive option of the three
    • Less control and limited features compared to other pure-play telephony vendors
    • This service requires expertise in managing telephony infrastructure
    • Avoiding the cloud may introduce technical debt in the long term
    • You will have to manage integrations and deal with limited feature functionality (e.g. you may be able to receive inbound calls but not make outbound calls)

    Why does it matter?

    Phone System is Microsoft’s answer to the premises-based private branch exchange (PBX) functionality that has traditionally required a large capital expenditure. The cloud-based Phone System, offered with Microsoft’s highest tier of Microsoft/Office 365 licensing, allows Skype/Teams customers access to the following features (among others):

    • PSTN telephony (inbound and outbound)
    • Auto attendants (a menu system for callers to navigate your company directory)
    • Call forwarding, voice mail, and transferring
    • Caller ID
    • Shared lines
    • Common area phones

    Phone System, especially the Teams version, is a fully-featured telephony solution that integrates natively with a popular productivity solution. Phone System is worth exploring because many organizations already have Teams licenses.

    Key insights

    1. Don’t pay twice for the same service (unless you must). If you already have M/O365 E5 customer, Teams telephony can be a great way to save money and streamline your environment.
    2. Consider your approach to the telephony question. Microsoft incorporates telephony functionality into a broader collaboration suite. Other providers do the opposite. This reflects their relative strengths.
    3. Teams is a platform. You can use it as a front end for other telephone services. This might make sense if you have a preferred cloud PBX provider.

    Sources

    “Plan your Teams voice solution,” Microsoft, 2022.

    “Microsoft Calling Plans for Teams,” Microsoft, 2023.

    “Plan Direct Routing,” Microsoft, 2023.

    “Cisco vs. Microsoft Cloud Calling—Discussing the Options,” UC Today, 2022.

    “Microsoft Teams Phone Systems: 5 Deployment Options in 2020,” AeroCom, 2020.

    Contact Center and Teams integration

    Three Teams integration options

    If you want to use a certified and direct routing solution for Teams Phone, use the Connect model.

    If you want to use Azure bots and the Microsoft Graph Communication APIs that enable solution providers to create the Teams app, use the Extend model.

    If you want to use the SDK that enables solution providers to embed native Teams experiences in their App, use the Power model (under development).

    The Connect model features

    The Extend model features

    The Power model features (TBD)

    Office 365 authN for agents to connect to their MS tenant from their integrated CCaaS client

    Team graph APIs and Cloud Communication APIs for integration with Teams

    Goal: One app, one screen contact center experience

    Use Teams to see when agents are available

    Teams-based app for agent experience Chat and collaboration experience integrated with the Teams Client

    Goal: Adapt using software development kits (SDKs)

    Transfers and groups call support for Teams

    Teams as the primary calling endpoint for the agent

    Goal: One dashboard experience

    Teams Graph APIs and Cloud communication APIs for integration with Teams

    Teams' client calling for the all the call controls. Preserve performance & quality of Teams client experience

    Multi-tenant SIP trunking to support several customers on solution provider’s SBC

    Agent experience apps for both Teams web and mobile client

    Solution providers to use Microsoft certified session border controller (SBC)

    Analytics workflow management role-based experience for agents in the CaaS app in Teams

    Teams phone network assessment

    Useful tools for Microsoft network testing and Microsoft Teams site assessment

    Plan network basics

    • Does your network infrastructure have enough capacity? Consider switch ports, wireless access points, and other coverage.
    • If you use VLANs and DHCP, are your scopes sized accordingly?
    • Evaluate and test network paths from where devices are deployed to Microsoft 365.
    • Open the required firewall ports and URLs for Microsoft 365 as per guidance.
    • Review and test E911 requirements and configuration for location accuracy and compliance.
    • Avoid using a proxy server and optimize media paths for reliability and quality.

    What internet speed do I need for Teams calls?

    • Microsoft Teams uses about 1.2 Mbps for HD video calling (720p), 1.5 Mbps for 1080p, 500 kbps for standard quality video (360p). Group video requires about 1 Mbps, HD group video uses about 2 Mbps.

    Key physical considerations

    • Power: Do you have enough electrical outlets? If the device needs an external power source, how close can you position it to an outlet?
    • Device placement: Where will your device be located? Review desk stands, wall mounts, and other accessories from the original equipment manufacturer (OEM).
    • Security: Does your device need to be locked in certain spaces?
    • Accessibility: Does the device meet the accessibility requirements of its primary user? Consider where it's placed, wire length, and handset or headset usability.

    Prepare your organization's network for Microsoft Teams

    Plan your Teams voice solution

    Check your internet connection for Teams Phone System

    Teams Phone Mobile

    UCaaS Activity

    Questions that must be addressed by your business and the vendor. Site surveys and questionnaires for your assessment

    Activity: Questionnaire

    Input: Evaluate your current state, Network readiness
    Output: Decisions on readiness, Gaps in infrastructure readiness, Develop a project plan
    Materials: UCaaS Readiness Questionnaire
    Participants: Infrastructure Manager, Project Manager, Network Engineer, Voice Engineer

    As a group, read through the questions on Tabs 1 and 2 of the UCaaS Readiness Questionnaire workbook. The answers to the questions will determine if you have gaps to fill when determining your readiness to move forward on a UCaaS solution.

    You may produce additional questions during the session that pertain to your specific business and situation. Please add them to the questionnaire as needed.

    Record your answers to determine next steps and readiness.

    When assessing potential vendors, use Tab 3 to determine suitability for your organization and requirements. This section may be left to a later date when building a request for proposal (RFP).

    Call #1: Review client advisory deck and next steps.

    Call #2: Assess readiness from answers to the Tab 1 questions.

    Download the UCaaS Readiness Questionnaire here

    Critical Path – Teams with Phone System Deployment

    A diagram that shows Critical Path – Teams with Phone System Deployment

    Example Ltd.’s Communications Guide

    A diagram that shows Example Ltd.’s Communications Guide

    [Insert Organization Name]’s Communications Guide

    A diagram that shows [Insert Organization Name]’s Communications Guide

    Related Info-Tech Research

    Photo of Modernize Communications and Collaboration Infrastructure

    Modernize Communications and Collaboration Infrastructure

    Organizations are losing productivity from managing the limitations of yesterday’s technology. The business is changing and the current communications solution no longer adequately connects end users. A new communications and collaboration infrastructure is due to replace or update the legacy infrastructure in place today.

    Photo of Establish a Communication and Collaboration System Strategy

    Establish a Communication and Collaboration System Strategy

    Communication and collaboration portfolios are overburdened with redundant and overlapping services. Between Office 365, Slack, Jabber, and WebEx, IT is supporting a collection of redundant apps. This redundancy takes a toll on IT, and on the user.

    Photo of Implement a Transformative IVR Experience That Empowers Your Customers

    Implement a Transformative IVR Experience That Empowers Your Customers

    Learn the strategies that will allow you to develop an effective interactive voice response (IVR) framework that supports self-service and improves the customer experience.

    Bibliography

    “8 Security Considerations for UCaaS.” Tech Guidance, Feb. 2022. Accessed March 2023.

    “2022 UCaaS & CCaaS market trends snapshot.” Masergy, 2022. Web.

    “All-in-one cloud communications.” Avaya, 2023. Accessed April 2023. Web.

    Carter, Rebekah. “UC Case Study in Focus: Microsoft Teams and GroupM.” UC Today, 9 May 2022. Accessed Feb. 2023.

    “Cisco Unified Communications Manager Cloud (Cisco UCM Cloud) Data Sheet.” Cisco, 15 Sept. 2021. Accessed Jan. 2023.

    “Cloud Adoption as Viewed by European Companies: Assessing the Impact on Public, Hybrid and Private Cloud Communications.” Mitel, 2018. Web.

    De Guzman, Marianne. “Unified Communications Security: The Importance of UCaaS Encryption.” Fit Small Business, 13 Dec. 2022. Accessed March 2023.

    “Evolution of Unified Communications.” TrueConf, n.d. Accessed March 2023. Web.

    Froehlich, Andrew. “Choose between Microsoft Teams vs. Zoom for conference needs.” TechTarget, 7 May 2021. Accessed March 2023.

    Gerwig, Kate. “UCaaS explained: Guide to unified communications as a service.” TechTarget, 29 March 2022. Accessed Jan. 2023.

    Irei, Alissa. “Emerging UCaaS trends include workflow integrations and AI.” TechTarget, 21 Feb 2020. Accessed Feb. 2023.

    Kuch, Mike. “What Is Unified Communications as a Service (UCaaS)?” Avaya, 27 Dec. 2022. Accessed Jan. 2023.

    Lazar, Irwin. “UC vendors extend mobile telephony capabilities.” TechTarget, 10 Feb. 2023. Accessed Mar 2023.

    McCain, Abby. "30 Essential Hybrid Work Statistics [2023]: The Future of Work." Zippia, 20 Feb. 2023. Accessed Mar 2023.

    “Meet the modern CIO: What CEOs expect from their IT leaders.” Freshworks, 2019. Web.

    “A New Era of Workplace Communications: Will You Lead or Be Left Behind.” No Jitter, 2018. Web.

    Plumley, Mike, et al. “Microsoft Teams IT architecture and voice solutions posters.’” Microsoft Teams, Microsoft, 14 Feb. 2023. Accessed March 2023.

    Rowe, Carolyn, et al. “Plan your Teams voice solution” Microsoft Learn, Microsoft, 1 Oct. 2022.

    Rowe, Carolyn, et al. “Microsoft Calling Plans for Teams.” Microsoft Learn, Microsoft, 23 May 2023.

    Rowe, Carolyn, et al. “Plan Direct Routing.” Microsoft Learn, Microsoft, 20 Feb. 2023.

    Scott, Rob. “Cisco vs. Microsoft Cloud Calling—Discussing the Options,” UC Today, 21 April 2022.

    Smith, Mike. “Microsoft Teams Phone Systems: 5 Deployment Options in 2020.” YouTube, uploaded by AeroCom Inc, 23 Oct. 2020.

    “UCaaS - Getting Started With Unified Communications As A Service.” Cloudscape, 10 Nov. 2022. Accessed March 2023.

    “UCaaS Market Accelerating 29% per year; RingCentral, 8x8, Mitel, BroadSoft and Vonage Lead.” Synergy Research Group, 16 Oct. 2017. Web.

    “UCaaS Statistics – The Future of Remote Work.” UC Today, 21 April 2022. Accessed Feb. 2023.

    “Workplace Collaboration: 2021-22.” Metrigy, 27 Jan. 2021. Web.

    Adopt Generative AI in Solution Delivery

    • Buy Link or Shortcode: {j2store}146|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Delivery teams are under continuous pressure to deliver high value and quality solutions with limited capacity in complex business and technical environments. Common challenges experienced by these teams include:
      • Attracting and retaining talent
      • Maximizing the return on technology
      • Confidently shifting to digital
      • Addressing competing priorities
      • Fostering a collaborative culture
      • Creating high-throughput teams
    • Gen AI offers a unique opportunity to address many of these challenges.

    Our Advice

    Critical Insight

    • Your stakeholders' understanding of Gen AI, its value, and its application can be driven by hype and misinterpretation. This confusion can lead to unrealistic expectations and set the wrong precedent for the role Gen AI is intended to play.
    • Your SDLC is not well documented and is often executed inconsistently. An immature practice will not yield the benefits stakeholders expect.
    • The Gen AI marketplace is broad and diverse. Selecting the appropriate tools and partners is confusing and overwhelming.
    • There is a skills gap for what is needed to configure, adopt, and operate Gen AI.

    Impact and Result

    • Ground your Gen AI expectations. Set realistic and achievable goals centered on driving business value and efficiency across the entire SDLC by enabling Gen AI in key tasks and activities. Propose the SDLC as the ideal pilot for Gen AI.
    • Select the right Gen AI opportunities. Discuss how proven Gen AI capabilities can be applied to your solution delivery practice to achieve the outcomes and priorities stakeholders expect. Lessons learned sow the foundation for future Gen AI scaling.
    • Assess your Gen AI readiness in your solution delivery teams. Clarify the roles, processes, and tools needed for the implementation, use, and maintenance of Gen AI.

    Adopt Generative AI in Solution Delivery Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Adopt Generative AI in Solution Delivery Storyboard – A step-by-step guide that helps you assess whether Gen AI is right for your solution delivery practices.

    Gain an understanding of the potential opportunities that Gen AI can provide your solution delivery practices and answer the question "What should I do next?"

    • Adopt Generative AI in Solution Delivery Storyboard

    2. Gen AI Solution Delivery Readiness Assessment Tool – A tool to help you understand if your solution delivery practice is ready for Gen AI.

    Assess the readiness of your solution delivery team for Gen AI. This tool will ask several questions relating to your people, process, and technology, and recommend whether or not the team is ready to adopt Gen AI practices.

    • Gen AI Solution Delivery Readiness Assessment Tool
    [infographic]

    Further reading

    Adopt Generative AI in Solution Delivery

    Drive solution quality and team productivity with the right generative AI capabilities.

    Analyst Perspective

    Build the case for Gen AI with the right opportunities.

    Generative AI (Gen AI) presents unique opportunities to address many solution delivery challenges. Code generation can increase productivity, synthetic data generation can produce usable test data, and scanning tools can identify issues before they occur. To be successful, teams must be prepared to embrace the changes that Gen AI brings. Stakeholders must also give teams the opportunity to optimize their own processes and gauge the fit of Gen AI.

    Start small with the intent to learn. The right pilot initiative helps you learn the new technology and how it benefits your team without the headache of complex setups and lengthy training and onboarding. Look at your existing solution delivery tools to see what Gen AI capabilities are available and prioritize the use cases where Gen AI can be used out of the box.

    This is a picture of Andrew Kum-Seun

    Andrew Kum-Seun
    Research Director,
    Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Delivery teams are under continuous pressure to deliver high-value, high-quality solutions with limited capacity in complex business and technical environments. Common challenges experienced by these teams include:

    • Attracting and retaining talent
    • Maximizing the return on technology
    • Confidently shifting to digital
    • Addressing competing priorities
    • Fostering a collaborative culture
    • Creating high-throughput teams

    Generative AI (Gen AI) offers a unique opportunity to address many of these challenges.

    Common Obstacles

    • Your stakeholders' understanding of what is Gen AI, its value and its application, can be driven by hype and misinterpretation. This confusion can lead to unrealistic expectations and set the wrong precedent for the role Gen AI is intended to play.
    • Your solution delivery process is not well documented and is often executed inconsistently. An immature practice will not yield the benefits stakeholders expect.
    • The Gen AI marketplace is very broad and diverse. Selecting the appropriate tools and partners is confusing and overwhelming.
    • There is a skills gap for what is needed to configure, adopt, and operate Gen AI.

    Info-Tech's Approach

    • Ground your Gen AI expectations. Set realistic and achievable goals centered on driving business value and efficiency across the entire solution delivery process by enabling Gen AI in key tasks and activities. Propose this process as the ideal pilot for Gen AI.
    • Select the right Gen AI opportunities. Discuss how proven Gen AI capabilities can be applied to your solution delivery practice and achieve the outcomes and priorities stakeholders expect. Lessons learned sow the foundation for future Gen AI scaling.
    • Assess your Gen AI readiness in your solution delivery teams. Clarify the roles, processes, and tools needed for the implementation, use, and maintenance of Gen AI.

    Info-Tech Insight

    Position Gen AI as a tooling opportunity to enhance the productivity and depth of your solution delivery practice. Current Gen AI tools are unable to address the various technical and human complexities that commonly occur in solution delivery. Assess the fit of Gen AI by augmenting low-risk, out-of-the-box tools in key areas of your solution delivery process and teams.

    Insight Summary

    Overarching Info-Tech Insight

    Position Gen AI is a tooling opportunity to enhance the productivity and depth of your solution delivery practice. However, current Gen AI tools are unable to address the various technical and human complexities that commonly occur in solution delivery. Assess the fit of Gen AI by augmenting low-risk, out-of-the-box tools in key areas of your solution delivery process and teams.

    Understand and optimize first, automate with Gen AI later.
    Gen AI magnifies solution delivery inefficiencies and constraints. Adopt a user-centric perspective to understand your solution delivery teams' interactions with solution delivery tools and technologies to better replicate how they complete their tasks and overcome challenges.

    Enable before buy. Buy before build.
    Your solution delivery vendors see AI as a strategic priority in their product and service offering. Look into your existing toolset and see if you already have the capabilities. Otherwise, prioritize using off-the-shelf solutions with pre-trained Gen AI capabilities and templates.

    Innovate but don't experiment.
    Do not reinvent the wheel and lower your risk of success. Stick to the proven use cases to understand the value and fit of Gen AI tools and how your teams can transform the way they work. Use your lessons learned to discover scaling opportunities.

    Blueprint benefits

    IT benefits

    Business benefits

    • Select the Gen AI tools and capabilities that meet both the solution delivery practice and team goals, such as:
    • Improved team productivity and throughput.
    • Increased solution quality and value.
    • Greater team satisfaction.
    • Motivate stakeholder buy-in for the investment in solution delivery practice improvements.
    • Validate the fit and opportunities with Gen AI for future adoption in other IT departments.
    • Increase IT satisfaction by improving the throughput and speed of solution delivery.
    • Reduce the delivery and operational costs of enterprise products and services.
    • Use a pilot to demonstrate the fit and value of Gen AI capabilities and supporting practices across business and IT units.

    What is Gen AI?

    An image showing where Gen AI sits within the artificial intelligence.  It consists of four concentric circles.  They are labeled from outer-to-inner circle in the following order: Artificial Intelligence; Machine Learning; Deep Learning; Gen AI

    Generative AI (Gen AI)
    A form of ML whereby, in response to prompts, a Gen AI platform can generate new output based on the data it has been trained on. Depending on its foundational model, a Gen AI platform will provide different modalities and use case applications.

    Machine Learning (ML)
    The AI system is instructed to search for patterns in a data set and then make predictions based on that set. In this way, the system learns to provide accurate content over time. This requires a supervised intervention if the data is inaccurate. Deep learning is self-supervised and does not require intervention.

    Artificial Intelligence (AI)
    A field of computer science that focuses on building systems to imitate human behavior. Not all AI systems have learning behavior; many systems (such as customer service chatbots) operate on preset rules.

    Info-Tech Insight

    Many vendors have jumped on Gen AI as the latest marketing buzzword. When vendors claim to offer Gen AI functionality, pin down what exactly is generative about it. The solution must be able to induce new outputs from inputted data via self-supervision – not trained to produce certain outputs based on certain inputs.

    Augment your solution delivery teams with Gen AI

    Position Gen AI as a tooling opportunity to enhance the productivity and depth of your solution delivery practice. Current Gen AI tools are unable to address the various technical and human complexities that commonly occur in solution delivery; assess the fit of Gen AI by augmenting low-risk, out-of-the-box tools in key areas of your solution delivery process and teams.

    Solution Delivery Team

    Humans

    Gen AI Bots

    Product owner and decision maker
    Is accountable for the promised delivery of value to the organization.

    Business analyst and architect
    Articulates the requirements and aligns the team to the business and technical needs.

    Integrator and builder
    Implements the required solution.

    Collaborator
    Consults and supports the delivery.

    Administrator
    Performs common administrative tasks to ensure smooth running of the delivery toolchain and end-solutions.

    Designer and content creator
    Provides design and content support for common scenarios and approaches.

    Paired developer and tester
    Acts as a foil for existing developer or tester to ensure high quality output.

    System monitor and support
    Monitors and recommends remediation steps for operational issues that occur.

    Research deliverable

    This research is accompanied by a supporting deliverable to help you accomplish your goals.

    Gen AI Solution Delivery Readiness Assessment Tool

    Assess the readiness of your solution delivery team for Gen AI. This tool will ask several questions relating to your people, process, and technology, and recommend whether the team is ready to adopt Gen AI practices.

    This is a series of three screenshots from the Gen AI Solution Delivery Readiness Assessment Tool

    Step 1.1

    Set the context

    Activities

    1.1.1 Understand the challenges of your solution delivery teams.

    1.1.2 Outline the value you expect to gain from Gen AI.

    This step involves the following participants:

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Outcomes of this step

    • SWOT Analysis to help articulate the challenges facing your teams.
    • A Gen AI Canvas that will articulate the value you expect to gain.

    IT struggles to deliver solutions effectively

    • Lack of skills and resources
      Forty-six percent of respondents stated that it was very or somewhat difficult to attract, hire, and retain developers (GitLab, 2023; N=5,010).
    • Delayed software delivery
      Code development (37%), monitoring/observability (30%), deploying to non-production environments (30%), and testing (28%) were the top areas where software delivery teams or organizations encountered the most delays (GitLab, 2023, N=5,010).
    • Low solution quality and satisfaction
      Only 64% of applications were identified as effective by end users. Effective applications are identified as at least highly important and have high feature and usability satisfaction (Application Portfolio Assessment, August 2021 to July 2022; N=315).
    • Burnt out teams
      While workplace flexibility comes with many benefits, longer work hours jeopardize wellbeing. Sixty-two percent of organizations reported increased working hours, while 80% reported an increase in flexibility ("2022 HR Trends Report," McLean & Company, 2022; N=394) .

    Creating high-throughput teams is an organizational priority.

    CXOs ranked "optimize IT service delivery" as the second highest priority. "Achieve IT business" was ranked first.

    (CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568)

    1.1.1 Understand the challenges of your solution delivery teams

    1-3 hours

    1. Complete a SWOT analysis of your solution delivery team to discover areas where Gen AI can be applied.
    2. Record this information in the Gen AI Solution Delivery Readiness Assessment Tool.

    Strengths

    Internal characteristics that are favorable as they relate to solution delivery

    Weaknesses

    Internal characteristics that are unfavorable or need improvement

    Opportunities

    External characteristics that you may use to your advantage

    Threats

    External characteristics that may be potential sources of failure or risk

    Record the results in the Gen AI Solution Delivery Readiness Assessment Tool

    Output

    • SWOT analysis of current state of solution delivery practice

    Participants

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Gen AI can help solve your solution delivery challenges

    Why is software delivery an ideal pilot candidate for Gen AI?

    • Many software delivery practices are repeatable and standardized.
    • Software delivery roles that are using and implementing Gen AI are technically savvy.
    • Automation is a staple in many commonly used tools.
    • Change will likely not impact business operations.

    Improved productivity

    Gen AI jumpstarts the most laborious and mundane parts of software delivery. Delivery teams saved 22 hours (avg) per software use case when using AI in 2022, compared to last year when AI was not used ("Generative AI Speeds Up Software Development," PRNewswire, 2023).

    Fungible resources

    Teams are transferrable across different frameworks, platforms, and products. Gen AI provides the structure and guidance needed to work across a wider range of projects ("Game changer: The startling power generative AI is bringing to software development," KPMG, 2023).

    Improved solution quality

    Solution delivery artifacts (e.g. code) are automatically scanned to quickly identify bugs and defects based on recent activities and trends and validate against current system performance and capacity.

    Business empowerment

    AI enhances the application functionalities workers can build with low- and no-code platforms. In fact, "AI high performers are 1.6 times more likely than other organizations to engage non-technical employees in creating AI applications" ("The state of AI in 2022 — and a half decade in review." McKinsey, 2022, N=1,492).

    However, various fears, uncertainties, and doubts challenge Gen AI adoption

    Black Box

    Little transparency is provided on the tool's rationale behind content creation, decision making, and the use and storage of training data, creating risks for legal, security, intellectual property, and other areas.

    Role Replacement

    Some workers have job security concerns despite Gen AI being bound to their rule-based logic framework, the quality of their training data, and patterns of consistent behavior.

    Skills Gaps

    Teams need to gain expertise in AI/ML techniques, training data preparation, and continuous tooling improvements to support effective Gen AI adoption across the delivery practice and ensure reliable operations.

    Data Inaccuracy

    Significant good quality data is needed to build trust in the applicability and reliability of Gen AI recommendations and outputs. Teams must be able to combine Gen AI insights with human judgment to generate the right outcome.

    Slow Delivery of AI Solution

    Timelines are sensitive to organizational maturity, experience with Gen AI, and investments in good data management practices. 65% of organizations said it took more than three months to deploy an enterprise-ready AIOps solution (OpsRamp, 2022).

    Define the value you want Gen AI to deliver

    Well-optimized Gen AI instills stakeholder confidence in ongoing business value delivery and ensures stakeholder buy-in, provided proper expectations are set and met. However, business value is not interpreted or prioritized the same across the organization. Come to a common business value definition to drive change in the right direction by balancing the needs of the individual, team, and organization.

    Business value cannot always be represented by revenue or reduced expenses. Dissecting value by the benefit type and the value source's orientation allows you to see the many ways in which Gen AI brings value to the organization.

    Financial benefits vs. intrinsic needs

    • Financial benefits refers to the degree to which the value source can be measured through monetary metrics, such as revenue generation and cost saving.
    • Intrinsic needs refers to how a product, service, or business capability enhanced with Gen AI meets functional, user experience, and existential needs.

    Inward vs. outward orientation

    • Inward refers to value sources that are internally impacted by Gen AI and improve your employees' and teams' effectiveness in performing their responsibilities.
    • Outward refers to value sources that come from your interaction with external stakeholders and customers and were improved from using Gen AI.

    See our Build a Value Measurement Framework blueprint for more information about business value definition.

    An image of the Business Value Matrix for Gen AI

    Measure success with the right metrics

    Establishing and monitoring metrics are powerful ways to drive behavior and strategic changes in your organization. Determine the right measures that demonstrate the value of your Gen AI implementation by aligning them with your Gen AI objectives, business value drivers, and non-functional requirements.

    Select metrics with different views

    1. Solution delivery practice effectiveness
      The ability of your practice to deliver, support, and operate solutions with Gen AI
      Examples: Solution quality and throughput, delivery and operational costs, number of defects and issues, and system quality
    2. Solution quality and value
      The outcome of your solutions delivered with Gen AI tools
      Examples: Time and money saved, utilization of products and services, speed of process execution, number of errors, and compliance with standards
    3. Gen AI journey goals and milestones
      Your organization's position in your Gen AI journey
      Examples: Maturity score, scope of Gen AI adoption, comfort and
      confidence with Gen AI capabilities, and complexity of Gen AI use cases

    Leverage Info-Tech's Diagnostics

    IT Management & Governance

    • Improvement to application development quality and throughput effectiveness
    • Increased importance of application delivery and maintenance capabilities across the IT organization
    • Delegation of delivery accountability across more IT roles

    CIO Business Vision

    • Improvements to IT satisfaction and value from delivered solutions
    • Changes to the value and importance of IT core services enabled with Gen AI
    • The state of business and IT relationships
    • Capability to deliver and support Gen AI effectively

    1.1.2 Outline the value you expect to gain from Gen AI

    1-3 hours

    1. Complete the following fields to build your Gen AI canvas:
      1. Problem that Gen AI is intending to solve
      2. List of stakeholders
      3. Desired business and IT outcomes
      4. In-scope solution delivery teams, systems, and capabilities.
    2. Record this information in the Gen AI Solution Delivery Readiness Assessment Tool.

    Output

    • Gen AI Canvas

    Participants

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Record the results in the Gen AI Solution Delivery Readiness Assessment Tool

    1.1.2 Example

    Example of an outline of the value you expect to gain from Gen AI

    Problem statements

    • Manual testing procedures hinder pace and quality of delivery.
    • Inaccurate requirement documentation leads to constant redesigning.

    Business and IT outcomes

    • Improve code quality and performance.
    • Expedite solution delivery cycle.
    • Improve collaboration between teams and reduce friction.

    List of stakeholders

    • Testing team
    • Application director
    • CIO
    • Design team
    • Project manager
    • Business analysts

    In-scope solution delivery teams, system, and capabilities

    • Web
    • Development
    • App development
    • Testing
    • Quality assurance
    • Business analysts
    • UI/UX design

    Align your objectives to the broader AI strategy

    Why is an organizational AI strategy important for Gen AI?

    • All Gen AI tactics and capabilities are designed, delivered, and managed to support a consistent interpretation of the broader AI vision and goals.
    • An organizational strategy gives clear understanding of the sprawl, criticality, and risks of Gen AI solutions and applications to other IT capabilities dependent on AI.
    • Gen AI initiatives are planned, prioritized, and coordinated alongside other software delivery practice optimizations and technology modernization initiatives.
    • Resources, skills, and capacities are strategically allocated to meet the needs of Gen AI considering other commitments in the software delivery optimization backlog and roadmap.
    • Gen AI expectations and practices uphold the persona, values, and principles of the software delivery team.

    What is an AI strategy?

    An AI strategy details the direction, activities, and tactics to deliver on the promise of your AI portfolio. It often includes:

    • AI vision and goals
    • Application, automation, and process portfolio involved or impacted by AI
    • Values and principles
    • Health of your AI portfolio
    • Risks and constraints
    • Strategic roadmap

    Step 1.2

    Evaluate opportunities for Gen AI

    Activities

    1.2.1 Align Gen AI opportunities with teams and capabilities.

    This step involves the following participants:

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Outcomes of this step

    • Understand the Gen AI opportunities for your solution delivery practice.

    Learn how Gen AI is employed in solution delivery

    Gen AI opportunity Common Gen AI tools and vendors Teams than can benefit How can teams leverage this? Case study
    Synthetic data generation
    • Testing
    • Data Analysts
    • Privacy and Security
    • Create test datasets
    • Replace sensitive personal data

    How Unity Leverages Synthetic Data

    Code generation
    • Development
    • Testing
    • Code Templates & Boilerplate
    • Code Refactoring

    How CI&T accelerated development by 11%

    Defect forecasting and debugging
    • Project Manager & Quality Assurance
    • Development
    • Testing
    • Identify root cause
    • Static and dynamic code analysis
    • Debugging assistance

    Altran Uses Microsoft Code Defect AI Solution

    Requirements documentation and elicitation
    • Business Analysts
    • Development
    • Document functional requirements
    • Writing test cases

    Google collaborates with Replit to reduce time to bring new products to market by 30%

    UI design and prototyping
    • UI/UX Design
    • Development
    • Deployment
    • Rapid prototyping
    • Design assistance

    How Spotify is Upleveling Their Entire Design Team

    Other common AI opportunities solutions include test case generation, code translation, use case creation, document generation, and automated testing.

    Opportunity 1: Synthetic data generation

    Create artificial data that mimics the structure of real-life data.

    What are the expected benefits?

    • Availability of test data: Creation of large volumes of data compatible for testing multiple systems within the organization.
    • Improved privacy: Substituting real data with artificial leads to reduced data leaks.
    • Quicker data provisioning: Automated generation of workable datasets aligned to company policies.

    What are the notable risks and challenges?

    • Generalization and misrepresentations: Data models used in synthetic data generation may not be an accurate representation of production data because of potentially conflicting definitions, omission of dependencies, and multiple sources of truth.
    • Lack of accurate representation: It is difficult for synthetic data to fully capture real-world data nuances.
    • Legal complexities: Data to build and train the Gen AI tool does not comply with data residency and management standards and regulations.

    How should teams prepare for synthetic data generation?

    It can be used:

    • To train machine learning models when there is not enough real data, or the existing data does not meet specific needs.
    • To improve quality of test by using data that closely resembles production without the risk of leveraging sensitive and private information.

    "We can simply say that the total addressable market of synthetic data and the total addressable market of data will converge,"
    Ofir Zuk, CEO, Datagen (Forbes, 2022)

    Opportunity 2: Code generation

    Learn patterns and automatically generate code.

    What are the expected benefits?

    • Increased productivity: It allows developers to generate more code quickly.
    • Improved code consistency: Code is generated using a standardized model and lessons learnt from successful projects.
    • Rapid prototyping: Expedite development of a working prototype to be verified and validated.

    What are the notable risks and challenges?

    • Limited contextual understanding: AI may lack domain-specific knowledge or understanding of requirements.
    • Dependency: Overreliance on AI generated codes can affect developers' creativity.
    • Quality concerns: Generated code is untested and its alignment to coding and quality standards is unclear.

    How should teams prepare for code generation?

    It can be used to:

    • Build solutions without the technical expertise of traditional development.
    • Discover different solutions to address coding challenges.
    • Kickstart new development projects with prebuilt code.

    According to a survey conducted by Microsoft's GitHub, a staggering 92% of programmers were reported as using AI tools in their workflow (GitHub, 2023).

    Opportunity 3: Defect forecasting & debugging

    Predict and proactively address defects before they occur.

    What are the expected benefits?

    • Reduced maintenance cost: Find defects earlier in the delivery process, when it's cheaper to fix them.
    • Increased efficiency: Testing efforts can remain focused on critical and complex areas of solution.
    • Reduced risk: Find critical defects before the product is deployed to production.

    What are the notable risks and challenges?

    • False positives and negatives: Incorrect interpretation and scope of defect due to inadequate training of the Gen AI model.
    • Inadequate training: Training data does not reflect the complexity of the solutions code.
    • Not incorporating feedback: Gen AI models are not retrained in concert with solution changes.

    How should teams prepare for defect forecasting and debugging?

    It can be used to:

    • Perform static and dynamic code analysis to find vulnerabilities in the solution source code.
    • Forecast potential issues of a solution based on previous projects and industry trends.
    • Find root cause and suggest solutions to address found defects.

    Using AI technologies, developers can reduce the time taken to debug and test code by up to 70%, allowing them to finish projects faster and with greater accuracy (Aloa, 2023).

    Opportunity 4: Requirements documentation & elicitation

    Capturing, documenting, and analyzing function and nonfunctional requirements.

    What are the expected benefits?

    • Improve quality of requirements: Obtain different perspectives and contexts for the problem at hand and help identify ambiguities and misinterpretation of risks and stakeholder expectation.
    • Increased savings: Fewer resources are consumed in requirements elicitation activities.
    • Increased delivery confidence: Provide sufficient information for the solution delivery team to confidently estimate and commit to the delivery of the requirement.

    What are the notable risks and challenges?

    • Conflicting bias: Gen AI models may interpret the problem differently than how the stakeholders perceive it.
    • Organization-specific interpretation: Inability of the Gen AI models to accommodate unique interpretation of terminologies, standards, trends and scenarios.
    • Validation and review: Interpreting extracted insights requires human validation.

    How should teams prepare for requirements documentation & elicitation?

    It can be used to:

    • Document requirements in a clear and concise manner that is usable to the solution delivery team.
    • Analyze and test requirements against various user, business, and technical scenarios.

    91% of top businesses surveyed report having an ongoing investment in AI (NewVantage Partners, 2021).

    Opportunity 5: UI design and prototyping

    Analyze existing patterns and principles to generate design, layouts, and working solutions.

    What are the expected benefits?

    • Increased experimentation: Explore different approaches and tactics to solve a solution delivery problem.
    • Improved collaboration: Provide quick design layouts that can be reshaped based on stakeholder feedback.
    • Ensure design consistency: Enforce a UI/UX design standard for all solutions.

    What are the notable risks and challenges?

    • Misinterpretation of UX Requirements: Gen AI model incorrectly assumes a specific interpretation of user needs, behaviors, and problem.
    • Incorrect or missing requirements: Lead to extensive redesigns and iterations, adding to costs while hampering user experience.
    • Design creativity: May lack originality and specific brand aesthetics if not augmented well with human customizability and creativity.

    How should teams prepare for UI design and prototyping?

    It can be used to:

    • Visualize the solution through different views and perspectives such as process flows and use-case diagrams.
    • Create working prototypes that can be verified and validated by stakeholders and end users.

    A study by McKinsey & Company found that companies that invest in AI-driven design outperform their peers in revenue growth and customer experience metrics. They were found to achieve up to two times higher revenue growth than industry peers and up to 10% higher net promoter score (McKinsey & Company, 2018).

    Determine the importance of your opportunities by answering these questions

    Realizing the complete potential of Gen AI relies on effectively fostering its adoption and resulting changes throughout the entire solution delivery process.

    What are the challenges faced by your delivery teams that could be addressed by Gen AI?

    • Recognize the precise pain points, bottlenecks, or inefficiencies faced by delivery teams.
    • Include all stakeholders' perspectives during problem discovery and root cause analysis.

    What's holding back Gen AI adoption in the organization?

    • Apart from technical barriers, address cultural and organizational challenges and discuss how organizational change management strategies can mitigate Gen AI adoption risk.

    Are your objectives aligned with Gen AI capabilities?

    • Identify areas where processes can be modernized and streamlined with automation.
    • Evaluate the current capabilities and resources available within the organization to leverage Gen AI technologies effectively.

    How can Gen AI improve the entire solution delivery process?

    • Investigate and evaluate the improvements Gen AI can reasonably deliver, such as increased accuracy, quickened delivery cycles, improved code quality, or enhanced cross-functional collaboration.

    1.2.1 Align Gen AI opportunities to teams and capabilities

    1-3 hours

    1. Associate the Gen AI opportunities that can be linked to your system capabilities. These opportunities refer to the potential applications of generative AI techniques, such as code generation or synthetic data, to address specific challenges.
      1. Start by analyzing your system's requirements, constraints, and areas where Gen AI techniques can bring value. Identify the potential benefits of integrating Gen AI, such as increased productivity, or enhanced creativity.
      2. Next, discern potential risks or challenges, such as dependency or quality concerns, associated with the opportunity implementation.
    2. Record this information in the Gen AI Solution Delivery Readiness Assessment Tool.

    Output

    • Gen AI opportunity selection

    Participants

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Record the results in the Gen AI Solution Delivery Readiness Assessment Tool

    Keep an eye out for red flags

    Not all Gen AI opportunities are delivered and adopted the same. Some present a bigger risk than others.

    • Establishing vague targets and success criteria
    • Defining Gen AI as substitution of human capital
    • Open-source software not widely adopted or validated
    • High level of dependency on automation
    • Unadaptable cross-functional training across organization
    • Overlooking privacy, security, legal, and ethical implications
    • Lack of Gen AI expertise and understanding of good practices

    Step 1.3

    Assess your readiness for Gen AI

    Activities

    1.3.1 Assess your readiness for Gen AI.

    This step involves the following participants:

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Outcomes of this step

    • A completed Gen AI Readiness Assessment to confirm how prepared you are to embrace Gen AI in your solution delivery team.

    Prepare your SDLC* to leverage Gen AI

    As organizations evolve and adopt more tools and technology, their solution delivery processes become more complex. Process improvement is needed to simplify complex and undocumented software delivery activities and artifacts and prepare it for Gen AI. Gen AI scales process throughput and output quantity, but it multiplies the negative impact of problems the process already has.

    When is your process ready for Gen AI?

    • Solution value Ensures the accuracy and alignment of the committed feature and change requests to what the stakeholder truly expects and receives.
    • ThroughputDelivers new products, enhancements, and changes at a pace and frequency satisfactory to stakeholder expectations and meets delivery commitments.
    • Process governance Has clear ownership and appropriate standardization. The roles, activities, tasks, and technologies are documented and defined. At each stage of the process someone is responsible and accountable.
    • Process management Follows a set of development frameworks, good practices, and standards to ensure the solution and relevant artifacts are built, tested, and delivered consistently and repeatably.
    • Technical quality assurance – Accommodates committed non-functional requirements within the stage's outputs to ensure products meet technical excellence expectations.

    *software development lifecycle

    To learn more, visit Info-Tech's Modernize Your SDLC blueprint.

    To learn more, visit Info-Tech's Build a Winning Business Process Automation Playbook

    Assess the impacts from Gen AI changes

    Ensure that no stone is left unturned as you evaluate the fit of Gen AI and prepare your adoption and support plans.

    By shining a light on considerations that might have otherwise escaped planners and decision makers, an impact analysis is an essential component to Gen AI success. This analysis should answer the following questions on the impact to your solution delivery teams.

    1. Will the change impact how our clients/customers receive, consume, or engage with our products/services?
    2. Will there be an increase in operational costs, and a change to compensation and/or rewards?
    3. Will this change increase the workload and alter staffing levels?
    4. Will the vision or mission of the team change?
    5. Will a new or different set of skills be needed?
    6. Will the change span multiple locations/time zones?
    7. Are multiple products/services impacted by this change?
    8. Will the workflow and approvals be changed, and will there be a substantial change to scheduling and logistics?
    9. Will the tools of the team be substantially different?
    10. Will there be a change in reporting relationships?

    See our Master Organizational Change Management Practices blueprint for more information.

    Brace for impact

    A thorough analysis of change impacts will help your software delivery teams and change leaders:

    • Bypass avoidable problems.
    • Remove non-fixed barriers to success.
    • Acknowledge and minimize the impact of unavoidable barriers.
    • Identify and leverage potential benefits.
    • Measure the success of the change.

    Many key IT capabilities are required to successfully leverage Gen AI

    Portfolio Management

    An accurate and rationalized inventory of all Gen AI tools verifies they support the goals and abide to the usage policies of the broader delivery practice. This becomes critical when tooling is updated frequently and licenses and open- source community principles drastically change (e.g. after an acquisition).

    Quality Assurance

    Gen AI tools are routinely verified and validated to ensure outcomes are accurate, complete, and aligned to solution delivery quality standards. Models are retrained using lessons learned, new use cases, and updated training data.

    Security & Access Management

    Externally developed and trained Gen AI models may not include the measures, controls, and tactics you need to prevent vulnerabilities and protect against threats that are critical in your security frameworks, policies, and standards.

    Data Management & Governance

    All solution delivery data and artifacts can be transformed and consumed in various ways as they transit through solution delivery and Gen AI tools. Data integrations, structures, and definitions must be well-defined, governed, and monitored.

    OPERATIONAL SUPPORT

    Resources are available to support the ongoing operations of the Gen AI tool, including infrastructure, preparing training data, and managing integration with other tools. They are also prepared to recover backups, roll back, and execute recovery plans at a moment's notice.

    Apply Gen AI good practices in your solution delivery practice

    1. Keep the human in the loop.
      Gen AI models cannot produce high-quality content with 100% confidence. Keeping the human in the loop allows people to directly give feedback to the model to improve output quality.
    2. Strengthen prompt and query engineering.
      The value of the outcome is dependent on what is being asked. Good prompts and queries focus on creating the optimal input by selecting and phrasing the appropriate words, sentence structures, and punctuation to illustrate the focus, scope, problem, and boundaries.
    3. Thoughtfully prepare your training data.
      Externally hosted Gen AI tools may store your training data in their systems or use it to train their other models. Intellectual property and sensitive data can leak into third-party systems and AI models if it is not properly masked and sanitized.
    4. Build guardrails into your Gen AI models.
      Guardrails can limit the variability of any misleading Gen AI responses by defining the scope and bounds of the response, enforcing the policies of its use, and clarifying the context of its response.
    5. Monitor your operational costs.
      The cost breakdown will vary among the types of Gen AI solution and the vendor offerings. Cost per query, consultant fees, infrastructure hosting, and licensing costs are just a few cost factors. Open source can be an attractive cost-saving option, but you must be willing to invest in the roles to assume traditional vendor accountabilities.
    6. Check the licenses of your Gen AI tool.
      Each platform has licenses and agreements on how their solution can or cannot be used. They limit your ability to use the tool for commercial purposes or reproductions or may require you to purchase and maintain a specific license to use their solution and materials.

    See Build Your Generative AI Roadmap for more information.

    Assess your Gen AI readiness

    • Solution delivery team
      The team is educated on Gen AI, its use cases, and the tools that enable it. They have the skills and capacity to implement, create, and manage Gen AI.
    • Solution delivery process and tools
      The solution delivery process is documented, repeatable, and optimized to use Gen AI effectively. Delivery tools are configured to enable, leverage and manage Gen AI assets to improve their performance and efficiency.
    • Solution delivery artifacts
      Delivery artifacts (e.g. code, scripts, documents) that will be used to train and be leveraged by Gen AI tools are discoverable, accurate, complete, standardized, of sufficient quantity, optimized for Gen AI use, and stored in an accessible shared central repository.
    • Governance
      Defined policies, role definitions, guidelines, and processes that guide the implementation, development, operations, and management of Gen AI.
    • Vision and executive support
      Clear alignment of Gen AI direction, ambition, and objectives with broader business and IT priorities. Stakeholders support the Gen AI initiative and allocate human and financial resources for its implementation within the solution delivery team.
    • Operational support
      The capabilities to manage the Gen AI tools and ensure they support the growing needs of the solution delivery practice, such as security management, hosting infrastructure, risk and change management, and data and application integration.

    1.3.1 Assess your readiness for Gen AI

    1-3 hours

    1. Review the current state of your solution delivery teams including their capacity, skills and knowledge, delivery practices, and tools and technologies.
    2. Determine the readiness of your team to adopt Gen AI.
    3. Discuss the gaps that need to be filled to be successful with Gen AI.
    4. Record this information in the Gen AI Solution Delivery Readiness Assessment Tool.

    Record the results in the Gen AI Solution Delivery Readiness Assessment Tool

    Output

    • Gen AI Solution Delivery Readiness Assessment

    Participants

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Recognize that Gen AI does not require a fully optimized solution delivery process

    1. Consideration; 2. Exploration; 3. Incorporation; 4. Proliferation; 5. Optimization.  Steps 3-5 are Recommended maturity levels to properly embrace Gen AI.

    To learn more, visit Info-Tech's Develop Your Value-First Business Process Automation (BPA) Strategy.

    Be prepared to take the next steps

    Deliver Gen AI to your solution delivery teams

    Modernize Your SDLC
    Efficient and effective SDLC practices are vital, as products need to readily adjust to evolving and changing business needs and technologies.

    Adopt Generative AI in Solution Delivery
    Generative AI can drive productivity and solution quality gains to your solution delivery teams. Level set expectations with the right use case to demonstrate its value potential.

    Select Your AI Vendor & Implementation Partner
    The right vendor and partner are critical for success. Build the selection criteria to shortlist the products and services that best meets the current and future needs of your teams.

    Drive Business Value With Off-the-Shelf AI
    Build a framework that will guide your teams through the selection of an off-the-shelf AI tool with a clear definition of the business case and preparations for successful adoption.

    Build Your Enterprise Application Implementation Playbook
    Your Gen AI implementation doesn't start with technology, but with an effective plan that your team supports and is aligned to broader stakeholder and sponsor priorities and goals.

    Build your Gen AI practice

    • Get Started With AI
    • AI Strategy & Generative AI Roadmap
    • AI Governance

    Related Info-Tech Research

    Build a Winning Business Process Automation Playbook
    Optimize and automate your business processes with a user-centric approach.

    Embrace Business Managed Applications
    Empower the business to implement their own applications with a trusted business-IT relationship.

    Application Portfolio Management Foundations
    Ensure your application portfolio delivers the best possible return on investment.

    Maximize the Benefits from Enterprise Applications with a Center of Excellence
    Optimize your organization's enterprise application capabilities with a refined and scalable methodology.

    Create an Architecture for AI
    Build your target state architecture from predefined best-practice building blocks.

    Deliver on Your Digital Product Vision
    Build a product vision your organization can take from strategy through execution.

    Enhance Your Solution Architecture Practices
    Ensure your software systems solution is architected to reflect stakeholders' short- and long-term needs.

    Apply Design Thinking to Build Empathy With the Business
    Use design thinking and journey mapping to make IT the business' go-to problem solver.

    Modernize Your SDLC
    Deliver quality software faster with new tools and practices.

    Drive Business Value With Off-the-Shelf AI
    A practical guide to ensure return on your off-the-shelf AI investment.

    Bibliography

    "Altran Helps Developers Write Better Code Faster with Azure AI." Microsoft, 2020.
    "Apply Design Thinking to Complex Teams, Problems, and Organizations." IBM, 2021.
    Bianca. "Unleashing the Power of AI in Code Generation: 10 Applications You Need to Know — AITechTrend." AITechTrend, 16 May 2023.
    Biggs, John. "Deep Code Cleans Your Code with the Power of AI." TechCrunch, 26 Apr 2018.
    "Chat GPT as a Tool for Business Analysis — the Brazilian BA." The Brazilian BA, 24 Jan 2023.
    Davenport, Thomas, and Randy Bean. "Big Data and AI Executive Survey 2019." New Vantage Partners, 2019.
    Davenport, Thomas, and Randy Bean. "Big Data and AI Executive Survey 2021." New Vantage Partners, 2021.
    Das, Tamal. "9 Best AI-Powered Code Completion for Productive Development." Geek flare, 5 Apr 2023.
    Gondrezick, Ilya. "Council Post: How AI Can Transform the Software Engineering Process." Forbes, 24 Apr 2020.
    "Generative AI Speeds up Software Development: Compass UOL Study." PR Newswire, 29 Mar 2023.
    "GitLab 2023 Global Develops Report Series." Gitlab, 2023.
    "Game Changer: The Startling Power Generative AI Is Bringing to Software Development." KPMG, 30 Jan 2023.
    "How AI Can Help with Requirements Analysis Tools." TechTarget, 28 July 2020.
    Indra lingam, Ashanta. "How Spotify Is Upleveling Their Entire Design Team." Framer, 2019.
    Ingle, Prathamesh. "Top Artificial Intelligence (AI) Tools That Can Generate Code to Help Programmers." Matchcoat, 1 Jan 2023.
    Kaur, Jagreet . "AI in Requirements Management | Benefits and Its Processes." Xenon Stack, 13 June 2023.
    Lange, Danny. "Game On: How Unity Is Extending the Power of Synthetic Data beyond the Gaming Industry." CIO, 17 Dec 2020.
    Lin, Ying. "10 Artificial Intelligence Statistics You Need to Know in 2020." OBERLO, 17 Mar. 2023.
    Mauran, Cecily. "Whoops, Samsung Workers Accidentally Leaked Trade Secrets via ChatGPT." Mashable, 6 Apr 2023.

    CIO Priorities 2022

    • Buy Link or Shortcode: {j2store}328|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $31,499 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Understand how to respond to trends affecting your organization.
    • Determine your priorities based on current state and relevant internal factors.
    • Assign the right amount of resources to accomplish your vision.
    • Consider what new challenges outside of your control will demand a response.

    Our Advice

    Critical Insight

    A priority is created when external factors hold strong synergy with internal goals and an organization responds by committing resources to either avert risk or seize opportunity. These are the priorities identified in the report:

    1. Reduce Friction in the Hybrid Operating Model
    2. Improve Your Ransomware Readiness
    3. Support an Employee-Centric Retention Strategy
    4. Design an Automation Platform
    5. Prepare to Report on New Environmental, Social, and Governance Metrics

    Impact and Result

    Update your strategic roadmap to include priorities that are critical and relevant for your organization based on a balance of external and internal factors.

    CIO Priorities 2022 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. CIO Priorities 2022 – A report on the key priorities for competing in the digital economy.

    Discover Info-Tech’s five priorities for CIOs in 2022.

    • CIO Priorities Report for 2022

    2. Listen to the podcast series

    Hear directly from our contributing experts as they discuss their case studies with Brian Jackson.

    • Frictionless hybrid working: How the Harvard Business School did it
    • Close call with ransomware: A CIO recounts a near security nightmare
    • How a financial services company dodged "The Great Resignation"
    • How Allianz took a blockchain platform from pilot to 1 million transactions
    • CVS Health chairman David Dorman on healthcare's hybrid future

    Infographic

    Further reading

    CIO Priorities 2022

    A jumble of business-related words. Info-Tech’s 2022 Tech Trends survey asked CIOs for their top three priorities. Cluster analysis of their open-ended responses shows four key themes:
    1. Business process improvements
    2. Digital transformation or modernization
    3. Security
    4. Supporting revenue growth or recovery

    Info-Tech’s annual CIO priorities are formed from proprietary primary data and consultation with our internal experts with CIO stature

    2022 Tech Trends Survey CIO Demographic N=123

    Info-Tech’s Tech Trends 2022 survey was conducted between August and September 2021 and collected a total of 475 responses from IT decision makers, 123 of which were at the C-level. Fourteen countries and 16 industries are represented in the survey.

    2022 IT Talent Trends Survey CIO Demographic N=44

    Info-Tech’s IT Talent Trends 2022 survey was conducted between September and October 2021 and collected a total of 245 responses from IT decision makers, 44 of which were at the C-level. A broad range of countries from around the world are represented in the survey.

    Internal CIO Panels’ 125 Years Of Combined C-Level IT Experience

    Panels of former CIOs at Info-Tech focused on interpreting tech trends data and relating it to client experiences. Panels were conducted between November 2021 and January 2022.

    CEO-CIO Alignment Survey Benchmark Completed By 107 Different Organizations

    Info-Tech’s CEO-CIO Alignment program helps CIOs align with their supervisors by asking the right questions to ensure that IT stays on the right path. It determines how IT can best support the business’ top priorities and address the gaps in your strategy. In 2021, the benchmark was formed by 107 different organizations.

    Build IT alignment

    IT Management & Governance Diagnostic Benchmark Completed By 320 Different Organizations

    Info-Tech’s Management and Governance Diagnostic helps IT departments assess their strengths and weaknesses, prioritize their processes and build an improvement roadmap, and establish clear ownership of IT processes. In 2021, the benchmark was formed by data from 320 different organizations.

    Assess your IT processes

    The CIO priorities are informed by Info-Tech’s trends research reports and surveys

    Priority: “The fact or condition of being regarded or treated as more important than others.” (Lexico/Oxford)

    Trend: “A general direction in which something is developing or changing.” (Lexico/Oxford)

    A sequence of processes beginning with 'Sensing', 'Hypothesis', 'Validation', and ending with 'Trends, 'Priorities'. Under Sensing is Technology Research, Interviews & Insights, Gathering, and PESTLE. Under Hypothesis is Near-Future Probabilities, Identify Patterns, Identify Uncertainties, and Identify Human Benefits. Under Validation is Test Hypothesis, Case Studies, and Data-Driven Insights. Under Trends is Technology, Talent, and Industry. Under Priorities is CIO, Applications, Infrastructure, and Security.

    Visit Info-Tech’s Trends & Priorities Research Center

    Image called 'Defining the CIO Priorities for 2022'. Image shows 4 columns, Implications, Resource Investment, Amplifiers, and Actions and Outcomes, with 2 dotted lines, labeled External Context and Internal Context, running through all 4 columns and leading to bottom-right label called CIO Priorities Formed

    The Five Priorities

    Priorities to compete in the digital economy

    1. Reduce Friction in the Hybrid Operating Model
    2. Improve Your Ransomware Readiness
    3. Support an Employee-Centric Retention Strategy
    4. Design an Automation Platform
    5. Prepare to Report on New Environmental, Social, and Governance Metrics

    Reduce friction in the hybrid operating model

    Priority 01 | APO07 Human Resources Management

    Deliver solutions that create equity between remote workers and office workers and make collaboration a joy.

    Hybrid work is here to stay

    CIOs must deal with new pain points related to friction of collaboration

    In 2020, CIOs adapted to the pandemic’s disruption to offices by investing in capabilities to enable remote work. With restrictions on gathering in offices, even digital laggards had to shift to an all-remote work model for non-essential workers.

    Most popular technologies already invested in to facilitate better collaboration

    • 24% Web Conferencing
    • 23% Instant Messaging
    • 20% Document Collaboration

    In 2022, the focus shifts to solving problems created by the new hybrid operating model where some employees are in the office and some are working remotely. Without the ease of collaborating in a central hub, technology can play a role in reducing friction in several areas:

    • Foster more connections between employees. Remote workers are less likely to collaborate with people outside of their department and less likely to spontaneously collaborate with their peers. CIOs should provide a digital employee experience that fosters collaboration habits and keeps workers engaged.
    • Prevent employee attrition. With more workers reevaluating their careers and leaving their jobs, CIOs can help employees feel connected to the overall purpose of the organization. Finding a way to maintain culture in the new context will require new solutions. While conference room technology can be a bane to IT departments, making hybrid meetings effortless to facilitate will be more important.
    • Provide new standards for mediated collaboration. Meeting isn’t as easy as simply gathering around the same table anymore. CIOs need to provide structure around how hybrid meetings are conducted to create equity between all participants. Business continuity processes must also consider potential outages for collaboration services so employees can continue the work despite a major outage.

    Three in four organizations have a “hybrid” approach to work. (Tech Trends 2022 Survey)

    In most organizations, a hybrid model is being implemented. Only 14.9% of organizations are planning for almost everyone to return to the office, and only 9.9% for almost everyone to work remotely.

    Elizabeth Clark

    CIO, Harvard Business School

    "I want to create experiences that are sticky. That keep people coming back and engaging with their colleagues."

    Photo of Elizabeth Clark, CIO, Harvard Business School.

    Listen to the Tech Insights podcast:
    Frictionless hybrid working: How the Harvard Business School did it

    Internal interpretation: Harvard Business School

    • March 2020
      The pandemic disrupts in-class education at Harvard Business School. Their case study method of instruction that depends on in-person, high-quality student engagement is at risk. While students and faculty completed the winter semester remotely, the Dean and administration make the goal to restore the integrity of the classroom experience with equity for both remote and in-person students.
    • May 2020
      A cross-functional task force of about 100 people work intensively, conducting seven formal experiments, 80 smaller tests, and hundreds of polling data points, and a technology and facilities solution is designed: two 4K video cameras capturing both the faculty and the in-class students, new ceiling mics, three 85-inch TV screens, and students joining the videoconference from their laptops. A custom Zoom room, combining three separate rooms, integrated all the elements in one place and integrated with the lecture capture system and learning management system.
    • October 2020
      Sixteen classrooms are renovated to install the new solution. Students return to the classroom but in lower numbers due to limits on in-room capacity, but students rotate between the in-person and remote experience.
    • September 2021
      Renovations for the hybrid solution are complete in 26 classrooms and HBS has determined this will be its standard model for the classroom. The case method of teaching is kept alive and faculty and students are thrilled with the results.
    • November 2021
      HBS is adapting its solution for the classroom to its conference rooms and has built out eight different rooms for a hybrid experience. The 4K cameras and TV screens capture all participants in high fidelity as well as the blackboard.

    Photo of a renovated classroom with Zoom participants integrated with the in-person students.
    The renovated classrooms integrate all students, whether they are participating remotely or in person. (Image courtesy of Harvard Business School.)

    Implications: Organization, Process, Technology

    External

    • Organization – About half of IT practitioners in the Tech Trends 2022 survey feel that IT leaders, infrastructure and operations teams, and security teams were “very busy” in 2021. Capacity to adapt to hybrid work could be constrained by these factors.
    • Process – Organizations that want employees to benefit from being back in the office will have to rethink how workers can get more value out of in-person meetings that also require videoconference participation with remote workers.
    • Technology – Fifty-four percent of surveyed IT practitioners say the pandemic raised IT spending compared to the projections they made in 2020. Much of that investment went into adapting to a remote work environment.

    Internal

    • Organization – HBS added 30 people to its IT staff on term appointments to develop and implement its hybrid classroom solutions. Hires included instructional designers, support technicians, coordinators, and project managers.
    • Process – Only 25 students out of the full capacity of 95 could be in the classroom due to COVID-19 regulations. On-campus students rotated through the classroom seats. An app was created to post last-minute seat availability to keep the class full.
    • Technology – A Zoom room was created that combines three rooms to provide the full classroom experience: a view of the instructor, a clear view of each student that enlarges when they are speaking, and a view of the blackboard.

    Resources Applied

    Appetite for Technology

    CIOs and their direct supervisors both ranked internal collaboration tools as being a “critical need to adopt” in 2021, according to Info-Tech’s CEO-CIO Alignment Benchmark Report.

    Intent to Invest

    Ninety-seven percent of IT practitioners plan to invest in technology to facilitate better collaboration between employees in the office and outside the office by the end of 2022, according to Info-Tech’s 2022 Tech Trends survey.

    “We got so many nice compliments, which you don’t get in IT all the time. You get all the complaints, but it’s a rare case when people are enthusiastic about something that was delivered.” (Elizabeth Clark, CIO, Harvard Business School)

    Harvard Business School

    • IT staff were reassigned from other projects to prioritize building a hybrid classroom solution. A cloud migration and other portfolio projects were put on pause.
    • The annual capital A/V investment was doubled. The amount of spend on conference rooms was tripled.
    • Employees were hired to the media services team at a time when other areas of the organization were frozen.

    Outcomes at Harvard Business School

    The new normal at Harvard Business School

    New normal: HBS has found its new default operating model for the classroom and is extending its solution to its operating environment.

    Improved CX: The high-quality experience for students has helped avoid attrition despite the challenges of the pandemic.

    Engaged employees: The IT team is also engaged and feels connected to the mission of the school.

    Photo of a custom Zoom room bringing together multiple view of the classroom as well as all remote students.
    A custom Zoom room brings together multiple different views of the classroom into one single experience for remote students. (Image courtesy of Harvard Business School.)

    From Priorities to Action

    Make hybrid collaboration a joy

    Align with your organization’s goals for collaboration and customer interaction, with the target of high satisfaction for both customers and employees. Invest in capital projects to improve the fidelity of conference rooms, develop and test a new way of working, and increase IT capacity to alleviate pressure points.

    Foster both asynchronous and synchronous collaboration approaches to avoid calendars filling up with videoconference meetings to get things done and to accommodate workers contributing from across different time zones.

    “We’ll always have hybrid now. It’s opened people’s eyes and now we’re thinking about the future state. What new markets could we explore?” (Elizabeth Clark, CIO, Harvard Business School)

    Take the next step

    Run Better Meetings
    Hybrid, virtual, or in person – set meeting best practices that support your desired meeting norms.

    Prepare People Leaders for the Hybrid Work Environment
    Set hybrid work up for success by providing people leaders with the tools they need to lead within the new model.

    Hoteling and Hot-Desking: A Primer
    What you need to know regarding facilities, IT infrastructure, maintenance, security, and vendor solutions for desk hoteling and hot-desking.

    “Human Resources Management” gap between importance and effectiveness
    Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the Human Resources Management gap between importance and effectiveness. The difference is marked as Delta 2.3.

    Improve your ransomware readiness

    Priority 02 | APO13 Security Strategy

    Mitigate the damage of successful ransomware intrusions and make recovery as painless as possible.

    The ransomware crisis threatens every organization

    Prevention alone won’t be enough against the forces behind ransomware.

    Cybersecurity is always top of mind for CIOs but tends to be deprioritized due to other demands related to digital transformation or due to cost pressures. That’s the case when we examine our data for this report.

    Cybersecurity ranked as the fourth-most important priority by CIOs in Info-Tech’s 2022 Tech Trends survey, behind business process improvement, digital transformation, and modernization. Popular ways to prepare for a successful attack include creating offline backups, purchasing insurance, and deploying new solutions to eradicate ransomware.

    CIOs and their direct supervisors ranked “Manage IT-Related Security” as the third-most important top IT priority on Info-Tech’s CEO-CIO Alignment Benchmark for 2021, in support of business goals to manage risk, comply with external regulation, and ensure service continuity.

    Most popular ways for organizations to prepare for the event of a successful ransomware attack:

    • 25% Created offline backups
    • 18% Purchased cyberinsurance
    • 19% New tech to eradicate ransomware

    Whatever priority an organization places on cybersecurity, when ransomware strikes, it quickly becomes a red alert scenario that disrupts normal operations and requires all hands on deck to respond. Sophisticated attacks executed at wide scale demonstrate that security can be bypassed without creating an alert. After that’s accomplished, the perpetrators build their leverage by exfiltrating data and encrypting critical systems.

    CIOs can plan to mitigate ransomware attacks in several constructive ways:

    • Business impact analysis. Determine the costs of an outage for specific periods and the system and data recovery points in time.
    • Engage a partner for 24/7 monitoring. Gain real-time awareness of your critical systems.
    • Review your identity access management (IAM) policies. Use of multi-factor authentication and limiting access to only the roles that need it reduces ransomware risk.

    50% of all organizations spent time and money specifically to prevent ransomware in the past year. (Info-Tech Tech Trends 2022 Survey)

    John Doe

    CIO, mid-sized manufacturing firm in the US

    "I want to create experiences that are sticky. That keep people coming back and engaging with their colleagues."

    Blank photo.

    Listen to the Tech Insights podcast:
    Close call with ransomware: a CIO recounts a near security nightmare

    Internal interpretation: US-based, mid-sized manufacturing firm

    • May 1, 2021
      A mid-sized manufacturing firm (“The Firm”) CIO gets a call from his head of security about odd things happening on the network. A call is made to Microsoft for support. Later that night, the report is that an unwanted crypto-mining application is the culprit. But a couple of hours later, that assessment is proven wrong when it’s realized that hundreds of systems are staged for a ransomware attack. All the attacker has to do is push the button.
    • May 2, 2021
      The Firm disconnects all its global sites to cut off new pathways for the malware to infect. All normal operations cease for 24 hours. It launches its cybersecurity insurance process. The CIO engages a new security vendor, CrowdStrike, to help respond. Employees begin working from home if they can so they can make use of their own internet service. The Firm has cut off its public internet connectivity and is severed from cloud services such as Azure storage and collaboration software.
    • May 4, 2021
      The hackers behind the attack are revealed by security forensics experts. A state-sponsored agency in Russia set up the ransomware and left it ready to execute. It sold the staged attack to a cybercriminal group, Doppel Spider. According to CrowdStrike, the group uses malware to run “big game hunting operations” and targets 18 different countries including the US and multiple industries, including manufacturing.
    • May 10, 2021
      The Firm has totally recovered from the ransomware incident and avoided any serious breach or paying a ransom. The CIO worked more hours than at any other point in his career, logging an estimated 130 hours over the two weeks.
    • November 2021
      The Firm never previously considered itself a ransomware target but has now reevaluated that stance. It has hired a service provider to run a security operations center on a 24/7 basis. It's implemented a more sophisticated detection and response model and implemented multi-factor authentication. It’s doubled its security spend in 2021 and will invest more in 2022.

    “Now we take the approach that if someone does get in, we're going to find them out.” (John Doe, CIO, “The Firm”)

    Implications: Organization, Process, Technology

    External

    • Organization – Organizations must consider how their employees play a role in preventing ransomware and plan for training to recognize phishing and other common traps. They must make plans for employees to continue their work if systems are disrupted by ransomware.
    • Process – Backup processes across multiple systems should be harmonized to have both recent and common points to recover from. Work with the understanding IT will have to take systems offline if ransomware is discovered and there is no time to ask for permission.
    • Technology – Organizations can benefit from security services provided by a forensics-focused vendor. Putting cybersecurity insurance in place not only provides financial protection but also guidance in what to do and which vendors to work with to prevent and recover from ransomware.

    Internal

    • Organization – The Firm was prepared with a business continuity plan to allow many of its employees to work remotely, which was necessary because the office network was incapacitated for ten days during recovery.
    • Process – Executives didn’t seek to assign blame for the security incident but took it as a signal there were some new costs involved to stay in business. It initiated new outsource relationships and hired one more full-time employee to shore up security resources.
    • Technology – New ransomware eradication software was deployed to 2,000 computers. Scripted processes automated much of the work, but in some cases full system rebuilds were required. Backup systems were disconnected from the network as soon as the malware was discovered.

    Resources Applied

    Consider the Alternative

    Organizations should consider how much a ransomware attack on critical systems would cost them if they were down for a minimum of 24-48 hours. Plan to invest an amount at least equal to the costs of that downtime.

    Ask for ID

    Implementing across-the-board multi-factor authentication reduces chances of infection and is cheap, with enterprise solutions ranging from $2 to $5 per user on average. Be strict and deny access when connections don’t authenticate.

    “You'll never stop everything from getting into the network. You can still focus on stopping the bad actors, but then if they do make it in, make sure they don't get far.” (John Doe, CIO, “The Firm”)

    “The Firm” (Mid-Sized Manufacturer)

    • During the crisis, The Firm paused all activities and focused solely on isolating and eliminating the ransomware threat.
    • New outsourcing relationship with a vendor provides a 24/7 Security Operations Center.
    • One more full-time employee on the security team.
    • Doubled investment in security in 2021 and will spend more in 2022.

    Outcomes at “The Firm” (Mid-Sized Manufacturer)

    The new cost of doing business

    Real-time security: While The Firm is still investing in prevention-based security, it is also developing its real-time detection and response capabilities. When ransomware makes it through the cracks, it wants to know as soon as possible and stop it.

    Leadership commitment: The C-suite is taking the experience as a wake-up call that more investment is required in today’s threat landscape. The Firm rates security more highly as an overall organizational goal, not just something for IT to worry about.

    Stock photo of someone using their phone while sitting at a computer, implying multi-factor authentication.
    The Firm now uses multi-factor authentication as part of its employee sign-on process. For employees, authenticating is commonly achieved by using a mobile app that receives a secret code from the issuer.

    From Priorities to Action

    Cybersecurity is everyone’s responsibility

    In Info-Tech’s CEO-CIO Alignment Benchmark for 2021, the business goal of “Manage Risk” was the single biggest point of disagreement between CIOs and their direct supervisors. CIOs rank it as the second-most important business goal, while CEOs rank it as sixth-most important.

    Organizations should align on managing risk as a top priority given the severity of the ransomware threat. The threat actors and nature of the attacks are such that top leadership must prepare for when ransomware hits. This includes halting operations quickly to contain damage, engaging third-party security forensics experts, and coordinating with government regulators.

    Cybersecurity strategies may be challenged to be effective without creating some friction for users. Organizations should look beyond multi-layer prevention strategies and lean toward quick detection and response, spending evenly across prevention, detection, and response solutions.

    Take the next step

    Create a Ransomware Incident Response Plan
    Don’t be the next headline. Determine your current readiness, response plan, and projects to close gaps.

    Simplify Identity and Access Management
    Select and implement IAM and produce vendor RFPs that will contain the capabilities you need, including multi-factor authentication.

    Cybersecurity Series Featuring Sandy Silk
    More from Info-Tech’s Senior Workshop Director Sandy Silk in this video series created while she was still at Harvard University.

    Gap between CIOs and CEOs in points allocated to “Manage risk” as a top business goal

    A bar chart illustrating the gap between CIOs and CEOs in points allocated to 'Manage risk' as a top business goal. The difference is marked as Delta 1.5.

    Support an employee-centric retention strategy

    Priority 03 | ITRG02 Leadership, Culture & Values

    Avoid being a victim of “The Great Resignation” by putting employees at the center of an experience that will engage them with clear career path development, purposeful work, and transparent feedback.

    Defining an employee-first culture that improves retention

    The Great resignation isn’t good for firms

    In 2021, many workers decided to leave their jobs. Working contexts were disrupted by the pandemic and that saw non-essential workers sent home to work, while essential workers were asked to continue to come into work despite the risks of COVID-19. These disruptions may have contributed to many workers reevaluating their professional goals and weighing their values differently. At the same time, 2021 saw a surging economy and many new job opportunities to create a talent-hungry market. Many workers could have been motivated to take a new opportunity to increase their salary or receive other benefits such as more flexibility.

    Annual turnover rate for all us employees on the rise

    • 20% – Jan.-Aug. 2020, Dipped from 22% in 2019
    • 25% Jan.-Aug. 2021, New record high
    • Data from Visier Inc.

    When you can’t pay them, develop them

    IT may be less affected than other departments by this trend. Info-Tech’s 2022 IT Talent Trends Report shows that on average, estimated turnover rate in IT is lower than the rest of the organization. Almost half of respondents estimated their organization’s voluntary turnover rate was 10% or higher. Only 30% of respondents estimate that IT’s voluntary turnover rate is in the same range. However, CIOs working in industries with the highest turnover rates will have to work to keep their workers engaged and satisfied, as IT skills are easily transferred to other industries.

    49% ranked “enabling learning & development within IT” as high priority, more than any other single challenge. (IT Talent Trends 2022 Survey, N=227)

    A bar chart of 'Industries with highest turnover rates (%)' with 'Leisure and Hospitality' at 6.4%, 'Trade, Transportation & Utilities' at 3.6%, 'Professional and Business' at 3.3%, and 'Other Services' at 3.1%. U.S. Bureau of Labor Statistics, 2022.

    Jeff Previte

    Executive Vice-President of IT, CrossCountry Mortgage

    “We have to get to know the individual at a personal level … Not just talking about the business, but getting to know the person."

    Photo of Jeff Previte, Executive Vice-President of IT, CrossCountry Mortgage.

    Listen to the Tech Insights podcast:
    How a financial services company dodged ‘The Great Resignation’

    Internal interpretation: CrossCountry Mortgage

    • May 2019
      Jeff Previte joins Cleveland, Ohio-based CrossCountry Mortgage in the CIO role. The company faces a challenge with employee turnover, particularly in IT. The firm is a sales-focused organization and saw its turnover rate reach as high as 60%. Yet Previte recognized that IT had some meaningful goals to achieve and would need to attract – and retain – some higher caliber talent. His first objective in his new role was to meet with IT employees and business leadership to set priorities.
    • July 2019
      Previte takes a “people-first” approach to leadership and meets his staff face-to-face to understand their personal situations. He sets to work on defining roles and responsibilities in the organization, spending about a fifth of his time on defining the strategy.
    • June 2020
      Previte assigned his leadership team to McLean & Company’s Design an Impactful Employee Development Program. From there, the team developed a Salesforce tool called the Career Development Workbook. “We had some very passionate developers and admins that wanted to build a home-grown tool,” he says. It turns McLean & Company’s process into a digital tool employees can use to reflect on their careers and explore their next steps. It helps facilitate development conversations with managers.
    • January 2021
      CrossCountry Mortgage changes its approach to career development activities. Going to external conferences and training courses is reduced to just 30% of that effort. The rest is by doing hands-on work at the company. Previte aligned with his executives and road-mapped IT projects annually. Based on employee’s interests, opportunities are found to carve out time from usual day-to-day activities to spend time on a project in a new area. When there’s a business need, someone internally can be ready to transition roles.
    • June 2021
      In the two years since joining the company, Previte has reduced the turnover rate to just 12%. The IT department has grown to more adequately meet the needs of the business and employees are engaged with more opportunities to develop their careers. Instead of focusing on compensation, Previte focused more on engaging employees with a developmentally dedicated environment and continuous hands-on learning.

    “It’s come down to a culture shift. Folks have an idea of where we’re headed as an organization, where we’re headed as an IT team, and how their role contributes to that.” (Jeff Previte, EVP of IT, CrossCountry Mortgage)

    Implications: Organization, Process, Technology

    External

    • Organization – A high priority is being placed on improving IT’s maturity through its talent. Enabling learning and development in IT, enabling departmental innovation, and recruiting are the top three highest priorities according to IT Talent Trends 2022 survey responses.
    • Process – Recruiting is more challenging for industries that operate primarily onsite, according to McLean & Company's 2022 HR Trends Report. They face more challenges attracting applications, more rejected offers, and more candidate ghosting compared to remote-capable industries.
    • Technology – Providing a great employee experience through digital tools is more important as many organizations see a mix of workers in the office and at home. These tools can help connect colleagues, foster professional development, and improve the candidate experience.

    Internal

    • Organization – CrossCountry Mortgage faced a situation where IT employees did not have clarity on their roles and responsibilities. In terms of salary, it wasn’t offering at the high end compared to other employers in Cleveland.
    • Process – To foster a culture of growth and development, CrossCountry Mortgage put in place a performance assessment system that encouraged reflection and goal setting, aided by collaboration with a manager.
    • Technology – The high turnover rate was limiting CrossCountry Mortgage from achieving the level of maturity it needed to support the company’s goals. It ingrained its new PA process with a custom build of a Salesforce tool.

    Resources Applied

    Show me the money

    Almost six in ten Talent Trends survey respondents identified salary and compensation as the reason that employees resigned in the past year. Organizations looking to engage employees must first pay a fair salary according to market and industry conditions.

    Build me up

    Professional development and opportunity for innovative work are the next two most common reasons for resignations. Organizations must ensure they create enough capacity to allow workers time to spend on development.

    “Building our own solution created an element of engagement. There was a sense of ownership that the team had in thinking through this.” (Jeff Previte, CrossCountry Mortgage)

    CrossCountry Mortgage

    • Executive time: CIO spends 10-20% of his time on activities related to designing the approach.
    • Leveraged memberships with Info-Tech Research Group and McLean & Company to define professional development process.
    • Internal IT develops automated workflow in Salesforce.
    • Hired additional IT staff to build out overall capacity and create time for development activities.

    Outcomes at CrossCountry Mortgage

    Engaged IT workforce

    The Great Maturation: IT staff turnover rate dropped to 10-12% and IT talent is developing on the job to improve the department’s overall skill level. More IT staff on hand and more engaged workers mean IT can deliver higher maturity level results.

    Alignment achieved: Connecting IT’s initiatives to the vision of the C-suite creates a clear purpose for IT in its initiatives. Staff understand what they need to achieve to progress their careers and can grow while they work.

    Photo of employees from CrossCountry Mortgage assisting with a distribution event.
    Employees from CrossCountry Mortgage headquarters assist with a drive-thru distribution event for the Cleveland Food Bank on Dec. 17, 2021. (Image courtesy of CrossCountry Mortgage.)

    From Priorities to Action

    Staff retention is a leadership priority

    The Great Resignation trend is bringing attention to employee engagement and staff retention. IT departments are busier than ever during the pandemic as they work overtime to keep up with a remote workforce and new security threats. At the same time, IT talent is among the most coveted on the market.

    CIOs need to develop a people-first approach to improve the employee experience. Beyond compensation, IT workers need clarity in terms of their career paths, a direct connection between their work and the goals of the organization, and time set aside for professional development.

    Info-Tech’s 2021 benchmark for “Leadership, Culture & Values” shows that most organizations rate this capability very highly (9) but see room to improve on their effectiveness (6.9).

    Take the next step

    IT Talent Trends 2022
    See how IT talent trends are shifting through the pandemic and understand how themes like The Great Resignation has impacted IT.

    McLean & Company’s Modernize Performance Management
    Customize the building blocks of performance management to best fit organizational needs to impact individual and organizational performance, productivity, and engagement.

    Redesign Your IT Organizational Structure
    Define future-state work units, roles, and responsibilities that will enable the IT organization to complete the work that needs to be done.

    “Leadership, Culture & Values” gap between importance and effectiveness
    Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the 'Leadership, Culture & Values' gap between importance and effectiveness. The difference is marked as Delta 2.1.

    Design an automation platform

    Priority 04 | APO04 Innovation

    Position yourself to buy or build a platform that will enable new automation opportunities through seamless integration.

    Build it or buy it, but platform integration can yield great benefits

    Necessity is the mother of innovation

    When it’s said that digital transformation accelerated during the pandemic, what’s really meant is that processes that were formerly done manually became automated through software. In responses to the Tech Trends survey, CIOs say digital transformation was more of a focus during the pandemic, and eight in ten CIOs also say they shifted more than 20% of their organization’s processes to digital during the pandemic. Automating tasks through software can be called digitalization.

    Most organizations became more digitalized during the pandemic. But how they pursued it depends on their IT maturity. For digital laggards, partnering with a technology services platform is the path of least resistance. For sophisticated innovators, they can consider building a platform to address the specific needs of their business process. Doing so requires the foundation of an existing “digital factory” or innovation arm where new technologies can be tested, proofs of concept developed, and external partnerships formed. Patience is key with these efforts, as not every investment will yield immediate returns and some will fail outright.

    Build it or buy it, platform participants integrate with their existing systems through application programming interfaces (APIs). Organizations should determine their platform strategies based on maturity, then look to integrate the business processes that will yield the most gains.

    What role should you play in the platform ecosystem?

    A table with levels on the maturity ladder laid out as a sprint. Column headers are maturity levels 'Struggle', 'Support', 'Optimize', 'Expand', and 'Transform', row headers are 'Maturity' and 'Role'. Roles are assigned to one or many levels. 'Improve' is solely under Struggle. 'Integrate' spans from Support to Transform. 'Buy' spans Support to Expand. 'Build' begins midway through Expand and all of Transform. 'Partner' spans from Optimize to halfway through Transform.

    68% of CIOs say digital transformation became much more of a focus for their organization during the pandemic (Info-Tech Tech Trends 2022 Survey)

    Bob Crozier

    Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE

    "Smart contracts are really just workflows between counterparties."

    Photo of Bob Crozier, Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE.

    Listen to the Tech Insights podcast:
    How Allianz took a blockchain platform from pilot to 1 million transactions

    Internal interpretation: Allianz Technology

    • 2015
      After smart contracts are demonstrated on the Ethereum blockchain, Allianz and other insurers recognize the business value. There is potential to use the capability to administer a complex, multi-party contract where the presence of the reinsurer in the risk transfer ecosystem is required. Manual contracts could be turned into code and automated. Allianz organized an early proof of concept around a theoretical pandemic excessive loss contract.
    • 2018
      Allianz Chief Architect Bob Crozier is leading the Global Blockchain Center of Competence for Allianz. They educate Allianz on the value of blockchain for business. They also partner with a joint venture between the Technology University of Munich and the state of Bavaria. A cohort of Masters students is looking for real business problems to solve with open-source distributed ledger technology. Allianz puts its problem statement in front of the group. A student team presents a proof of concept for an international motor insurance claims settlement and it comes in second place at a pitch day competition.
    • 2019
      Allianz brings the concept back in-house, and its business leaders return to the concept. Startup Luther Systems is engaged to build a minimum-viable product for the solution, with the goal being a pilot involving three or four subsidiaries in different countries. The Blockchain Center begins communicating with 25 Allianz subsidiaries that will eventually deploy the platform.
    • 2020
      Allianz is in build mode on its international motor insurance claims platform. It leverages its internal Dev/SecOps teams based in Munich and in India.
    • May 2021
      Allianz goes live with its new platform on May 17, decommissioning its old system and migrating all live claims data onto the new blockchain platform. It sees 400 concurrent users go live across Europe.
    • January 2022
      Allianz mines its one-millionth block to its ledger on Jan. 19, with each block representing a peer-to-peer transaction across its 25 subsidiaries in different countries. The platform has settled hundreds of millions of dollars.

    Stock photo of two people arguing over a car crash.

    Implications: Organization, Process, Technology

    External

    • Organization – To explore emerging technologies like blockchain, organizations need staff that are accountable for innovation and have leeway to develop proofs of concept. External partners are often required to bring in fresh ideas and move quickly towards an MVP.
    • Process – According to the Tech Trends 2022 survey, 84% of CIOs consider automation a high-value digital capability, and 77% say identity verification is a high-value capability. A blockchain platform using smart contracts can deliver those.
    • Technology – The Linux Foundation’s Hyperledger Fabric is an open-source blockchain technology that’s become popular in the financial industry for its method of forming consensus and its modular architecture. It’s been adopted by USAA, MasterCard, and PayPal. It also underpins the IBM Blockchain Platform and is supported by Azure Blockchain.

    Internal

    • Organization – Allianz is a holding company that owns Allianz Technology and 25 operating entities across Europe. It uses the technology arm to innovate on the business process and creates shared platforms that its entities can integrate with to automate across the value chain.
    • Process – Initial interest in smart contracts on blockchain were funneled into a student competition, where a proof of concept was developed. Allianz partnered with a startup to develop an MVP, then developed the platform while aligning with its business units ahead of launch.
    • Technology – Allianz built its blockchain platform on Hyperledger Fabric because it was a permissioned system, unlike other public permissionless blockchains such as Ethereum, and because its mining mechanism was much more energy efficient compared to other blockchains using Proof of Work consensus models.

    Resources Applied

    Time to innovate

    Exploring emerging technology for potential use cases is difficult for staff tasked with running day-to-day operations. Organizations serious about innovation create a separate team that can focus on “moonshot” projects and connect with external partners.

    Long-term ROI

    Automation of new business processes often requires a high upfront initial investment for a long-term efficiency gain. A proof of concept should demonstrate clear business value that can be repeated often and for a long period.

    “My next project has to deliver in the tens of millions of value in return. The bar is high and that’s what it should be for a business of our size.” (Bob Crozier, Allianz)

    Allianz

    • Several operating entities from different countries supplied subject matter expertise and helped with the testing process.
    • Allianz Technology team has eight staff members. It is augmented by Luther Systems and the team at industry group B3i.
    • Funding of less than $5 million to develop. Dev team continues to add improvements.
    • Operating requires just one full-time employee plus infrastructure costs, mostly for public cloud hosting.

    Outcomes at Allianz

    From insurer to platform provider

    Deliver your own SaaS: Allianz Technology built its blockchain-based claims settlement platform and its subsidiaries consume it as software as a service. The platform runs on a distributed architecture across Europe, with each node running the same version of the software. Operating entities can also integrate their own systems to the platform via APIs and further automate business processes such as billing.

    Ready to scale: After processing one million transactions, the international claims settlement platform is proven and ready to add more participants. Crozier sees auto repair shops and auto manufacturers as the next logical users.

    Stock photo of Blockchain.
    Allianz is a shareholder of the Blockchain Insurance Industry Initiative (B3i). It is providing a platform used by a group of insurance companies in the commercial and reinsurance space.

    When should we use blockchain? THREE key criteria:

    • Redundant processes
      Different entities follow the same process to achieve the desired outcome.
    • Audit trail
      Accountability in the decision making must be documented.
    • Reconciliation
      Parties need to be able to resolve disputes by tracing back to the truth.

    From Priorities to Action

    It’s a build vs. buy question for platforms

    Allianz was able to build a platform for its group of European subsidiaries because of its established digital factory and commitment to innovation. Allianz Technology is at the “innovate” level of IT maturity, allowing it to create a platform that subsidiaries can integrate with via APIs. For firms that are lower on the IT maturity scale, buying a platform solution is the better path to automation. These firms will be concerned with integrating their legacy systems to platforms that can reduce the friction of their operating environments and introduce modern new capabilities.

    From Info-Tech’s Build a Winning Business Process Automation Playbook

    An infographic comparing pros and cons of Build versus Buy. On the 'Build: High Delivery Capacity & Capability' side is 'Custom Development', 'Data Integration', 'AI/ML', 'Configuration', 'Native Workflow', and 'Low & No Code'. On the 'Buy: Low Delivery Capacity & Capability' side is 'Outsource Development', 'iPaaS', 'Chatbots', 'iBPMS & Rules Engines', 'RPA', and 'Point Solutions'.

    Take the next step

    Accelerate Your Automation Processes
    Integrate automation solutions and take the first steps to building an automation suite.

    Build Effective Enterprise Integration on the Back of Business Process
    From the backend to the frontlines – let enterprise integration help your business processes fly.

    Evolve Your Business Through Innovation
    Innovation teams are tasked with the responsibility of ensuring that their organizations are in the best position to succeed while the world is in a period of turmoil, chaos, and uncertainty.

    “Innovation” gap between importance and effectiveness Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the 'Innovation' gap between importance and effectiveness. The difference is marked as Delta 2.1.

    Prepare to report on new environmental, social, and governance (ESG) metrics

    Priority 05 | ITRG06 Business Intelligence and Reporting

    Be ready to either lead or support initiatives to meet the criteria of new ESG reporting mandates and work toward disclosure reporting solutions.

    Time to get serious about ESG

    What does CSR or ESG mean to a CIO?

    Humans are putting increasing pressure on the planet’s natural environment and creating catastrophic risks as a result. Efforts to mitigate these risks have been underway for the past 30 years, but in the decade ahead regulators are likely to impose more strict requirements that will be linked to the financial value of an organization. Various voluntary frameworks exist for reporting on environmental, social, and governance (ESG) or corporate social responsibility (CSR) metrics. But now there are efforts underway to unify and clarify those standards.

    The most advanced effort toward a global set of standards is in the environmental area. At the United Nations’ COP26 summit in Scotland last November, the International Sustainability Standards Board (ISSB) announced its headquarters (Frankfurt) and three other international office locations (Montreal, San Francisco, and London) and its roadmap for public consultations. It is working with an array of voluntary standards groups toward a consensus.

    In Info-Tech’s 2022 Tech Trends survey, two-thirds of CIOs say their organization is committed to reducing greenhouse gas emissions, yet only 40% say their organizational leadership is very concerned with reducing those emissions. CIOs will need to consider how to align organizational concern with internal commitments and new regulatory pressures. They may investigate new real-time reporting solutions that could serve as a competitive differentiator on ESG.

    Standards informing the ISSB’s global set of climate standards

    A row of logos of organizations that inform ISSB's global set of climate standards.

    67% of CIOs say their organization is committed to reducing greenhouse gases, with one-third saying that commitment is public. (Info-Tech Tech Trends 2022 Survey)

    40% of CIOs say their organizational leadership is very concerned with reducing greenhouse gas emissions.

    David W. Dorman

    Chairman of the board, CVS Health

    “ESG is a question of what you do in the microcosm of your company to make sure there is a clear, level playing field – that there is a color-blind, gender-blind meritocracy available – that you are aware that not in every case can you achieve that without really focusing on it. It’s not going to happen on its own. That’s why our commitments have real dollars behind them and real focus behind them because we want to be the very best at doing them.”

    Photo of David W. Dorman, Chairman of the Board, CVS Health.

    Listen to the Tech Insights podcast:
    CVS Health chairman David Dorman on healthcare's hybrid future

    Internal interpretation: CVS Health

    CVS Health established a new steering committee of senior leaders in 2020 to oversee ESG commitments. It designs its corporate social responsibility strategy, Transform Health 2030, by aligning company activities in four key areas: healthy people, healthy business, healthy planet, and healthy community. The strategy aligns with the United Nations’ Sustainable Development Goals. In alignment with these goals, CVS identifies material topics where the company has the most ability to make an impact. In 2020, its top three topics were:

    1. Access to quality health care
    2. Patient and customer safety
    3. Data protection and privacy
    Material Topic
    Access to quality health care
    Material Topic
    Patient and customer safety
    Material Topic
    Data protection and privacy
    Technology Initiative
    MinuteClinic’s Virtual Collaboration for Nurses

    CVS provided Apple iPads compliant with the Health Insurance Portability and Accountability Act (HIPAA) to clinics in a phased approach, providing training to more than 700 providers in 26 states by February 2021. Nurses could use the iPads to attend virtual morning huddles and access clinical education. Nurses could connect virtually with other healthcare experts to collaborate on delivering patient care in real-time. The project was able to scale across the country through a $50,000 American Nurses Credentialing Center Pathway Award. (Wolters Kluwer Health, Inc.)

    Technology Initiative
    MinuteClinic’s E-Clinic

    MinuteClinics launched this telehealth solution in response to the pandemic, rolling it out in three weeks. The solution complemented video visits delivered in partnership with the Teladoc platform. Visits cost $59 and are covered by Aetna insurance plans, a subsidiary of CVS Health. It hosted more than 20,000 E-Clinic visits through the end of 2020. CVS connected its HealthHUBs to the solution to increase capacity in place of walk-in appointments and managed patients via phone for medication adherence and care plans. CVS also helped behavioral health providers transition patients to virtual visits. (CVS Health)

    Technology Initiative
    Next Generation Authentication Platform

    CVS patented this solution to authenticate customers accessing digital channels. It makes use of the available biometrics data and contextual information to validate identity without the need for a password. CVS planned to extend the platform to voice channels as well, using voiceprint technology. The solution prevents unauthorized access to sensitive health data while providing seamless access for customers. (LinkedIn)

    Implications: Organization, Process, Technology

    External

    • Organization – Since the mid-2010s, younger investors have demonstrated reliance on ESG data when making investment decisions, resulting in the creation of voluntary standards that offered varied approaches. Organizations in ESG exchange-traded funds are outperforming the overall S&P 500 (S&P Global Market Intelligence).
    • Process – Organizations are issuing ESG reports today despite the absence of clear rules to follow for reporting results. With regulators expected to step in to establish more rigid guidelines, many organizations will need to revisit their approach to ESG reports.
    • Technology – Real-time reporting of ESG metrics will become a competitive advantage before 2030. Engineering a solution that can alert organizations to poor performance on ESG measures and allow them to respond could avert losing market value.

    Internal

    • Organization – CVS Health established an ESG Steering Committee in 2020 composed of senior leaders including its chief governance officers, chief sustainability officer, chief risk officer, and controller and SVP of investor relations. It is supported by the ESG Operating Committee.
    • Process – CVS conducts a materiality assessment in accordance with Global Reporting Initiative standards to determine the most significant ESG impacts it can make and what topics most influence the decisions of stakeholders. It engages with various stakeholder groups on CSR topics.
    • Technology – CVS technology initiatives during the pandemic focused on supporting patients and employees in collaborating on health care delivery using virtual solutions, providing rich digital experiences that are easily accessible while upholding high security and privacy standards.

    Resources Applied

    Lack of commitment

    While 83% of businesses state support for the Sustainable Development Goals outlined by the Global Reporting Initiative (GRI), only 40% make measurable commitments to their goals.

    Show your work

    The GRI recommends organizations not only align their activities with sustainable development goals but also demonstrate contributions to specific targets in reporting on the positive actions they carry out. (GRI, “State of Progress: Business Contributions to the SDGS.”)

    “We end up with a longstanding commitment to diversity because that’s what our customer base looks like.” (David Dorman, CVS Health)

    CVS Health

    • The MinuteClinic Virtual Collaboration solution was piloted in Houston, demonstrated success, and won additional $50,000 funding from the Pathway to Excellence Award to scale the program across the country (Wolters Kluwer Health, Inc.).
    • The Next-Gen Authentication solution is provided by the vendor HYPR. It is deployed to ten million users and looking to scale to 30 million more. Pricing for enterprises is quoted at $1 per user, but volume pricing would apply to CVS (HYPR).

    Outcomes at CVS Health

    Delivering on hybrid healthcare solutions

    iPads for collaboration: Healthcare practitioners in the MinuteClinic Virtual Collaboration initiative agreed that it improved the use of interprofessional teams, working well virtually with others, and improved access to professional resources (Wolters Kluwer Health, Inc.)

    Remote healthcare: Saw a 400% increase in MinuteClinic virtual visits in 2020 (CVS Health).

    Verified ID: The Next Generation Authentication platform allowed customers to register for a COVID-19 vaccination appointment. CVS has delivered more than 50 million vaccines (LinkedIn).

    Stock photo of a doctor with an iPad.
    CVS Health is making use of digital channels to connect its customers and health practitioners to a services platform that can supplement visits to a retail or clinic location to receive diagnostics and first-hand care.

    From Priorities to Action

    Become your organization’s ESG Expert

    The risks posed to organizations and wider society are becoming more severe, driving a transition from voluntary frameworks for ESG goals to a mandatory one that’s enforced by investors and governments. Organizations will be expected to tie their core activities to a defined set of ESG goals and maintain a balance sheet of their positive and negative impacts. CIOs should become experts in ESG disclosure requirements and recommend the steps needed to meet or exceed competitors’ efforts. If a leadership vacuum for ESG accountability exists, CIOs can either seek to support their peers that are likely to become accountable or take a leadership role in overseeing the area. CIOs should start working toward solutions that deliver real-time reporting on ESG goals to make reporting frictionless.

    “If you don’t have ESG oversight at the highest levels of the company, it won’t wind up getting the focus. That’s why we review it at the Board multiple times per year. We have an annual report, we compare how we did, what we intended to do, where did we fall short, where did we exceed, and where we can run for daylight to do more.” (David Dorman, CVS Health)

    Take the next step

    ESG Disclosures: How Will We Record Status Updates on the World We Are Creating?
    Prepare for the era of mandated environmental, social, and governance disclosures.

    Private Equity and Venture Capital Growing Impact of ESG Report
    Learn about how the growing impact of ESG affects both your organization and IT specifically, including challenges and opportunities, with expert assistance.

    “Business Intelligence and Reporting” gap between importance and effectiveness
    Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the 'BI and Reporting' gap between importance and effectiveness. The difference is marked as Delta 2.4.

    The Five Priorities

    Priorities to compete in the digital economy

    1. Reduce Friction in the Hybrid Operating Model
    2. Improve Your Ransomware Readiness
    3. Support an Employee-Centric Retention Strategy
    4. Design an Automation Platform
    5. Prepare to Report on New Environmental, Social, and Governance Metrics

    Contributing Experts

    Elizabeth Clark

    CIO, Harvard Business School
    Photo of Elizabeth Clark, CIO, Harvard Business School.

    Jeff Previte

    Executive Vice-President of IT, CrossCountry Mortgage
    Photo of Jeff Previte, Executive Vice-President of IT, CrossCountry Mortgage.

    Bob Crozier

    Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE
    Photo of Bob Crozier, Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE.

    David W. Dorman

    Chairman of the Board, CVS Health
    Photo of David W. Dorman, Chairman of the Board, CVS Health.

    Info-Tech’s internal CIO panel contributors

    • Bryan Tutor
    • John Kemp
    • Mike Schembri
    • Janice Clatterbuck
    • Sandy Silk
    • Sallie Wright
    • David Wallace
    • Ken McGee
    • Mike Tweedie
    • Cole Cioran
    • Kevin Tucker
    • Angelina Atkins
    • Yakov Kofner
    Photo of an internal CIO panel contributor. Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.
    Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.
    Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.

    Thank you for your support

    Logo for the Blockchain Research Institute.
    Blockchain Research Institute

    Bibliography – CIO Priorities 2022

    “2020 Corporate Social Responsibility Report.” CVS Health, 2020, p. 127. Web.

    “Adversary: Doppel Spider - Threat Actor.” Crowdstrike Adversary Universe, 2021. Accessed 29 Dec. 2021.

    “Aetna CVS Health Success Story.” HYPR, n.d. Accessed 6 Feb. 2022.

    Baig, Aamer. “The CIO agenda for the next 12 months: Six make-or-break priorities.” McKinsey Digital, 1 Nov. 2021. Web.

    Ball, Sarah, Kristene Diggins, Nairobi Martindale, Angela Patterson, Anne M. Pohnert, Jacinta Thomas, Tammy Todd, and Melissa Bates. “2020 ANCC Pathway Award® winner.” Wolters Kluwer Health, Inc., 2021. Accessed 6 Feb. 2022.

    “Canadian Universities Propose Designs for a Central Bank Digital Currency.” Bank of Canada, 11 Feb. 2021. Accessed 14 Dec. 2021.

    “Carbon Sequestration in Wetlands.” MN Board of Water and Soil Resources, n.d. Accessed 15 Nov. 2021.

    “CCM Honored as a NorthCoast 99 Award Winner.” CrossCountry Mortgage, 1 Dec. 2021. Web.

    Cheek, Catherine. “Four Things We Learned About the Resignation Wave–and What to Do Next.” Visier Inc. (blog), 5 Oct. 2021. Web.

    “Companies Using Hyperledger Fabric, Market Share, Customers and Competitors.” HG Insights, 2022. Accessed 25 Jan. 2022.

    “IFRS Foundation Announces International Sustainability Standards Board, Consolidation with CDSB and VRF, and Publication of Prototype Disclosure Requirements.” IFRS, 3 Nov. 2021. Web.

    “IT Priorities for 2022: A CIO Report.” Mindsight, 28 Oct. 2021. Web.

    “Job Openings and Labor Turnover Survey.” Databases, Tables & Calculators by Subject, U.S. Bureau of Labor Statistics, 2022. Accessed 9 Feb. 2022.

    Kumar, Rashmi, and Michael Krigsman. “CIO Planning and Investment Strategy 2022.” CXOTalk, 13 Sept. 2021. Web.

    Leonhardt, Megan. “The Great Resignation Is Hitting These Industries Hardest.” Fortune, 16 Nov. 2021. Accessed 7 Jan. 2022.

    “Most companies align with SDGs – but more to do on assessing progress.” Global Reporting Initiative (GRI), 17 Jan. 2022. Web.

    Navagamuwa, Roshan. “Beyond Passwords: Enhancing Data Protection and Consumer Experience.” LinkedIn, 15 Dec. 2020.

    Ojo, Oluwaseyi. “Achieving Digital Business Transformation Using COBIT 2019.” ISACA, 19 Aug. 2019. Web.

    “Priority.” Lexico.com, Oxford University Press, 2021. Web.

    Riebold, Jan, and Yannick Bartens. “Reinventing the Digital IT Operating Model for the ‘New Normal.’” Capgemini Worldwide, 3 Nov. 2020. Web.

    Samuels, Mark. “The CIO’s next priority: Using the tech budget for growth.” ZDNet, 1 Sept. 2021. Accessed 1 Nov. 2021.

    Sayer, Peter. “Exclusive Survey: CIOs Outline Tech Priorities for 2021-22.” CIO, 5 Oct. 2021. Web.

    Shacklett, Mary E. “Where IT Leaders Are Likely to Spend Budget in 2022.” InformationWeek, 10 Aug. 2021. Web.

    “Table 4. Quits Levels and Rates by Industry and Region, Seasonally Adjusted - 2021 M11 Results.” U.S. Bureau of Labor Statistics, Economic News Release, 1 Jan. 2022. Accessed 7 Jan. 2022.

    “Technology Priorities CIOs Must Address in 2022.” Gartner, 19 Oct. 2021. Accessed 1 Nov. 2021.

    Thomson, Joel. Technology, Talent, and the Future Workplace: Canadian CIO Outlook 2021. The Conference Board of Canada, 7 Dec. 2021. Web.

    “Trend.” Lexico.com, Oxford University Press, 2021. Web.

    Vellante, Dave. “CIOs signal hybrid work will power tech spending through 2022.” SiliconANGLE, 25 Sept. 2021. Web.

    Whieldon, Esther, and Robert Clark. “ESG funds beat out S&P 500 in 1st year of COVID-19; how 1 fund shot to the top.” S&P Global Market Intelligence, April 2021. Accessed Dec. 2021.

    Develop Your Value-First Business Process Automation Strategy

    • Buy Link or Shortcode: {j2store}236|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Optimization
    • Parent Category Link: /optimization

    Business process automation (BPA) has gained momentum, especially as pilots result in positive outcomes such as improved customer experience, efficiencies, and cost savings. Stakeholders want to invest more in BPA solutions and scale initial successes across different business and IT functions.

    But it’s critical to get it right and not fall into the hype so that the costs don’t outweigh the benefits.

    Ultimately, all BPA initiatives should align with a common vision.

    Build the right BPA strategy – smarter, not faster

    Organizations should adopt a methodical approach to growing their BPA, taking cost, talent availability, and goals into account.

    1. Recognize the true value of automation. Successful BPA improves more than cost savings and revenue generation. Employee satisfaction, organizational reputation, brand, and better-performing products and services are other sought-after benefits.
    2. Consider all relevant factors as you build a strategy. Take into account the impact BPA initiatives will have on users, risk and change appetites, customer satisfaction, and business priorities.
    3. Mature your practice as you scale your BPA technologies. Develop skills, resources, and governance practices as you scale your automation tools. Deploy BPA with quality in mind, then continuously monitor, review, and maintain the automation for success.
    4. Learn from your initial automations. Maximize what you learn from your minimum viable automations (MVA) and use that knowledge to build and scale your automation implementation across the organization.

    Develop Your Value-First Business Process Automation Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Business Process Automation Strategy Deck – A step-by-step document that walks you through how to position business process automation as a key capability and assess the organization’s readiness for its adoption.

    This blueprint helps you develop a strategy justify the scaling and maturing of your business process automation (BPA) practices and capabilities to fulfill your business priorities.

    • Develop Your Value-First Business Process Automation Strategy – Phases 1-4

    2. Business Process Automation Strategy Template – A template to help you build a clear and compelling strategy document for stakeholders.

    Document your business process automation strategy in the language your stakeholders understand. Tailor this document to fit your BPA objectives and initiatives.

    • Business Process Automation Strategy Template

    3. Business Process Automation Maturity Assessment Tool – A tool to help gauge the maturity of your BPA practice.

    Evaluate the maturity of the key capabilities of your BPA practice to determine its readiness to support complex and scaled BPA solutions.

    • Business Process Automation Maturity Assessment Tool

    Infographic

    Workshop: Develop Your Value-First Business Process Automation Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Context

    The Purpose

    Understand the business priorities and your stakeholders' needs that are driving your business process automation initiatives while abiding by the risk and change appetite of your organization.

    Key Benefits Achieved

    Translate business priorities to the context of business process automation.

    Arrive at a common definition of business value.

    Come to an understanding of the needs, concerns, and problems of BPA stakeholders.

    Discover organizational risk and change tolerance and appetite.

    Activities

    1.1 Set the Business Context

    1.2 Understand Your Stakeholder Needs

    1.3 Build Your Risk & Change Profile

    Outputs

    Business problem, priorities, and business value definition

    Customer and end-user assessment (e.g. personas, customer journey)

    Risk and change profile

    2 Define Your BPA Objectives and Opportunities

    The Purpose

    Set reasonable and achievable expectations for your BPA initiatives and practices, and select the right BPA opportunities to meet these expectations.

    Key Benefits Achieved

    Align BPA objectives and metrics to your business priorities.

    Create guiding principles that support your organization’s and team’s culture.

    Define a vision of your target-state BPA practice

    Create a list of BPA opportunities that will help build your practice and meet business priorities.

    Activities

    2.1 Define Your BPA Expectations

    2.2 List Your Guiding Principles

    2.3 Envision Your BPA Target State

    2.4 Build Your Opportunity Backlog

    Outputs

    BPA problem statement, objectives, and metrics

    BPA guiding principles

    Desired scaled BPA target state

    Prioritized BPA opportunities

    3 Assess Your BPA Maturity

    The Purpose

    Evaluate the current state of your BPA practice and its readiness to support scaled and complex BPA solutions.

    Key Benefits Achieved

    List key capabilities to implement and optimize to meet the target state of your BPA practice.

    Brainstorm solutions to address the gaps in your BPA capabilities.

    Activities

    3.1 Assess Your BPA Maturity

    Outputs

    BPA maturity assessment

    4 Roadmap Your BPA Initiatives

    The Purpose

    Identify high-priority key initiatives to support your BPA objectives and goals, and establish the starting point of your BPA strategy.

    Key Benefits Achieved

    Create an achievable roadmap of BPA initiatives designed to deliver good practices and valuable automations.

    Perform a risk assessment of your BPA initiatives and create mitigations for high-priority risks.

    Find the starting point in the development of your BPA strategy.

    Activities

    4.1 Roadmap Your BPA Initiatives

    4.2 Assess and Mitigate Your Risks

    4.3 Complete Your BPA Strategy

    Outputs

    List of BPA initiatives and roadmap

    BPA initiative risk assessment

    Initial draft of your BPA strategy

    Slash Spending by Optimizing Your Software Maintenance and Support

    • Buy Link or Shortcode: {j2store}217|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Perpetual software maintenance (SW M&S) is an annual budget cost that increases almost yearly. You don’t really know if there is value in it, if its required by the vendor, or if there are opportunities for cost savings.
    • Most organizations never reap the full benefits of software M&S. They blindly send renewal fees to the vendor every year without validating their needs or the value of the maintenance. In addition, your vendor maintenance may be under contract and you aren’t sure what the obligations are for both parties.

    Our Advice

    Critical Insight

    • Analyzing the benefits contained within a vendor’s software M&S will provide the actual cost value of the M&S and whether there are critical support requirements vs. “nice to have” benefits.
    • Understanding the value and your requirement for M&S will allow you to make an informed decision on how best to optimize and reduce your annual software M&S spend.
    • Use a holistic approach when looking to reduce your software M&S spend. Review the entire portfolio for targeted reduction that will result in short- and long-term savings.
    • When targeting vendors to negotiate M&S price or coverage reduction, engaging them three to six months in advance of renewal will provide you with more time to effectively negotiate and not fall to the pressure of time.

    Impact and Result

    • Reduce annual costs for software maintenance and support.
    • Complete a value of investment (VOI) analysis of your software M&S for strategic vendors.
    • Maximize value of the software M&S by using all the benefits being paid for.
    • Right-size support coverage for your requirements.
    • Prioritize software vendors to target for cost reduction and optimization.

    Slash Spending by Optimizing Your Software Maintenance and Support Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to prioritize your software vendors and effectively target M&S for reduction, optimization, or elimination.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate

    Evaluate what software maintenance you are spending money.

    • Slash Spending by Optimizing Your Software Maintenance and Support – Phase 1: Evaluate
    • Software M&S Inventory and Prioritization Tool

    2. Establish

    Establish your software M&S requirements and coverage.

    • Slash Spending by Optimizing Your Software Maintenance and Support – Phase 2: Establish
    • Software Vendor Classification Tool

    3. Optimize

    Optimize your M&S spend, reduce or eliminate, where applicable.

    • Slash Spending by Optimizing Your Software Maintenance and Support – Phase 3: Optimize
    • Software M&S Value of Investment Tool
    • Software M&S Cancellation Decision Guide
    • Software M&S Executive Summary Template
    • Software M&S Cancellation Support Template
    [infographic]

    Tech Trend Update: If Digital Ethics Then Data Equity

    • Buy Link or Shortcode: {j2store}100|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    COVID-19 is driving the need for quick technology solutions, including some that require personal data collection. Organizations are uncertain about the right thing to do.

    Our Advice

    Critical Insight

    Data equity approaches personal data like money, putting the owner in control and helping to protect against unethical systems.

    Impact and Result

    There are some key considerations for businesses grappling with digital ethics:

    1. If partnering, set expectations.
    2. If building, invite criticism.
    3. If imbuing authority, consider the most vulnerable.

    Tech Trend Update: If Digital Ethics Then Data Equity Research & Tools

    Tech Trend Update: If Digital Ethics Then Data Equity

    Understand how to use data equity as an ethical guidepost to create technology that will benefit everyone.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Tech Trend Update: If Digital Ethics Then Data Equity Storyboard
    [infographic]

    Create an Agile-Friendly Project Gating and Governance Approach

    • Buy Link or Shortcode: {j2store}162|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $33,499 Average $ Saved
    • member rating average days saved: 57 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Organizations often apply gating and governance to IT projects to ensure resources are being used efficiently and effectively.
    • Agile project teams often complain that traditional project gating and governance interfere with their ability to delivery because traditional gating and governance were designed for Waterfall delivery methods.

    Our Advice

    Critical Insight

    Imposing a traditional gating and governance approach on an Agile project can eliminate the advantages that Agile delivery methods offer. Make sure to rework your traditional project gating and governance approach to be Agile friendly.

    Impact and Result

    • Create a project gating and governance approach that is Agile friendly and helps your organization realize the most benefit from its Agile transformation.
    • Oversee your Agile projects with confidence by adjusting the level of support and oversight they receive based on their Agilometer score.
    • Define a revised set of project gating artifacts that support Agile delivery methods.
    • Adopt a “trust but verify” approach to Agile project gating that will reduce risk and help ensure value delivery.

    Create an Agile-Friendly Project Gating and Governance Approach Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create an Agile-Friendly Project Gating and Governance Approach Deck – A step-by-step guide to creating an Agile-friendly project gating and governance approach that will support Agile delivery methods in your organization.

    This deck is a guide to creating your own Agile-friendly project gating and governance approach using Info-Tech’s Agile Gating Framework.

    • Create an Agile-Friendly Project Gating and Governance Approach – Phases 1-3

    2. Your Gates 3 and 3A Checklists – The Gates 3 and 3A Checklists are used to determine when a project is ready to enter and exit the Risk Reduction & Value Confirmation phase.

    Modify Info-Tech’s Gates 3 and 3A Checklists to meet your organization’s needs, and then use them to determine when Agile projects are ready to enter and exit the RRVC phase.

    • Gates 3 and 3A Checklists

    3. Your Agilometer – The Agilometer is used to determine a project’s readiness to use an Agile delivery method.

    Modify Info-Tech’s Agilometer to meet your organization’s needs, and then use it to determine the level of support and oversight the project will need.

    • Agilometer

    4. Your Agile Project Status Report – An Agile Status Report will be used to monitor project progress.

    Modify Info-Tech’s Agile Project Status Report to meet your organization’s needs, and then use it to monitor in-flight Agile projects.

    • Agile Project Status Report

    5. Project Burndown Chart – A tool to let you monitor project burndown over time.

    Use Info-Tech’s Project Burndown Chart to monitor the progress of your in-flight Agile projects.

    • Project Burndown Chart

    6. Traditional to Agile Gating Artifact Mapping – A tool to help you rework your project gating artifacts to be Agile-friendly.

    Use Info-Tech’s Traditional to Agile Gating Artifact Mapping tool to modify your gating artifacts for Agile projects.

    • Traditional to Agile Gating Artifact Mapping
    [infographic]

    Further reading

    Create an Agile-Friendly Project Gating and Governance Approach

    Use Info-Tech’s Agile Gating Framework as a guide to gating your Agile projects using a “trust but verify” approach.

    Table of Contents

    Analyst Perspective

    Executive Summary

    Phase 1: Establish Your Gating and Governance Purpose

    Phase 2: Understand and Adapt Info-Tech’s Agile Gating Framework

    Phase 3: Complete Your Agile Gating Framework

    Where Do I Go Next?

    Bibliography

    Facilitator Slides

    Analyst Perspective

    Make your gating and governance process Agile friendly by following a “trust but verify” approach

    Most project gating and governance approaches are designed for traditional (Waterfall) delivery methods. However, Agile delivery methods call for a different way of working that doesn’t align well with these approaches.

    Applying traditional project gating and governance to Agile projects is like trying to fit a square peg in a round hole. Not only will it make Agile project delivery less efficient, but in the extreme, it can lead to outright project failure and even derail your organization’s Agile transformation.

    If you want Agile to successfully take root in your organization, be prepared to rethink your current gating and governance practices. This document presents a framework that you can use to rework your approach to provide both effective oversight and support for your Agile projects.

    Photo of Alex Ciraco, Principal Research Director, Application Delivery and Management, Info-Tech Research Group. Alex Ciraco
    Principal Research Director,
    Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Many government organizations are adopting Agile project delivery methods because they have proven to be more effective than traditional delivery approaches at responding to today’s fast pace of change.
    • Government organizations have an obligation to govern projects to ensure effective use of public resources, regardless of the delivery method being used.
    Common Obstacles
    • Most government gating and governance frameworks were designed around traditional (often called “Waterfall”) delivery methods.
    • Agile and Waterfall work in completely different ways, so imposing traditional gating and governance frameworks on Agile projects will stifle progress and can even lead to project failure.
    • Government organizations must adjust their gating and governance frameworks to accommodate Agile delivery methods.
    Info-Tech’s Approach
    • Begin by understanding the fundamental purpose of project gating and governance.
    • Next, understand the major differences between Agile and Waterfall delivery methods.
    • Then, armed with this knowledge, use Info-Tech’s Agile Gating Framework to redefine your gating and governance approach to be Agile friendly.
    Info-Tech Insight

    Imposing a traditional governance approach on an Agile project can eliminate the advantages that Agile delivery methods offer. Make sure to rework your project gating and governance approach to be Agile friendly.

    Info-Tech’s methodology for Creating an Agile-Friendly Project Gating and Governance Approach

    1. Establish Your Gating and Governance Purpose 2. Understand and Adapt Info-Tech’s Agile Gating Framework 3. Complete your Agile Gating Framework
    Phase Steps

    1.1 Understand How We Gate and Govern Projects

    1.2 Compare Traditional to Agile Delivery

    1.3 Realize What Traditional Gating Looks Like and Why

    2.1 Understand How Agile Manages Risk and Ensures Value Delivery

    2.2 Introducing Info-Tech’s Agile Gating Framework

    2.3 Create Your Agilometer

    2.4 Create an Agile-Friendly Project Status Report

    2.5 Select Your Agile Health Check Tool

    3.1 Map Your Traditional Gating Artifacts to Agile Delivery

    3.2 Determine Your Now, Next, Later Roadmap for Implementation

    Phase Outcomes
    1. Your gating/governance purpose statement
    2. A fundamental understanding of the difference between traditional and Agile delivery methods.
    1. An understanding of Info-Tech’s Agile Gating Framework
    2. Your Gates 3 and 3A checklists
    3. Your Agilometer tool
    4. Your Agile project status report template
    5. Your Agile health check tool
    1. Artifact map for your Agile gating framework
    2. Roadmap for Agile gating implementation

    Key Deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals, including:

    Agilometer Tool

    Create your customized Agilometer tool to determine project support and oversight needs.
    Sample of the 'Agilometer Tool' deliverable.

    Gates 3 and 3A Checklists

    Create your customized checklists for projects at Gates 3 and 3A.
    Sample of the 'Gates 3 and 3A Checklists' deliverable.

    Agile-Friendly Project Status Report

    Create your Agile-friendly project status report to monitor progress.
    Sample of the 'Agile-Friendly Project Status Report' deliverable.

    Artifact Mapping Tool

    Map your traditional gating artifacts to their Agile replacements.
    Sample of the 'Artifact Mapping Tool' deliverable.

    Create an Agile-Friendly Project Gating and Governance Approach

    Phase 1

    Establish your gating and governance purpose

    Phase 1

    1.1 Understand How We Gate and Govern Projects

    1.2 Compare Traditional to Agile Delivery

    1.3 Realize What Traditional Gating Looks Like And Why

    Phase 2

    2.1 Understand How Agile Manages Risk and Ensures Value Delivery

    2.2 Introducing Info-Tech’s Agile Gating Framework

    2.3 Create Your Agilometer

    2.4 Create Your Agile-Friendly Project Status Report

    2.5 Select Your Agile Health Check Tool

    Phase 3

    3.1 Map Your Traditional Gating Artifacts to Agile Delivery

    3.2 Determine Your Now, Next, Later Roadmap for Implementation

    This phase will walk you through the following activities:

    • Understand why gating and governance are so important to your organization.
    • Compare and contrast traditional to Agile delivery.
    • Identify what form traditional gating takes in your organization.

    This phase involves the following participants:

    • PMO/Gating Body
    • Delivery Managers
    • Delivery Teams
    • Other Interested Parties

    Agile gating–related facts and figures

    73% of organizations created their project gating framework before adopting or considering Agile delivery practices. (Athens Journal of Technology and Engineering)

    71% of survey respondents felt an Agile-friendly gating approach improves both productivity and product quality. (Athens Journal of Technology and Engineering)

    Moving to an Agile-friendly gating approach has many benefits:
    • Faster response to change
    • Improved productivity
    • Higher team morale
    • Better product quality
    • Faster releases
    (Journal of Product Innovation Management)

    Traditional gating approaches can undermine an Agile project

    • Most existing gating and governance frameworks (often referred to as phase-gate) impose requirements on projects that are anti-patterns to an Agile delivery approach
    • For example, any gating approach that requires a project to deliver a detailed requirements document before coding can begin will make it difficult or impossible for the project to use an Agile delivery method.
    • The same can be said for other common phase-gate requirements including:
      • Imposing a formal (and onerous) change control process on project requirements.
      • Requiring a detailed design document and/or detailed user acceptance test plan at the beginning of the project.
      • Asking the project to produce a detailed project plan.
    (DZone)
    Don’t make the mistake of asking an Agile project to follow a traditional phase-gate approach to project delivery!

    Before reworking your gating approach, you need to consider two important questions

    Answering these questions will help guide your new gating process to both be Agile friendly and meet your organization’s needs

    1. What is the fundamental purpose of gating? By examining the fundamental purpose of gating, you will be better able to adjust your approach to achieve the desired outcomes in an Agile context.
    2. How does Agile delivery differ from traditional? By understanding how Agile delivery differs from traditional, you will be better able to adjust your gating approach to support Agile delivery methods.

    Stock image of speech bubbles hanging on string with a question mark and lightbulb drawn on them.

    Optimize the Service Desk With a Shift-Left Strategy

    • Buy Link or Shortcode: {j2store}478|cart{/j2store}
    • member rating overall impact (scale of 10): 9.4/10 Overall Impact
    • member rating average dollars saved: $21,171 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Tier 2 and 3 specialists lose time and resources working on tickets instead of more complex projects.
    • The service desk finds themselves resolving the same incidents over and over, wasting manual work on tasks that could be automated.
    • Employees expect modern, consumer-like experiences when they need help; they want to access information and resources from wherever they are and have the tools to solve their problems themselves without waiting for help.

    Our Advice

    Critical Insight

    • It can be difficult to overcome the mindset that difficult functions need to be escalated. Shift left involves a cultural change to the way the service desk works, and overcoming objections and getting buy-in up front is critical.
    • Many organizations have built a great knowledgebase but fail to see the value of it over time as it becomes overburdened with overlapping and out-of-date information. Knowledge capture, updating, and review must be embedded into your processes if you want to keep the knowledgebase useful.
    • Similarly, the self-service portal is often deployed out of the box with little input from end users and fails to deliver its intended benefits. The portal needs to be designed from the end user’s point of view with the goal of self-resolution if it will serve its purpose of deflecting tickets.

    Impact and Result

    • Embrace a shift-left strategy by moving repeatable service desk tasks and requests into lower-cost delivery channels such as self-help tools and automation.
    • Shift work from Tier 2 and 3 support to Tier 1 through good knowledge management practices that empower the first level of support with documented solutions to recurring issues and free up more specialized resources for project work and higher value tasks.
    • Shift knowledge from the service desk to the end user by enabling them to find their own solutions. A well-designed and implemented self-service portal will result in fewer logged tickets to the service desk and empowered, satisfied end users.
    • Shift away manual repetitive work through the use of AI and automation.
    • Successfully shifting this work left can reduce time to resolve, decrease support costs, and increase end-user satisfaction.

    Optimize the Service Desk With a Shift-Left Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand why a shift-left strategy can help to optimize your service desk, review Info-Tech's methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare to shift left

    Assess whether you’re ready to optimize the service desk with a shift-left strategy, get buy-in for the initiative, and define metrics to measure success.

    • Optimize the Service Desk With a Shift-Left Strategy – Phase 1: Prepare to Shift Left
    • Shift-Left Prerequisites Assessment
    • Shift-Left Strategy
    • Shift-Left Stakeholder Buy-In Presentation

    2. Design shift-left model

    Build strategy and identify specific opportunities to shift service support left to Level 1 through knowledge sharing and other methods, to the end-user through self-service, and to automation and AI.

    • Optimize the Service Desk With a Shift-Left Strategy – Phase 2: Design Shift Left Model
    • Shift-Left Action Plan
    • Knowledge Management Workflows (Visio)
    • Knowledge Management Workflows (PDF)
    • Self-Service Portal Checklist
    • Self-Service Resolution Workflow (Visio)
    • Self-Service Resolution Workflow (PDF)

    3. Implement and communicate

    Identify, track, and implement specific shift-left opportunities and document a communications plan to increase adoption.

    • Optimize the Service Desk With a Shift-Left Strategy – Phase 3: Implement & Communicate
    • Incident Management Workflow (Visio)
    • Incident Management Workflow (PDF)
    [infographic]

    Workshop: Optimize the Service Desk With a Shift-Left Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare to Shift Left

    The Purpose

    Define how shift left would apply in your organization, get buy-in for the initiative, and define metrics to measure success.

    Key Benefits Achieved

    Defined scope and objectives for the shift-left initiative

    Buy-in for the program

    Metrics to keep the project on track and evaluate success

    Activities

    1.1 Review current service desk structure

    1.2 Discuss challenges

    1.3 Review shift-left model and discuss how it would apply in your organization

    1.4 Complete the Shift-Left Prerequisites Assessment

    1.5 Complete a RACI chart for the project

    1.6 Define and document objectives

    1.7 Review the stakeholder buy-in presentation

    1.8 Document critical success factors

    1.9 Define KPIs and metrics

    Outputs

    Shift-left scope

    Completed shift-left prerequisites assessment

    RACI chart

    Defined objectives

    Stakeholder buy-in presentation

    Critical success factors

    Metrics to measure success

    2 Plan to Shift to Level 1

    The Purpose

    Build strategy and identify specific opportunities to shift service support left to Level 1 through knowledge sharing and other methods.

    Key Benefits Achieved

    Identified initiatives to shift work to Level 1

    Documented knowledge management process workflows and strategy

    Activities

    2.1 Identify barriers to Level 1 resolution

    2.2 Discuss knowledgebase challenges and areas for improvement

    2.3 Optimize KB input process

    2.4 Optimize KB usage process

    2.5 Optimize KB review process

    2.6 Discuss and document KCS strategy and roles

    2.7 Document knowledge success metrics

    2.8 Brainstorm additional methods of increasing FLR

    Outputs

    KB input workflow

    KB usage workflow

    KB review workflow

    KCS strategy and roles

    Knowledge management metrics

    Identified opportunities to shift to Level 1

    3 Plan to Shift to End User and Automation

    The Purpose

    Build strategy and identify specific opportunities to shift service support left to the end user through self-service and to automation and AI.

    Key Benefits Achieved

    Identified initiatives to shift work to self-service and automation

    Evaluation of self-service portal and identified opportunities for improvement

    Activities

    3.1 Review existing self-service portal and discuss vision

    3.2 Identify opportunities to improve portal accessibility, UI, and features

    3.3 Evaluate the user-facing knowledgebase

    3.4 Optimize the ticket intake form

    3.5 Document plan to improve, communicate, and evaluate portal

    3.6 Map the user experience with a workflow

    3.7 Document your AI strategy

    3.8 Identify candidates for automation

    Outputs

    Identified opportunities to improve portal

    Improvements to knowledgebase

    Improved ticket intake form

    Strategy to communicate and measure success of portal

    Self-service resolution workflow

    Strategy to apply AI and automation

    Identified opportunities to shift tasks to automation

    4 Build Implementation and Communication Plan

    The Purpose

    Build an action plan to implement shift left, including a communications strategy.

    Key Benefits Achieved

    Action plan to track and implement shift-left opportunities

    Communications plan to increase adoption

    Activities

    4.1 Examine process workflows for shift-left opportunities

    4.2 Document shift-left-specific responsibilities for each role

    4.3 Identify and track shift-left opportunities in the action plan

    4.4 Brainstorm objections and responses

    4.5 Document communications plan

    Outputs

    Incident management workflow with shift-left opportunities

    Shift left responsibilities for key roles

    Shift-left action plan

    Objection handling responses

    Communications plan

    2023-Q1 Research Agenda

    This 2023-Q1 research agenda slide deck provides you with a comprehensive overview of our most up-to-date published research. Each piece offers you valuable insights, allowing you to take effective decisions and informed actions. All TY|Info-tech research is backed by our team of expert analysts who share decades of IT and industry experience.

    Continue reading

    The Small Enterprise Guide to People and Resource Management

    • Buy Link or Shortcode: {j2store}602|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Train & Develop
    • Parent Category Link: /train-and-develop
    • 52% of small business owners agree that labor quality is their most important problem, and 76% of executives expect the talent market to get even more challenging.
    • The problem? You can't compete on salary, training budgets are slim, you need people skilled in all areas, and even one resignation represents a large part of your workforce.

    Our Advice

    Critical Insight

    • The usual, reactive approach to workforce management is risky:
      • Optimizing tactics helps you hire faster, train more, and negotiate better contracts.
      • But fulfilling needs as they arise costs more, has greater risk of failure, and leaves you unprepared for future needs.
    • In a small enterprise where every resource counts, in which one hire represents 10% of your workforce, it is essential to get it right.

    Impact and Result

    • Workforce planning helps you anticipate future needs.
    • More lead time means better decisions at lower cost.
    • Small Enterprises benefit most, since every resource counts.

    The Small Enterprise Guide to People and Resource Management Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. The Small Enterprise Guide to People and Resource Management Deck – Find out why workforce planning is critical for small enterprises.

    Use this storyboard to lay the foundation of people and resources management practices in your small enterprise IT department.

    • The Small Enterprise Guide to People and Resource Management – Phases 1-3

    2. Workforce Planning Workbook – Use the tool to successfully complete all of the activities required to define and estimate your workforce needs for the future.

    Use these concise exercises to analyze your department’s talent current and future needs and create a skill sourcing strategy to fill the gaps.

    • Workforce Planning Workbook for Small Enterprises

    3. Knowledge Transfer Tools – Use these templates to identify knowledge to be transferred.

    Work through an activity to discover key knowledge held by an employee and create a plan to transfer that knowledge to a successor.

    • IT Knowledge Identification Interview Guide Template
    • IT Knowledge Transfer Plan Template

    4. Development Planning Tools – Use these tools to determine priority development competencies.

    Assess employees’ development needs and draft a development plan that fits with key organizational priorities.

    • IT Competency Library
    • Leadership Competencies Workbook
    • IT Employee Career Development Workbook
    • Individual Competency Development Plan
    • Learning Methods Catalog for IT Employees

    Infographic

    Workshop: The Small Enterprise Guide to People and Resource Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay Your Foundations

    The Purpose

    Set project direction and analyze workforce needs.

    Key Benefits Achieved

    Planful needs analysis ensures future workforce supports organizational goals.

    Activities

    1.1 Set workforce planning goals and success metrics.

    1.2 Identify key roles and competency gaps.

    1.3 Conduct a risk analysis to identify future needs.

    1.4 Determine readiness of internal successors.

    Outputs

    Work with the leadership team to:

    Extract key business priorities.

    Set your goals.

    Assess workforce needs.

    2 Create Your Workforce Plan

    The Purpose

    Conduct a skill sourcing analysis, and determine competencies to develop internally.

    Key Benefits Achieved

    A careful analysis ensures skills are being sourced in the most efficient way, and internal development is highly aligned with organizational objectives.

    Activities

    2.1 Determine your skill sourcing route.

    2.2 Determine priority competencies for development.

    Outputs

    Create a workforce plan.

    2.Determine guidelines for employee development.

    3 Plan Knowledge Transfer

    The Purpose

    Discover knowledge to be transferred, and build a transfer plan.

    Key Benefits Achieved

    Ensure key knowledge is not lost in the event of a departure.

    Activities

    3.1 Discover knowledge to be transferred.

    3.2 Identify the optimal knowledge transfer methods.

    3.3 Create a knowledge transfer plan.

    Outputs

    Discover tacit and explicit knowledge.

    Create a knowledge transfer roadmap.

    4 Plan Employee Development

    The Purpose

    Create a development plan for all staff.

    Key Benefits Achieved

    A well-structured development plan helps engage and retain employees while driving organizational objectives.

    Activities

    4.1 Identify target competencies & draft development goals

    4.2 Select development activities and schedule check-ins.

    4.3 Build manager coaching skills.

    Outputs

    Assess employees.

    Prioritize development objectives.

    Plan development activities.

    Build management skills.

    Further reading

    The Small Enterprise Guide to People and Resource Management

    Quickly start getting the right people, with the right skills, at the right time

    Is this research right for you?

    Research Navigation

    Managing the people in your department is essential, whether you have three employees or 300. Depending on your available time, resources, and current workforce management maturity, you may choose to focus on the overall essentials, or dive deep into particular areas of talent management. Use the questions below to help guide you to the right Info-Tech resources that best align with your current needs.

    Question If you answered "no" If you answered "yes"

    Does your IT department have fewer than 15 employees, and is your organization's revenue less than $25 million (USD)?

    Review Info-Tech's archive of research for mid-sized and large enterprise clients.

    Follow the guidance in this blueprint.

    Does your organization require a more rigorous and customizable approach to workforce management?

    Follow the guidance in this blueprint.

    Review Info-Tech's archive of research for mid-sized and large enterprise clients.

    Analyst Perspective

    Workforce planning is even more important for small enterprises than large organizations.

    It can be tempting to think of workforce planning as a bureaucratic exercise reserved for the largest and most formal of organizations. But workforce planning is never more important than in small enterprises, where every individual accounts for a significant portion of your overall productivity.

    Without workforce planning, organizations find themselves in reactive mode, hiring new staff as the need arises. They often pay a premium for having to fill a position quickly or suffer productivity losses when a critical role goes unexpectedly vacant.

    A workforce plan helps you anticipate these challenges, come up with solutions to mitigate them, and allocate resources for the most impact, which means a greater return on your workforce investment in the long run.

    This blueprint will help you accomplish this quickly and efficiently. It will also provide you with the essential development and knowledge transfer tools to put your plan into action.

    This is a picture of Jane Kouptsova

    Jane Kouptsova
    Senior Research Analyst, CIO Advisory
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    52% of small business owners agree that labor quality is their most important problem.1

    Almost half of all small businesses face difficulty due to staff turnover.

    76% of executives expect the talent market to get even more challenging.2

    Common Obstacles

    76% of executives expect workforce planning to become a top strategic priority for their organization.2

    But…

    30% of small businesses do not have a formal HR function.3

    Small business leaders are often left at a disadvantage for hiring and retaining the best talent, and they face even more difficulty due to a lack of support from HR.

    Small enterprises must solve the strategic workforce planning problem, but they cannot invest the same time or resources that large enterprises have at their disposal.

    Info-Tech's Approach

    A modular, lightweight approach to workforce planning and talent management, tailored to small enterprises

    Clear activities that guide your team to decisive action

    Founded on your IT strategy, ensuring you have not just good people, but the right people

    Concise yet comprehensive, covering the entire workforce lifecycle from competency planning to development to succession planning and reskilling

    Info-Tech Insight

    Every resource counts. When one hire represents 10% of your workforce, it is essential to get it right.

    1CNBC & SurveyMonkey. 2ADP. 3Clutch.

    Labor quality is small enterprise's biggest challenge

    The key to solving it is strategic workforce planning

    Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in today's workforce, including pinpointing the human capital needs of the future.

    Linking workforce planning with strategic planning ensures that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

    SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

    52%

    of small business owners agree that labor quality is their most important problem.1

    30%

    30% of small businesses have no formal HR function.2

    76%

    of senior leaders expect workforce planning to become the top strategic challenge for their organization.3

    1CNBC & SurveyMonkey. 2Clutch. 3ADP.

    Workforce planning matters more for small enterprises

    You know that staffing mistakes can cost your department dearly. But did you know the costs are greater for small enterprises?

    The price of losing an individual goes beyond the cost of hiring a replacement, which can range from 0.5 to 2 times that employee's salary (Gallup, 2019). Additional costs include loss of productivity, business knowledge, and team morale.

    This is a major challenge for large organizations, but the threat is even greater for small enterprises, where a single individual accounts for a large proportion of IT's productivity. Losing one of a team of 10 means 10% of your total output. If that individual was solely responsible for a critical function, your department now faces a significant gap in its capabilities. And the effect on morale is much greater when everyone is on the same close-knit team.

    And the threat continues when the staffing error causes you not to lose a valuable employee, but to hire the wrong one instead. When a single individual makes up a large percentage of your workforce, as happens on small teams, the effects of talent management errors are magnified.

    A group of 100 triangles is shown above a group of 10 triangles. In each group, one triangle is colored orange, and the rest are colored blue.

    Info-Tech Insight

    One bad hire on a team of 100 is a problem. One bad hire on a team of 10 is a disaster.

    This is an image of Info-Tech's small enterprise guide o people and resource management.

    Blueprint pre-step: Determine your starting point

    People and Resource management is essential for any organization. But depending on your needs, you may want to start at different stages of the process. Use this slide as a quick reference for how the activities in this blueprint fit together, how they relate to other workforce management resources, and the best starting point for you.

    Your IT strategy is an essential input to your workforce plan. It defines your destination, while your workforce is the vessel that carries you there. Ensure you have at least an informal strategy for your department before making major workforce changes, or review Info-Tech's guidance on IT strategy.

    This blueprint covers the parts of workforce management that occur to some extent in every organization:

    • Workforce planning
    • Knowledge transfer
    • Development planning

    You may additionally want to seek guidance on contract and vendor management, if you outsource some part of your workload outside your core IT staff.

    Track metrics

    Consider these example metrics for tracking people and resource management success

    Project Outcome Metric Baseline Target
    Reduced training costs Average cost of training (including facilitation, materials, facilities, equipment, etc.) per IT employee
    Reduced number of overtime hours worked Average hours billed at overtime rate per IT employee
    Reduced length of hiring period Average number of days between job ad posting and new hire start date
    Reduced number of project cancellations due to lack of capacity Total of number of projects cancelled per year
    Increased number of projects completed per year (project throughput) Total number of project completions per year
    Greater net recruitment rate Number of new recruits/Number of terminations and departures
    Reduced turnover and replacement costs Total costs associated with replacing an employee, including position coverage cost, training costs, and productivity loss
    Reduced voluntary turnover rate Number of voluntary departures/Total number of employees
    Reduced productivity loss following a departure or termination Team or role performance metrics (varies by role) vs. one year ago

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1:

    Scope requirements, objectives, and your specific challenges.

    Call #2: Assess current workforce needs.

    Call #4: Determine skill sourcing route.

    Call #6:

    Identify knowledge to be transferred.

    Call #8: Draft development goals and select activities.

    Call #3: Explore internal successor readiness.

    Call #5:Set priority development competencies.

    Call #7: Create a knowledge transfer plan.

    Call #9: Build managers' coaching & feedback skills.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 4 to 6 calls over the course of 3 to 4 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    1.Lay Your Foundations 2. Create Your Workforce Plan 3. Plan Knowledge Transfer 3. Plan Employee Development Next Steps and Wrap-Up (offsite)
    Activities

    1.1 Set workforce planning goals and success metrics

    1.2 Identify key roles and competency gaps

    1.3 Conduct a risk analysis to identify future needs

    1.4 Determine readiness of internal successors

    1.5 Determine your skill sourcing route

    1.6 Determine priority competencies for development

    3.1 Discover knowledge to be transferred

    3.2 Identify the optimal knowledge transfer methods

    3.3 Create a knowledge transfer plan

    4.1 Identify target competencies & draft development goals

    4.2 Select development activities and schedule check-ins

    4.3 Build manager coaching skills

    Outcomes

    Work with the leadership team to:

    1. Extract key business priorities
    2. Set your goals
    3. Assess workforce needs

    Work with the leadership team to:

    1. Create a workforce plan
    2. Determine guidelines for employee development

    Work with staff and managers to:

    1. Discover tacit and explicit knowledge
    2. Create a knowledge transfer roadmap

    Work with staff and managers to:

    1. Assess employees
    2. Prioritize development objectives
    3. Plan development activities
    4. Build management skills

    Info-Tech analysts complete:

    1. Workshop report
    2. Workforce plan record
    3. Action plan

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Each onsite day is structured with group working sessions from 9-11 a.m. and 1:30-3:30 p.m. and includes Open Analyst Timeslots, where our facilitators are available to expand on scheduled activities, capture and compile workshop results, or review additional components from our comprehensive approach.

    This is a calendar showing days 1-4, and times from 8am-5pm

    Phase 1

    Workforce Planning

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership team
    • Managers
    • Human resource partner (if applicable)

    Additional Resources

    Workforce Planning Workbook for Small Enterprises

    Phase pre-step: Gather resources and participants

    1. Ensure you have an up-to-date IT strategy. If you don't have a formal strategy in place, ensure you are aware of the main organizational objectives for the next 3-5 years. Connect with executive stakeholders if necessary to confirm this information.
      If you are not sure of the organizational direction for this time frame, we recommend you consult Info-Tech's material on IT strategy first, to ensure your workforce plan is fully positioned to deliver value to the organization.
    2. Consult with your IT team and gather any documentation pertaining to current roles and skills. Examples include an org chart, job descriptions, a list of current tasks performed/required, a list of company competencies, and a list of outsourced projects.
    3. Gather the right participants. Most of the decisions in this section will be made by senior leadership, but you will also need input from front-line managers. Ensure they are available on an as-needed basis. If your organization has an HR partner, it can also be helpful to involve them in your workforce planning process.

    Formal workforce planning benefits even small teams

    Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in your workforce today and plan for the human capital needs of the future.

    Your workforce plan is an extension of your IT strategy, ensuring that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

    SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

    The smaller the business, the more impact each individual's performance has on the overall success of the organization. When a given role is occupied by a single individual, the organization's performance in that function is determined wholly by one employee. Creating a workforce plan for a small team may seem excessive, but it ensures your organization is not unexpectedly hit with a critical competency gap.

    Right-size your workforce planning process to the size of your enterprise

    Small organizations are 2.2 times more likely to have effective workforce planning processes.1 Be mindful of the opportunities and risks for organizations of your size as you execute the project. How you build your workforce plan will not change drastically based on the size of your organization; however, the scope of your initiative, the size of your team, and the tactics you employ may vary.

    Small Organization

    Medium Organization

    Large Organization

    Project Opportunities

    • Project scope is much more manageable.
    • Communication and planning can be more manageable.
    • Fewer roles can clarify prioritization needs and promotability.
    • Project scope is more manageable.
    • Moderate budget for workforce planning initiatives is needed.
    • Communication and enforcement is easier.
    • Larger candidate pool to pull from.
    • Greater career path options for staff.
    • In-house expertise may be available

    Project Risks

    • Limited resources and time to execute the project.
    • In-house expertise is unlikely.
    • Competencies may be informal and not documented.
    • Limited overlap in responsibilities, resulting in fewer redundancies.
    • Limited staff with experience for the project.
    • Workforce planning may be a lower priority and difficult to generate buy-in for.
    • Requires more staff to manage workforce plan and execute initiatives.
    • Less collective knowledge on staff strengths may make career planning difficult.
    • Geographically dispersed business units make collaboration and communication difficult.

    1 McLean & Company Trends Report 2014

    1.1 Set project outcomes and success metrics

    1-3 hours

    1. As a group, brainstorm key pain points that the IT department experiences due to the lack of a workforce plan. Ask them to consider turnover, retention, training, and talent acquisition.
    2. Discuss any key themes that arise and brainstorm your desired project outcomes. Keep a record of these for future reference and to aid in stakeholder communication.
    3. Break into smaller groups (or if too small, continue as a single group):
      1. For each desired outcome, consider what metrics you could use to track progress. Keep your initial list of pain points in mind as you brainstorm metrics.
      2. Write each of the metric suggestions on a whiteboard and agree to track 3-5 metrics. Set targets for each metric. Consider the effort required to obtain and track the metric, as well as its reliability.
      3. Assign one individual for tracking the selected metrics. Following the meeting, that individual will be responsible for identifying the baseline and targets, and reporting on metrics progress.

    Input

    Output

    • List of workforce data available
    • List of workforce metrics to track the workforce plan's impact

    Materials

    Participants

    • Whiteboard/flip charts
    • Leadership team
    • Human resource partner (if applicable)

    1.2 Identify key roles and competency gaps

    1-3 hours

    1. As a group, identify all strategic, core, and supporting roles by reviewing the organizational chart:
      1. Strategic: What are the roles that must be filled by top performers and cannot be left vacant in order to meet strategic objectives?
      2. Core: What roles are important to drive operational excellence?
      3. Supporting: What roles are required for day-to-day work, but are low risk if the role is vacant for a period of time?
    2. Working individually or in small groups, have managers for each identified role define the level of competence required for the job. Consider factors such as:
      1. The difficulty or criticality of the tasks being performed
      2. The impact on job outcomes
      3. The impact on the performance of other employees
      4. The consequence of errors if the competency is not present
      5. How frequently the competency is used on the job
      6. Whether the competency is required when the job starts or can be learned or acquired on the job within the first six months
    3. Continue working individually and rate the level of proficiency of the current incumbent.
    4. As a group, review the assessment and make any adjustments.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    Download the Workforce Planning Workbook for Small Enterprises

    1.2 Identify key roles and competency gaps

    Input Output
    • Org chart, job descriptions, list of current tasks performed/required, list of company competencies
    • List of competency gaps for key roles
    Materials Participants
    • Leadership team
    • Managers

    Conduct a risk-of-departure analysis

    A risk-of-departure analysis helps you plan for future talent needs by identifying which employees are most likely to leave the organization (or their current role).

    A risk analysis takes into account two factors: an employee's risk for departure and the impact of departure:

    Employees are high risk for departure if they:

    • Have specialized or in-demand skills (tenured employees are more likely to have this than recent hires)
    • Are nearing retirement
    • Have expressed career aspirations that extend outside your organization
    • Have hit a career development ceiling at your organization
    • Are disengaged
    • Are actively job searching
    • Are facing performance issues or dismissal OR promotion into a new role

    Employees are low risk for departure if they:

    • Are a new hire or new to their role
    • Are highly engaged
    • Have high potential
    • Are 5-10 years out from retirement

    If you are not sure where an employee stands with respect to leaving the organization, consider having a development conversation with them. In the meantime, consider them at medium risk for departure.

    To estimate the impact of departure, consider:

    • The effect of losing the employee in the near- and medium-term, including:
      • Impact on the organization, department, unit/team and projects
      • The cost (in time, resources, and productivity loss) to replace the individual
      • The readiness of internal successors for the role

    1.3 Conduct a risk analysis to identify future needs

    1-3 hours

    Preparation: Your estimation of whether key employees are at risk of leaving the organization will depend on what you know of them objectively (skills, age), as well as what you learn from development conversations. Ensure you collect all relevant information prior to conducting this activity. You may need to speak with employees' direct managers beforehand or include them in the discussion.

    • As a group, list all your current employees, and using the previous slide for guidance, rank them on two parameters: risk of departure and impact of departure, on a scale of low to high. Record your conclusions in a chart like the one on the right. (For a more in-depth risk assessment, use the "Risk Assessment Results" tab of the Key Roles Succession Planning Tool.)
    • Employees that fall in the "Mitigate" quadrant represent key at-risk roles with at least moderate risk and moderate impact. These are your succession planning priorities. Add these roles to your list of key roles and competency gaps, and include them in your workforce planning analysis.
    • Employees that fall in the "Manage" quadrants represent secondary priorities, which should be looked at if there is capacity after considering the "Mitigate" roles.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    This is an image of the Risk analysis for risk of departure to importance of departure.

    Info-Tech Insight

    Don't be afraid to rank most or all your staff as "high impact of departure." In a small enterprise, every player counts, and you must plan accordingly.

    1.3 Conduct a risk analysis to identify future needs

    Input Output
    • Employee data on competencies, skills, certifications, and performance. Input from managers from informal development conversations.
    • A list of first- and second-priority at-risk roles to carry forward into a succession planning analysis
    Materials Participants
    • Leadership team
    • Managers

    Determine your skill sourcing route

    The characteristics of need steer hiring managers to a preferred choice, while the marketplace analysis will tell you the feasibility of each option.

    Sourcing Options

    Preferred Options

    Final Choice

    four blue circles

    A right facing arrow

    Two blue circles A right facing arrow One blue circle
    State of the Marketplace

    State of the Marketplace

    Urgency: How soon do we need this skill? What is the required time-to-value?

    Criticality: How critical, i.e. core to business goals, are the services or systems that this skill will support?

    Novelty: Is this skill brand new to our workforce?

    Availability: How often, and at what hours, will the skill be needed?

    Durability: For how long will this skill be needed? Just once, or indefinitely for regular operations?

    Scarcity: How popular or desirable is this skill? Do we have a large enough talent pool to draw from? What competition are we facing for top talent?

    Cost: How much will it cost to hire vs. contract vs. outsource vs. train this skill?

    Preparedness: Do we have internal resources available to cultivate this skill in house?

    1.4 Determine your skill sourcing route

    1-3 hours

    1. Identify the preferred sourcing method as a group, starting with the most critical or urgent skill need on your list. Use the characteristics of need to guide your discussion. If more than one option seems adequate, carry several over to the next step.
    2. Consider the marketplace factors applicable to the skill in question and use these to narrow down to one final sourcing decision.
      1. If it is not clear whether a suitable internal candidate is available or ready, refer to the next activity for a readiness assessment.
    3. Be sure to document the rationale supporting your decision. This will ensure the decision can be clearly communicated to any stakeholders, and that you can review on your decision-making process down the line.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    Info-Tech Insight

    Consider developing a pool of successors instead of pinning your hopes on just one person. A single pool of successors can be developed for either one key role that has specialized requirements or even multiple key roles that have generic requirements.

    Input

    Output

    • List of current and upcoming skill gaps
    • A sourcing decision for each skill

    Materials

    Participants

    • Leadership team
    • Human resource partner (if applicable)

    1.5 Determine readiness of internal successors

    1-3 hours

    1. As a group, and ensuring you include the candidates' direct managers, identify potential successors for the first role on your list.
    2. Ask how effectively the potential successor would serve in the role today. Review the competencies for the key role in terms of:
      1. Relationship-building skills
      2. Business skills
      3. Technical skills
      4. Industry-specific skills or knowledge
    3. Determine what competencies the succession candidate currently has and what must be learned. Be sure you know whether the candidate is open to a career change. Don't assume – if this is not clear, have a development conversation to ensure everyone is on the same page.
    4. Finally, determine how difficult it will be for the successor to acquire missing skills or knowledge, whether the resources are available to provide the required development, and how long it will take to provide it.
    5. As a group, decide whether training an internal successor is a viable option for the role in question, considering the successor's readiness and the characteristics of need for the role. If a clear successor is not readily apparent, consider:
      1. If the development of the successor can be fast-tracked, or if some requirements can be deprioritized and the successor provided with temporary support from other employees.
      2. If the role in question is being discussed because the current incumbent is preparing to leave, consider negotiating an arrangement that extends the incumbent's employment tenure.
    6. Record the decision and repeat for the next role on your list.

    Info-Tech Insight

    A readiness assessment helps to define not just development needs, but also any risks around the organization's ability to fill a key role.

    Input

    Output

    • List of roles for which you are considering training internally
    • Job descriptions and competency requirements for the roles
    • List of roles for which internal successors are a viable option

    Materials

    Participants

    • Leadership team
    • Candidates' direct managers, if applicable

    Use alternative work arrangements to gain time to prepare successors

    Alternative work arrangements are critical tools that employers can use to achieve a mutually beneficial solution that mitigates the risk of loss associated with key roles.

    Alternative work arrangements not only support employees who want to keep working, but more importantly, they allow the business to retain employees that are needed in key roles who are departure risks due to retirement.

    Viewing retirement as a gradual process can help you slow down skill loss in your organization and ensure you have sufficient time to train successors. Retiring workers are becoming increasingly open to alternative work arrangements. Among employed workers aged 50-75, more than half planned to continue working part-time after retirement.
    Source: Statistics Canada.

    Flexible work options are the most used form of alternative work arrangement

    A bar graph showing the percent of organizations who implemented alternate work arrangement, for Flexible work options; Contract based work; Part time roles; Graduated retirement programs; Part year jobs or job sharing; Increased PTO for employees over a certain age.

    Source: McLean & Company, N=44

    Choose the alternative work arrangement that works best for you and the employee

    Alternative Work Arrangement Description Ideal Use Caveats
    Flexible work options Employees work the same number of hours but have flexibility in when and where they work (e.g. from home, evenings). Employees who work fairly independently with no or few direct reports. Employee may become isolated or disconnected, impeding knowledge transfer methods that require interaction or one-on-one time.
    Contract-based work Working for a defined period of time on a specific project on a non-salaried or non-wage basis. Project-oriented work that requires specialized knowledge or skills. Available work may be sporadic or specific projects more intensive than the employee wants. Knowledge transfer must be built into the contractual arrangement.
    Part-time roles Half days or a certain number of days per week; indefinite with no end date in mind. Employees whose roles can be readily narrowed and upon whom people and critical processes are not dependent. It may be difficult to break a traditionally full-time job down into a part-time role given the size and nature of associated tasks.
    Graduated retirement Retiring employee has a set retirement date, gradually reducing hours worked per week over time. Roles where a successor has been identified and is available to work alongside the incumbent in an overlapping capacity while he or she learns. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

    Choose the alternative work arrangement that works best for you and the employee

    Alternative Work Arrangement Description Ideal Use Caveats
    Part-year jobs or job sharing Working part of the year and having the rest of the year off, unpaid. Project-oriented work where ongoing external relationships do not need to be maintained. The employee is unavailable for knowledge transfer activities for a large portion of the year. Another risk is that the employee may opt not to return at the end of the extended time off with little notice.
    Increased paid time off Additional vacation days upon reaching a certain age. Best used as recognition or reward for long-term service. This may be a particularly useful retention incentive in organizations that do not offer pension plans. The company may not be able to financially afford to pay for such extensive time off. If the role incumbent is the only one in the role, this may mean crucial work is not being done.
    Altered roles Concentration of a job description on fewer tasks that allows the employee to focus on his or her specific expertise. Roles where a successor has been identified and is available to work alongside the incumbent, with the incumbent's new role highly focused on mentoring. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

    Phase 2

    Knowledge Transfer

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership/management team
    • Incumbent & successor

    Additional Resources

    IT Knowledge Identification Interview Guide Template

    Knowledge Transfer Plan Template

    Determine your skill sourcing route

    Knowledge transfer plans have three key components that you need to complete for each knowledge source:

    Define what knowledge needs to be transferred

    Each knowledge source has unique information which needs to be transferred. Chances are you don't know what you don't know. The first step is therefore to interview knowledge sources to find out.

    Identify the knowledge receiver

    Depending on who the information is going to, the knowledge transfer tactic you employ will differ. Before deciding on the knowledge receiver and tactic, consider three key factors:

    • How will this knowledge be used in the future?
    • What is the next career step for the knowledge receiver?
    • Are the receiver and the source going to be in the same location?

    Identify which knowledge transfer tactics you will use for each knowledge asset

    Not all tactics are good in every situation. Always keep the "knowledge type" (information, process, skills, and expertise), knowledge sources' engagement level, and the knowledge receiver in mind as you select tactics.

    Don't miss tacit knowledge

    There are two basic types of knowledge: "explicit" and "tacit." Ensure you capture both to get a well-rounded overview of the role.

    Explicit Tacit
    • "What knowledge" – knowledge can be articulated, codified, and easily communicated.
    • Easily explained and captured – documents, memos, speeches, books, manuals, process diagrams, facts, etc.
    • Learn through reading or being told.
    • "How knowledge" – intangible knowledge from an individual's experience that is more from the process of learning, understanding, and applying information (insights, judgments, and intuition).
    • Hard to verbalize, and difficult to capture and quantify.
    • Learn through observation, imitation, and practice.

    Types of explicit knowledge

    Types of tacit knowledge

    Information Process Skills Expertise

    Specialized technical knowledge.

    Unique design capabilities/methods/models.

    Legacy systems, details, passwords.

    Special formulas/algorithms/ techniques/contacts.

    • Specialized research & development processes.
    • Proprietary production processes.
    • Decision-making processes.
    • Legacy systems.
    • Variations from documented processes.
    • Techniques for executing on processes.
    • Relationship management.
    • Competencies built through deliberate practice enabling someone to act effectively.
    • Company history and values.
    • Relationships with key stakeholders.
    • Tips and tricks.
    • Competitor history and differentiators.

    e.g. Knowing the lyrics to a song, building a bike, knowing the alphabet, watching a YouTube video on karate.

    e.g. Playing the piano, riding a bike, reading or speaking a language, earning a black belt in karate.

    Embed your knowledge transfer methods into day-to-day practice

    Multiple methods should be used to transfer as much of a person's knowledge as possible, and mentoring should always be one of them. Select your method according to the following criteria:

    Info-Tech Insight

    The more integrated knowledge transfer is in day-to-day activities, the more likely it is to be successful, and the lower the time cost. This is because real learning is happening at the same time real work is being accomplished.

    Type of Knowledge

    • Tacit knowledge transfer methods are often informal and interactive:
      • Mentoring
      • Multi-generational work teams
      • Networks and communities
      • Job shadowing
    • Explicit knowledge transfer methods tend to be more formal and one way:
      • Formal documentation of processes and best practices
      • Self-published knowledge bases
      • Formal training sessions
      • Formal interviews

    Incumbent's Preference/Successor's Preference

    Ensure you consult the employees, and their direct manager, on the way they are best prepared to teach and learn. Some examples of preferences include:

    1. Prefer traditional classroom learning, augmented with participation, critical reflection, and feedback.
    2. May get bored during formal training sessions and retain more during job shadowing.
    3. Prefer to be self-directed or self-paced, and highly receptive to e-learning and media.
    4. Prefer informal, incidental learning, tend to go immediately to technology or direct access to people. May have a short attention span and be motivated by instant results.
    5. May be uncomfortable with blogs and wikis, but comfortable with SharePoint.

    Cost

    Consider costs beyond the monetary. Some methods require an investment in time (e.g. mentoring), while others require an investment in technology (e.g. knowledge bases).

    The good news is that many supporting technologies may already exist in your organization or can be acquired for free.

    Methods that cost time may be difficult to get underway since employees may feel they don't have the time or must change the way they work.

    2.1 Create a knowledge transfer plan

    1-3 hours

    1. Working together with the current incumbent, brainstorm the key information pertaining to the role that you want to pass on to the successor. Use the IT Knowledge Identification Interview Guide Template to ensure you don't miss anything.
      • Consider key knowledge areas, including:
        • Specialized technical knowledge.
        • Specialized research and development processes.
        • Unique design capabilities/methods/models.
        • Special formulas/algorithms/techniques.
        • Proprietary production processes.
        • Decision-making criteria.
        • Innovative sales methods.
        • Knowledge about key customers.
        • Relationships with key stakeholders.
        • Company history and values.
      • Ask questions of both sources and receivers of knowledge to help determine the best knowledge transfer methods to use.
        • What is the nature of the knowledge? Explicit or tacit?
        • Why is it important to transfer?
        • How will the knowledge be used?
        • What knowledge is critical for success?
        • How will the users find and access it?
        • How will it be maintained and remain relevant and usable?
        • What are the existing knowledge pathways or networks connecting sources to recipients?
    2. Once the knowledge has been identified, use the information on the following slides to decide on the most appropriate methods. Be sure to consult the incumbent and successor on their preferences.
    3. Prioritize your list of knowledge transfer activities. It's important not to try to do too much too quickly. Focus on some quick wins and leverage the success of these initiatives to drive the project forward. Follow these steps as a guide:
      1. Take an inventory of all the tactics and techniques which you plan to employ. Eliminate redundancies where possible.
      2. Start your implementation with your highest risk role or knowledge item, using explicit knowledge transfer tactics. Interviews, use cases, and process mapping will give you some quick wins and will help gain momentum for the project.
      3. Then move forward to other tactics, the majority of which will require training and process design. Pick 1-2 other key tactics you would like to employ and build those out. For tactics that require resources or monetary investment, start with those that can be reused for multiple roles.

    Record your plan in the IT Knowledge Transfer Plan Template.

    Download the IT Knowledge Identification Interview Guide Template

    Download the Knowledge Transfer Plan Template

    Info-Tech Insight

    Wherever possible, ask employees about their personal learning styles. It's likely that a collaborative compromise will have to be struck for knowledge transfer to work well.

    2.1 Create a knowledge transfer plan

    Input

    Output

    • List of roles for which you need to transfer knowledge
    • Prioritized list of knowledge items and chosen transfer method

    Materials

    Participants

    • Leadership team
    • Incumbent
    • Successor

    Not every transfer method is effective for every type of knowledge

    Knowledge Type
    Tactic Explicit Tacit
    Information Process Skills Expertise
    Interviews Very Strong Strong Strong Strong
    Process Mapping Medium Very Strong Very Weak Very Weak
    Use Cases Medium Very Strong Very Weak Very Weak
    Job Shadow Very Weak Medium Very Strong Very Strong
    Peer Assist Strong Medium Very Strong Very Strong
    Action Review Medium Medium Strong Strong
    Mentoring Weak Weak Strong Very Strong
    Transition Workshop Strong Strong Strong Weak
    Storytelling Weak Weak Strong Very Strong
    Job Share Weak Weak Very Strong Very Strong
    Communities of Practice Strong Weak Very Strong Very Strong

    This table shows the relative strengths and weaknesses of each knowledge transfer tactic compared against four different knowledge types.

    Not all techniques are effective for all types of knowledge; it is important to use a healthy mixture of techniques to optimize effectiveness.

    Employees' engagement can impact knowledge transfer effectiveness

    Level of Engagement
    Tactic Disengaged/ Indifferent Almost Engaged - Engaged
    Interviews Yes Yes
    Process Mapping Yes Yes
    Use Cases Yes Yes
    Job Shadow No Yes
    Peer Assist Yes Yes
    Action Review Yes Yes
    Mentoring No Yes
    Transition Workshop Yes Yes
    Storytelling No Yes
    Job Share Maybe Yes
    Communities of Practice Maybe Yes

    When considering which tactics to employ, it's important to consider the knowledge holder's level of engagement. Employees who you would identify as being disengaged may not make good candidates for job shadowing, mentoring, or other tactics where they are required to do additional work or are asked to influence others.

    Knowledge transfer can be controversial for all employees as it can cause feelings of job insecurity. It's essential that motivations for knowledge transfer are communicated effectively.

    Pay particular attention to your communication style with disengaged and indifferent employees, communicate frequently, and tie communication back to what's in it for them.

    Putting disengaged employees in a position where they are mentoring others can be a risk, as their negativity could influence others not to participate, or it could negate the work you're doing to create a positive knowledge sharing culture.

    Employees' engagement can impact knowledge transfer effectiveness

    Effort by Stakeholder

    Tactic

    Business Analyst

    IT Manager

    Knowledge Holder

    Knowledge Receiver

    Interviews

    These tactics require the least amount of effort, especially for organizations that are already using these tactics for a traditional requirements gathering process.

    Medium

    N/A

    Low

    Low

    Process Mapping

    Medium

    N/A

    Low

    Low

    Use Cases

    Medium

    N/A

    Low

    Low

    Job Shadow

    Medium

    Medium

    Medium

    Medium

    Peer Assist

    Medium

    Medium

    Medium

    Medium

    Action Review

    These tactics generally require more involvement from IT management and the BA in tandem for preparation. They will also require ongoing effort for all stakeholders. It's important to gain stakeholder buy-in as it is key for success.

    Low

    Medium

    Medium

    Low

    Mentoring

    Medium

    High

    High

    Medium

    Transition Workshop

    Medium

    Low

    Medium

    Low

    Storytelling

    Medium

    Medium

    Low

    Low

    Job Share

    Medium

    High

    Medium

    Medium

    Communities of Practice

    High

    Medium

    Medium

    Medium

    Phase 3

    Development Planning

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership team
    • Managers
    • Employees

    Additional Resources

    Effective development planning hinges on robust performance management

    Your performance management framework is rooted in organizational goals and defines what it means to do any given role well.

    Your organization's priority competencies are the knowledge, skills and attributes that enable an employee to do the job well.

    Each individual's development goals are then aimed at building these priority competencies.

    Mission Statement

    To be the world's leading manufacturer and distributor of widgets.

    Business Goal

    To increase annual revenue by 10%.

    IT Department Objective

    To ensure reliable communications infrastructure and efficient support for our sales and development teams.

    Individual Role Objective

    To decrease time to resolution of support requests by 10% while maintaining quality.

    Info-Tech Insight

    Without a performance management framework, your employees cannot align their development with the organization's goals. For detailed guidance, see Info-Tech's blueprint Setting Meaningful Employee Performance Measures.

    What is a competency?

    The term "competency" refers to the collection of knowledge, skills, and attributes an employee requires to do a job well.

    Often organizations have competency frameworks that consist of core, leadership, and functional competencies.

    Core competencies apply to every role in the organization. Typically, they are tied to organizational values and business mission and/or vision.

    Functional competencies are at the department, work group, or job role levels. They are a direct reflection of the function or type of work carried out.

    Leadership competencies generally apply only to people managers in the organization. Typically, they are tied to strategic goals in the short to medium term

    Generic Functional
    • Core
    • Leadership
    • IT
    • Finance
    • Sales
    • HR

    Use the SMART model to make sure goals are reasonable and attainable

    S

    Specific: Be specific about what you want to accomplish. Think about who needs to be involved, what you're trying to accomplish, and when the goal should be met.

    M

    Measurable: Set metrics that will help to determine whether the goal has been reached.

    A

    Achievable: Ensure that you have both the organizational resources and employee capability to accomplish the goal.

    R

    Relevant: Goals must align with broader business, department, and development goals in order to be meaningful.

    T

    Time-bound: Provide a target date to ensure the goal is achievable and provide motivation.

    Example goal:

    "Learn Excel this summer."

    Problems:

    Not specific enough, not measurable enough, nor time bound.

    Alternate SMART goal:

    "Consult with our Excel expert and take the lead on creating an Excel tool in August."

    3.2 Identify target competencies & draft development goals

    1 hour

    Pre-work: Employees should come to the career conversation having done some self-reflection. Use Info-Tech's IT Employee Career Development Workbook to help employees identify their career goals.

    1. Pre-work: Managers should gather any data they have on the employee's current proficiency at key competencies. Potential sources include task-based assessments, performance ratings, supervisor or peer feedback, and informal conversation.

      Prioritize competencies. Using your list of priority organizational competencies, work with your employees to help them identify two to four competencies to focus on developing now and in the future. Use the Individual Competency Development Plan template to document your assessment and prioritize competencies for development. Consider the following questions for guidance:
      1. Which competencies are needed in my current role that I do not have full proficiency in?
      2. Which competencies are related to both my career interests and the organization's priorities?
      3. Which competencies are related to each other and could be developed together or simultaneously?
    2. Draft goals. Ask your employee to create a list of multiple simple goals to develop the competencies they have selected to work on developing over the next year. Identifying multiple goals helps to break development down into manageable chunks. Ensure goals are concrete, for example, if the competency is "communication skills," your development goals could be "presentation skills" and "business writing."
    3. Review goals:
      1. Ask why these areas are important to the employee.
      2. Share your ideas and why it is important that the employee develop in the areas identified.
      3. Ensure that the goals are realistic. They should be stretch goals, but they must be achievable. Use the SMART framework on the previous slide for guidance.

    Info-Tech Insight

    Lack of career development is the top reason employees leave organizations. Development activities need to work for both the organization and the employee's own development, and clearly link to advancing employees' careers either at the organization or beyond.

    Download the IT Employee Career Development Workbook

    Download the Individual Competency Development Plan

    3.2 Identify target competencies & draft development goals

    Input

    Output

    • Employee's career aspirations
    • List of priority organizational competencies
    • Assessment of employee's current proficiency
    • A list of concrete development goals

    Materials

    Participants

    • Employee
    • Direct manager

    Apply a blend of learning methods

    • Info-Tech recommends the 70-20-10 principle for learning and development, which places the greatest emphasis on learning by doing. This experiential learning is then supported by feedback from mentoring, training, and self-reflection.
    • Use the 70-20-10 principle as a guideline – the actual breakdown of your learning methods will need to be tailored to best suit your organization and the employee's goals.

    Spend development time and effort wisely:

    70%

    On providing challenging on-the-job opportunities

    20%

    On establishing opportunities for people to develop learning relationships with others, such as coaching and mentoring

    10%

    On formal learning and training programs

    Internal initiatives are a cost-effective development aid

    Internal Initiative

    What Is It?

    When to Use It

    Special Project

    Assignment outside of the scope of the day-to-day job (e.g. work with another team on a short-term initiative).

    As an opportunity to increase exposure and to expand skills beyond those required for the current job.

    Stretch Assignment

    The same projects that would normally be assigned, but in a shorter time frame or with a more challenging component.

    Employee is consistently meeting targets and you need to see what they're capable of.

    Training Others

    Training new or more junior employees on their position or a specific process.

    Employee wants to expand their role and responsibility and is proficient and positive.

    Team Lead On an Assignment

    Team lead for part of a project or new initiative.

    To prepare an employee for future leadership roles by increasing responsibility and developing basic managerial skills.

    Job Rotation

    A planned placement of employees across various roles in a department or organization for a set period of time.

    Employee is successfully meeting and/or exceeding job expectations in their current role.

    Incorporating a development objective into daily tasks

    What do we mean by incorporating into daily tasks?

    The next time you assign a project to an employee, you should also ask the employee to think about a development goal for the project. Try to link it back to their existing goals or have them document a new goal in their development plan.

    For example: A team of employees always divides their work in the same way. Their goal for their next project could be to change up the division of responsibility so they can learn each other's roles.

    Another example:

    "I'd like you to develop your ability to explain technical terms to a non-technical audience. I'd like you to sit down with the new employee who starts tomorrow and explain how to use all our software, getting them up and running."

    Info-Tech Insight

    Employees often don't realize that they are being developed. They either think they are being recognized for good work or they are resentful of the additional workload.

    You need to tell your employees that the activity you are asking them to do is intended to further their development.

    However, be careful not to sell mundane tasks as development opportunities – this is offensive and detrimental to engagement.

    Establish manager and employee accountability for following up

    Ensure that the employee makes progress in developing prioritized competencies by defining accountabilities:

    Tracking Progress

    Checking In

    Development Meetings

    Coaching & Feedback

    Employee accountability:

    • Employees need to keep track of what they learn.
    • Employees should take the time to reflect on their progress.

    Manager accountability:

    • Managers need to make the time for employees to reflect.

    Employee accountability:

    • Employees need to provide managers with updates and ask for help.

    Manager accountability:

    • Managers need to check in with employees to see if they need additional resources.

    Employee accountability:

    • Employees need to complete assessments again to determine whether they have made progress.

    Manager accountability:

    • Managers should schedule monthly meetings to discuss progress and identify next steps.

    Employee accountability:

    • Employees should ask their manager and colleagues for feedback after development activities.

    Manager accountability:

    • Managers can use both scheduled meetings and informal conversations to provide coaching and feedback to employees.

    3.3 Select development activities and schedule check-ins

    1-3 hours

    Pre-work: Employees should research potential development activities and come prepared with a range of suggestions.

    Pre-work: Managers should investigate options for employee development, such as internal training/practice opportunities for the employee's selected competencies and availability of training budget.

    1. Communicate your findings about internal opportunities and external training allowance to the employee. This can also be done prior to the meeting, to help guide the employee's own research. Address any questions or concerns.
    2. Review the employee's proposed list of activities, and identify priority ones based on:
      1. How effectively they support the development of priority competencies.
      2. How closely they match the employee's original goals.
      3. The learning methods they employ, and whether the chosen activities support a mix of different methods.
      4. The degree to which the employee will have a chance to practice new skills hands-on.
      5. The amount of time the activities require, balanced against the employee's work obligations.
    3. Guide the employee in selecting activities for the short and medium term. Establish an understanding that this list is tentative and subject to ongoing revision during future check-ins.
      1. If in doubt about whether the employee is over-committing, err on the side of fewer activities to start.
    4. Schedule a check-in for one month out to review progress and roadblocks, and to reaffirm priorities.
    5. Check-ins should be repeated regularly, typically once a month.

    Download the Learning Methods Catalog

    Info-Tech Insight

    Adopt a blended learning approach using a variety of techniques to effectively develop competencies. This will reinforce learning and accommodate different learning styles. See Info-Tech's Learning Methods Catalog for a description of popular experiential, relational, and formal learning methods.

    3.3 Select development activities and schedule check-ins

    Input

    Output

    • List of potential development activities (from employee)
    • List of organizational resources (from manager)
    • A selection of feasible development activities
    • Next check-in scheduled

    Materials

    Participants

    • Employee
    • Direct manager

    Tips for tricky conversations about development

    What to do if…

    Employees aren't interested in development:

    • They may have low aspiration for advancement.
    • Remind them about the importance of staying current in their role given increasing job requirements.
    • Explain that skill development will make their job easier and make them more successful at it; sell development as a quick and effective way to learn the skill.
    • Indicate your support and respond to concerns.

    Employees have greater aspiration than capability:

    • Explain that there are a number of skills and capabilities that they need to improve in order to move to the next level. If the specific skills were not discussed during the performance appraisal, do not hesitate to explain the improvements that you require.
    • Inform the employee that you want them to succeed and that by pushing too far and too fast they risk failure, which would not be beneficial to anyone.
    • Reinforce that they need to do their current job well before they can be considered for promotion.

    Employees are offended by your suggestions:

    • Try to understand why they are offended. Before moving forward, clarify whether they disagree with the need for development or the method by which you are recommending they be developed.
    • If it is because you told them they had development needs, then reiterate that this is about helping them to become better and that everyone has areas to develop.
    • If it is about the development method, discuss the different options, including the pros and cons of each.

    Coaching and feedback skills help managers guide employee development

    Coaching and providing feedback are often confused. Managers often believe they are coaching when they are just giving feedback. Learn the difference and apply the right approach for the right situation.

    What is coaching?

    A conversation in which a manager asks questions to guide employees to solve problems themselves.

    Coaching is:

    • Future-focused
    • Collaborative
    • Geared toward growth and development

    What is feedback?

    Information conveyed from the manager to the employee about their performance.

    Feedback is:

    • Past-focused
    • Prescriptive
    • Geared toward behavior and performance

    Info-Tech Insight

    Don't forget to develop your managers! Ensure coaching, feedback, and management skills are part of your management team's development plan.

    Understand the foundations of coaching to provide effective development coaching:

    Knowledge Mindset Relationship
    • Understand what coaching is and how to apply it:
    • Identify when to use coaching, feedback, or other people management practices, and how to switch between them.
    • Know what coaching can and cannot accomplish.
    • When focusing on performance, guide an employee to solve problems related to their work. When focusing on development, guide an employee to reach their own development goals.
    • Adopt a coaching mindset by subscribing to the following beliefs:
    • Employees want to achieve higher performance and have the potential to do so.
    • Employees have a unique and valuable perspective to share of the challenges they face as well as the possible solutions.
    • Employees should be empowered to realize solutions themselves to motivate them in achieving goals.
    • Develop a relationship of trust between managers and employees:
    • Create an environment of psychological safety where employees feel safe to be open and honest.
    • Involve employees in decision making and inform employees often.
    • Invest in employees' success.
    • Give and expect candor.
    • Embrace failure.

    Apply the "4A" behavior-focused coaching model

    Using a model allows every manager, even those with little experience, to apply coaching best practices effectively.

    Actively Listen

    Ask

    Action Plan

    Adapt

    Engage with employees and their message, rather than just hearing their message.

    Key active listening behaviors:

    • Provide your undivided attention.
    • Observe both spoken words and body language.
    • Genuinely try to understand what the employee is saying.
    • Listen to what is being said, then paraphrase back what you heard.

    Ask thoughtful, powerful questions to learn more information and guide employees to uncover opportunities and/or solutions.

    Key asking behaviors:

    • Ask open-ended questions.
    • Ask questions to learn something you didn't already know.
    • Ask for reasoning (the why).
    • Ask "what else?"

    Hold employees and managers accountable for progress and results.

    During check-ins, review each development goal to ensure employees are meeting their targets.

    Key action planning behaviors:

    Adapt to individual employees and situations.

    Key adapting behaviors:

    • Recognize employees' unique characteristics.
    • Appreciate the situation at hand and change your behavior and communication in order to best support the individual employee.

    Use the following questions to have meaningful coaching conversations

    Opening Questions

    • What's on your mind?
    • Do you feel you've had a good week/month?
    • What is the ideal situation?
    • What else?

    Problem-Identifying Questions

    • What is most important here?
    • What is the challenge here for you?
    • What is the real challenge here for you?
    • What is getting in the way of you achieving your goal?

    Problem-Solving Questions

    • What are some of the options available?
    • What have you already tried to solve this problem? What worked? What didn't work?
    • Have you considered all the possibilities?
    • How can I help?

    Next-Steps Questions

    • What do you need to do, and when, to achieve your goal?
    • What resources are there to help you achieve your goal? This includes people, tools, or even resources outside our organization.
    • How will you know when you have achieved your goal? What does success look like?

    The purpose of asking questions is to guide the conversation and learn something you didn't already know. Choose the questions you ask based on the flow of the conversation and on what information you would like to uncover. Approach the answers you get with an open mind.

    Info-Tech Insight

    Avoid the trap of "hidden agenda" questions, whose real purpose is to offer your own advice.

    Use the following approach to give effective feedback

    Provide the feedback in a timely manner

    • Plan the message you want to convey.
    • Provide feedback "just-in-time."
    • Ensure recipient is not preoccupied.
    • Try to balance the feedback; refer to successful as well as unsuccessful behavior.

    Communicate clearly, using specific examples and alternative behaviors

    • Feedback must be honest and helpful.
    • Be specific and give a recent example.
    • Be descriptive, not evaluative.
    • Relate feedback to behaviors that can be changed.
    • Give an alternative positive behavior.

    Confirm their agreement and understanding

    • Solicit their thoughts on the feedback.
    • Clarify if not understood; try another example.
    • Confirm recipient understands and accepts the feedback.

    Manager skill is crucial to employee development

    Development is a two-way street. This means that while employees are responsible for putting in the work, managers must enable their development with support and guidance. The latter is a skill, which managers must consciously cultivate.

    For more in-depth management skills development, see the Info-Tech "Build a Better Manager" training resources:

    Bibliography

    Anderson, Kelsie. "Is Your IT Department Prepared for the 4 Biggest Challenges of 2017?" 14 June 2017.
    Atkinson, Carol, and Peter Sandiford. "An Exploration of Older Worker Flexible Working Arrangements in Smaller Firms." Human Resource Management Journal, vol. 26, no. 1, 2016, pp. 12–28. Wiley Online Library.
    BasuMallick, Chiradeep. "Top 8 Best Practices for Employee Cross-Training." Spiceworks, 15 June 2020.
    Birol, Andy. "4 Ways You Can Succeed With a Staff That 'Wears Multiple Hats.'" The Business Journals, 26 Nov. 2013.
    Bleich, Corey. "6 Major Benefits To Cross-Training Employees." EdgePoint Learning, 5 Dec. 2018.
    Cancialosi, Chris. "Cross-Training: Your Best Defense Against Indispensable Employees." Forbes, 15 Sept. 2014.
    Cappelli, Peter, and Anna Tavis. "HR Goes Agile." Harvard Business Review, Mar. 2018.
    Chung, Kai Li, and Norma D'Annunzio-Green. "Talent Management Practices of SMEs in the Hospitality Sector: An Entrepreneurial Owner-Manager Perspective." Worldwide Hospitality and Tourism Themes, vol. 10, no. 4, Jan. 2018.
    Clarkson, Mary. Developing IT Staff: A Practical Approach. Springer Science & Business Media, 2012.
    "CNBC and SurveyMonkey Release Latest Small Business Survey Results." Momentive, 2019. Press Release. Accessed 6 Aug. 2020.
    Cselényi, Noémi. "Why Is It Important for Small Business Owners to Focus on Talent Management?" Jumpstart:HR | HR Outsourcing and Consulting for Small Businesses and Startups, 25 Mar. 2013.
    dsparks. "Top 10 IT Concerns for Small Businesses." Stratosphere Networks IT Support Blog - Chicago IT Support Technical Support, 16 May 2017.
    Duff, Jimi. "Why Small to Mid-Sized Businesses Need a System for Talent Management | Talent Management Blog | Saba Software." Saba, 17 Dec. 2018.
    Employment and Social Development Canada. "Age-Friendly Workplaces: Promoting Older Worker Participation." Government of Canada, 3 Oct. 2016.
    Exploring Workforce Planning. Accenture, 23 May 2017.
    "Five Major IT Challenges Facing Small and Medium-Sized Businesses." Advanced Network Systems. Accessed 25 June 2020.
    Harris, Evan. "IT Problems That Small Businesses Face." InhouseIT, 17 Aug. 2016.
    Heathfield, Susan. "What Every Manager Needs to Know About Succession Planning." Liveabout, 8 June 2020.
    ---. "Why Talent Management Is an Important Business Strategy." Liveabout, 29 Dec. 2019.
    Herbert, Chris. "The Top 5 Challenges Facing IT Departments in Mid-Sized Companies." ExpertIP, 25 June 2012.
    How Smaller Organizations Can Use Talent Management to Accelerate Growth. Avilar. Accessed 25 June 2020.
    Krishnan, TN, and Hugh Scullion. "Talent Management and Dynamic View of Talent in Small and Medium Enterprises." Human Resource Management Review, vol. 27, no. 3, Sept. 2017, pp. 431–41.
    Mann Jackson, Nancy. "Strategic Workforce Planning for Midsized Businesses." ADP, 6 Feb. 2017.
    McCandless, Karen. "A Beginner's Guide to Strategic Talent Management (2020)." The Blueprint, 26 Feb. 2020.
    McFeely, Shane, and Ben Wigert. "This Fixable Problem Costs U.S. Businesses $1 Trillion." Gallup.com, 13 Mar. 2019.
    Mihelič, Katarina Katja. Global Talent Management Best Practices for SMEs. Jan. 2020.
    Mohsin, Maryam. 10 Small Business Statistics You Need to Know in 2020 [May 2020]. 4 May 2020.
    Ramadan, Wael H., and B. Eng. The Influence of Talent Management on Sustainable Competitive Advantage of Small and Medium Sized Establishments. 2012, p. 15.
    Ready, Douglas A., et al. "Building a Game-Changing Talent Strategy." Harvard Business Review, no. January–February 2014, Jan. 2014.
    Reh, John. "Cross-Training Employees Strengthens Engagement and Performance." Liveabout, May 2019.
    Rennie, Michael, et al. McKinsey on Organization: Agility and Organization Design. McKinsey, May 2016.
    Roddy, Seamus. "The State of Small Business Employee Benefits in 2019." Clutch, 18 Apr. 2019.
    SHRM. "Developing Employee Career Paths and Ladders." SHRM, 28 Feb. 2020.
    Strandberg, Coro. Sustainability Talent Management: The New Business Imperative. Strandberg Consulting, Apr. 2015.
    Talent Management for Small & Medium-Size Businesses. Success Factors. Accessed 25 June 2020.
    "Top 10 IT Challenges Facing Small Business in 2019." Your IT Department, 8 Jan. 2019.
    "Why You Need Workforce Planning." Workforce.com, 24 Oct. 2022.

    Ensure Cloud Security in IaaS, PaaS, and SaaS Environments

    • Buy Link or Shortcode: {j2store}386|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Secure Cloud & Network Architecture
    • Parent Category Link: /secure-cloud-network-architecture
    • Security remains a large impediment to realizing cloud benefits. Numerous concerns still exist around the ability for data privacy, confidentiality, and integrity to be maintained in a cloud environment.
    • Even if adoption is agreed upon, it becomes hard to evaluate vendors that have strong security offerings and even harder to utilize security controls that are internally deployed in the cloud environment.

    Our Advice

    Critical Insight

    • The cloud can be secure despite unique security threats.
    • Securing a cloud environment is a balancing act of who is responsible for meeting specific security requirements.
    • Most security challenges and concerns can be minimized through our structured process (CAGI) of selecting a trusted cloud security provider (CSP) partner.

    Impact and Result

    • The business is adopting a cloud environment and it must be secured, which includes:
      • Ensuring business data cannot be leaked or stolen.
      • Maintaining privacy of data and other information.
      • Securing the network connection points.
    • Determine your balancing act between yourself and your CSP; through contractual and configuration requirements, determine what security requirements your CSP can meet and cover the rest through internal deployment.
    • This blueprint and associated tools are scalable for all types of organizations within various industry sectors.

    Ensure Cloud Security in IaaS, PaaS, and SaaS Environments Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should prioritize security in the cloud, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Determine your cloud risk profile

    Determine your organization’s rationale for cloud adoption and what that means for your security obligations.

    • Ensure Cloud Security in IaaS, PaaS, and SaaS Environments – Phase 1: Determine Your Cloud Risk Profile
    • Secure Cloud Usage Policy

    2. Identify your cloud security requirements

    Use the Cloud Security CAGI Tool to perform four unique assessments that will be used to identify secure cloud vendors.

    • Ensure Cloud Security in IaaS, PaaS, and SaaS Environments – Phase 2: Identify Your Cloud Security Requirements
    • Cloud Security CAGI Tool

    3. Evaluate vendors from a security perspective

    Learn how to assess and communicate with cloud vendors with security in mind.

    • Ensure Cloud Security in IaaS, PaaS, and SaaS Environments – Phase 3: Evaluate Vendors From a Security Perspective
    • IaaS and PaaS Service Level Agreement Template
    • SaaS Service Level Agreement Template
    • Cloud Security Communication Deck

    4. Implement your secure cloud program

    Turn your security requirements into specific tasks and develop your implementation roadmap.

    • Ensure Cloud Security in IaaS, PaaS, and SaaS Environments – Phase 4: Implement Your Secure Cloud Program
    • Cloud Security Roadmap Tool

    5. Build a cloud security governance program

    Build the organizational structure of your cloud security governance program.

    • Ensure Cloud Security in IaaS, PaaS, and SaaS Environments – Phase 5: Build a Cloud Security Governance Program
    • Cloud Security Governance Program Template
    [infographic]

    Effectively Manage CxO Relations

    • Buy Link or Shortcode: {j2store}384|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Manage Business Relationships
    • Parent Category Link: /manage-business-relationships

    With the exponential pace of technological change, an organization's success will depend largely on how well CIOs can evolve from technology evangelists to strategic business partners. This will require CIOs to effectively broker relationships to improve IT's effectiveness and create business value. A confidential journal can help you stay committed to fostering productive relationships while building trust to expand your sphere of influence.

    Our Advice

    Critical Insight

    Highly effective executives have in common the ability to successfully balance three things: time, personal capabilities, and relationships. Whether you are a new CIO or an experienced leader, the relentless demands on your time and unpredictable shifts in the organization’s strategy require a personal game plan to deliver business value. Rather than managing stakeholders one IT project at a time, you need an action plan that is tailored for unique work styles.

    Impact and Result

    A personal relationship journal will help you:

    • Understand the context in which key stakeholders operate.
    • Identify the best communication approach to engage with different workstyles.
    • Stay committed to fostering relationships through difficult periods.

    Effectively Manage CxO Relations Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Effectively Manage CxO Relations Storyboard – A guide to creating a personal action plan to help effectively manage relationships across key stakeholders.

    Use this research to create a personal relationship journal in four steps:

    • Effectively Manage CxO Relations Storyboard

    2. Personal Relationship Management Journal Template – An exemplar to help you build your personal relationship journal.

    Use this exemplar to build a journal that is readily accessible, flexible, and easy to maintain.

    • Personal Relationship Management Journal Template

    Infographic

    Further reading

    Effectively Manage CxO Relations

    Make relationship management a daily habit with a personalized action plan.

    Analyst Perspective

    "Technology does not run an enterprise, relationships do." – Patricia Fripp

    As technology becomes increasingly important, an organization's success depends on the evolution of the modern CIO from a technology evangelist to a strategic business leader. The modern CIO will need to leverage their expansive partnerships to demonstrate the value of technology to the business while safeguarding their time and effort on activities that support their strategic priorities. CIOs struggling to transition risk obsolescence with the emergence of new C-suite roles like the Digital Transformation Officer, Chief Digital Officer, Chief Data Officer, and so on.

    CIOs will need to flex new social skills to accommodate diverse styles of work and better predict dynamic situations. This means expanding beyond their comfort level to acquire new social skills. Having a clear understanding of one's own work style (preferences, natural tendencies, motivations, and blind spots) is critical to identify effective communication and engagement tactics.

    Building trust is an art. Striking a balance between fulfilling your own goals and supporting others will require a carefully curated approach to navigate the myriad of personalities and work styles. A personal relationship journal will help you stay committed through these peaks and troughs to foster productive partnerships and expand your sphere of influence over the long term.

    Photo of Joanne Lee
    Joanne Lee
    Principal, Research Director, CIO Advisory
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    In today's unpredictable markets and rapid pace of technological disruptions, CIOs need to create business value by effectively brokering relationships to improve IT's performance. Challenges they face:

    • Operate in silos to run the IT factory.
    • Lack insights into their stakeholders and the context in which they operate.
    • Competing priorities and limited time to spend on fostering relationships.
    • Relationship management programs are narrowly focused on associated change management in IT project delivery.

    Common Obstacles

    Limited span of influence.

    Mistaking formal roles in organizations for influence.

    Understanding what key individuals want and, more importantly, what they don't want.

    Lack of situational awareness to adapt communication styles to individual preferences and context.

    Leveraging different work styles to create a tangible action plan.

    Perceiving relationships as "one and done."

    Info-Tech's Approach

    A personal relationship journal will help you stay committed to fostering productive relationships while building trust to expand your sphere of influence.

    • Identify your key stakeholders.
    • Understand the context in which they operate to define a profile of their mandate, priorities, commitments, and situation.
    • Choose the most effective engagement and communication strategies for different work styles.
    • Create an action plan to monitor and measure your progress.

    Info-Tech Insight

    Highly effective executives have in common the ability to balance three things: time, personal capabilities, and relationships. Whether you are a new CIO or an experienced leader, the relentless demand on your time and unpredictable shifts in the organization's strategy will require a personal game plan to deliver business value. This will require more than managing stakeholders one IT project at a time: It requires an action plan that fosters relationships over the long term.

    Key Concepts

    Stakeholder Management
    A common term used in project management to describe the successful delivery of any project, program, or activity that is associated with organizational change management. The goal of stakeholder management is intricately tied to the goals of the project or activity with a finite end. Not the focus of this advisory research.

    Relationship Management
    A broad term used to describe the relationship between two parties (individuals and/or stakeholder groups) that exists to create connection, inclusion, and influence. The goals are typically associated with the individual's personal objectives and the nature of the interaction is seen as ongoing and long-term.

    Continuum of Commitment
    Info-Tech's framework that illustrates the different levels of commitment in a relationship. It spans from active resistance to those who are committed to actively supporting your personal priorities and objectives. This can be used to baseline where you are today and where you want the relationship to be in the future.

    Work Style
    A reference to an individual's natural tendencies and expectations that manifest itself in their communication, motivations, and leadership skills. This is not a behavior assessment nor a commentary on different personalities but observable behaviors that can indicate different ways people communicate, interact, and lead.

    Glossary
    CDxO: Chief Digital Officer
    CDO: Chief Data Officer
    CxO: C-Suite Executives

    The C-suite is getting crowded, and CIOs need to foster relationships to remain relevant

    The span of influence and authority for CIOs is diminishing with the emergence of Chief Digital Officers and Chief Data Officers.

    63% of CDxOs report directly to the CEO ("Rise of the Chief Digital Officer," CIO.com)

    44% of organizations with a dedicated CDxO in place have a clear digital strategy versus 22% of those without a CDxO (KPMG/Harvey Nash CIO Survey)

    The "good news": CIOs tend to have a longer tenure than CDxOs.

    A diagram that shows the average tenure of C-Suites in years.
    Source: "Age and Tenure of C-Suites," Korn Ferry

    The "bad news": The c-suite is getting overcrowded with other roles like Chief Data Officer.

    A diagram that shows the number of CDOs hired from 2017 to 2021.
    Source: "Chief Data Officer Study," PwC, 2022

    An image of 7 lies technology executives tell ourselves.

    Info-Tech Insight

    The digital evolution has created the emergence of new roles like the Chief Digital Officer and Chief Data Officer. They are a response to bridge the skill gap that exists between the business and technology. CIOs need to focus on building effective partnerships to better communicate the business value generated by technology or they risk becoming obsolete.

    Create a relationship journal to effectively manage your stakeholders

    A diagram of relationship journal

    Info-Tech's approach

    From managing relationships with friends to key business partners, your success will come from having the right game plan. Productive relationships are more than managing stakeholders to support IT initiatives. You need to effectively influence those who have the potential to champion or derail your strategic priorities. Understanding differences in work styles is fundamental to adapting your communication approach to various personalities and situations.

    A diagram that shows from 1.1 to 4.1

    A diagram of business archetypes

    Summary of Insights

    Insight 1: Expand your sphere of influence
    It's not just about gaining a volume of acquaintances. Figure out where you want to spend your limited time, energy, and effort to develop a network of professional allies who will support and help you achieve your strategic priorities.

    Insight 2: Know thyself first and foremost
    Healthy relationships start with understanding your own working style, preferences, and underlying motivations that drive your behavior and ultimately your expectations of others. A win/win scenario emerges when both parties' needs for inclusion, influence, and connection are met or mutually conceded.

    Insight 3: Walk a mile in their shoes
    If you want to build successful partnerships, you need to understand the context in which your stakeholder operates: their motivations, desires, priorities, commitments, and challenges. This will help you adapt as their needs shift and, moreover, leverage empathy to identify the best tactics for different working styles.

    Insight 4: Nurturing relationships is a daily commitment
    Building, fostering, and maintaining professional relationships requires a daily commitment to a plan to get through tough times, competing priorities, and conflicts to build trust, respect, and a shared sense of purpose.

    Related Info-Tech Research

    Supplement your CIO journey with these related blueprints.

    Photo of First 100 Days as CIO

    First 100 Days as CIO

    Photo of Become a Strategic CIO

    Become a Strategic CIO

    Photo of Improve IT Team Effectiveness

    Improve IT Team Effectiveness

    Photo of Become a Transformational CIO

    Become a Transformational CIO

    Executive Brief Case Study

    Logo of Multicap Limited

    • Industry: Community Services
    • Source: Scott Lawry, Head of Digital

    Conversation From Down Under

    What are the hallmarks of a healthy relationship with your key stakeholders?
    "In my view, I work with partners like they are an extension of my team, as we rely on each other to achieve mutual success. Partnerships involve a deeper, more intimate relationship, where both parties are invested in the long-term success of the business."

    Why is it important to understand your stakeholder's situation?
    "It's crucial to remember that every IT project is a business project, and vice versa. As technology leaders, our role is to demystify technology by focusing on its business value. Empathy is a critical trait in this endeavor, as it allows us to see a stakeholder's situation from a business perspective, align better with the business vision and goals, and ultimately connect with people, rather than just technology."

    How do you stay committed during tough times?
    "I strive to leave emotions at the door and avoid taking a defensive stance. It's important to remain neutral and not personalize the issue. Instead, stay focused on the bigger picture and goals, and try to find a common purpose. To build credibility, it's also essential to fact-check assumptions regularly. By following these principles, I approach situations with a clear mind and better perspective, which ultimately helps achieve success."

    Photo of Scott Lawry, Head Of Digital at Multicap Limited

    Key Takeaways

    In a recent conversation with a business executive about the evolving role of CIOs, she expressed: "It's the worst time to be perceived as a technology evangelist and even worse to be perceived as an average CIO who can't communicate the business value of technology."

    This highlights the immense pressure many CIOs face when evolving beyond just managing the IT factory.

    The modern CIO is a business leader who can forge relationships and expand their influence to transform IT into a core driver of business value.

    Stakeholder Sentiment

    Identify key stakeholders and their perception of IT's effectiveness

    1.1 Identify Key Stakeholders

    A diagram of Identify Key Stakeholders

    Identify and prioritize your key stakeholders. Be diligent with stakeholder identification. Use a broad view to identify stakeholders who are known versus those who are "hidden." If stakeholders are missed, then so are opportunities to expand your sphere of influence.

    1.2 Understand Stakeholder's Perception of IT

    A diagram that shows Info-Tech's Diagnostic Reports and Hospital Authority XYZ

    Assess stakeholder sentiments from Info-Tech's diagnostic reports and/or your organization's satisfaction surveys to help identify individuals who may have the greatest influence to support or detract IT's performance and those who are passive observers that can become your greatest allies. Determine where best to focus your limited time amid competing priorities by focusing on the long-term goals that support the organization's vision.

    Info-Tech Insight

    Understand which individuals can directly or indirectly influence your ability to achieve your priorities. Look inside and out, as you may find influencers beyond the obvious peers or executives in an organization. Influence can result from expansive connections, power of persuasion, and trust to get things done.

    Visit Info-Tech's Diagnostic Programs

    Activity: Identify and Prioritize Stakeholders

    30-60 minutes

    1.1 Identify Key Stakeholders

    Start with the key stakeholders that are known to you. Take a 360-degree view of both internal and external connections. Leverage external professional & network platforms (e.g. LinkedIn), alumni connections, professional associations, forums, and others that can help flush out hidden stakeholders.

    1.2 Prioritize Key Stakeholders

    Use stakeholder satisfaction surveys like Info-Tech's Business Vision diagnostic as a starting point to identify those who are your allies and those who have the potential to derail IT's success, your professional brand, and your strategic priorities. Review the results of the diagnostic reports to flush out those who are:

    • Resisters: Vocal about their dissatisfaction with IT's performance and actively sabotage or disrupt
    • Skeptics: Disengaged, passive observers
    • Ambassadors: Aligned but don't proactively support
    • Champions: Actively engaged and will proactively support your success

    Consider the following:

    • Influencers may not have formal authority within an organization but have relationships with your stakeholders.
    • Influencers may be hiding in many places, like the coach of your daughter's soccer team who rows with your CEO.
    • Prioritize, i.e. three degrees of separation due to potential diverse reach of influence.

    Key Output: Create a tab for your most critical stakeholders.

    A diagram that shows profile tabs

    Download the Personal Relationship Management Journal Template.

    Understand stakeholders' business

    Create a stakeholder profile to understand the context in which stakeholders operate.

    2.1 Create individual profile for each stakeholder

    A diagram that shows different stakeholder questions

    Collect and analyze key information to understand the context in which your stakeholders operate. Use the information to derive insights about their mandate, accountabilities, strategic goals, investment priorities, and performance metrics and challenges they may be facing.

    Stakeholder profiles can be used to help design the best approach for personal interactions with individuals as their business context changes.

    If you are short on time, use this checklist to gather information:

    • Stakeholder's business unit (BU) strategy goals
    • High-level organizational chart
    • BU operational model or capability map
    • Key performance metrics
    • Projects underway and planned
    • Financial budget (if available)
    • Milestone dates for key commitments and events
    • External platforms like LinkedIn, Facebook, Twitter, Slack, Instagram, Meetup, blogs

    Info-Tech Insight

    Understanding what stakeholders want (and more importantly, what they don't) requires knowing their business and the personal and social circumstances underlying their priorities and behaviors.

    Activity: Create a stakeholder profile

    30-60 minutes

    2.1.0 Understand stakeholder's business context

    Create a profile for each of your priority stakeholders to document their business context. Review all the information collected to understand their mandate, core accountability, and business capabilities. The context in which individuals operate is a window into the motivations, pressures, and vested interests that will influence the intersectionality between their expectations and yours.

    2.1.1 Document Observable Challenges as Private Notes

    Crushing demands and competing priorities can lead to tension and stress as people jockey to safeguard their time. Identify some observable challenges to create greater situational awareness. Possible underlying factors:

    • Sudden shifts/changes in mandate
    • Performance (operations, projects)
    • Finance
    • Resource and talent gaps
    • Politics
    • Personal circumstances
    • Capability gaps/limitations
    • Capacity challenges

    A diagram that shows considerations of this activity.

    Analyze Stakeholder's Work Style

    Adapt communication styles to the situational context in which your stakeholders operate

    2.2 Determine the ideal approach for engaging each stakeholder

    Each stakeholder has a preferred modality of working which is further influenced by dynamic situations. Some prefer to meet frequently to collaborate on solutions while others prefer to analyze data in solitude before presenting information to substantiate recommendations. However, fostering trust requires:

    1. Understanding your preferred default when engaging others.
    2. Knowing where you need to expand your skills.
    3. Identifying which skills to activate for different professional scenarios.

    Adapting your communication style to create productive interactions will require a diverse arsenal of interpersonal skills that you can draw upon as situations shift. The ability to adapt your work style to dial any specific trait up or down will help to increase your powers of persuasion and influence.

    "There are only two ways to influence human behavior: you can manipulate it, or you can inspire it." – Simon Sinek

    Activity: Identify Engagement Strategies

    30 minutes

    2.2.0 Establish work styles

    Every individual has a preferred style of working. Determine work styles starting with self-awareness:

    • Express myself - How you communicate and interact with others
    • Expression by others - How you want others to communicate and interact with you

    Through observation and situational awareness, we can make inferences about people's work style.

    • Observations - Observable traits of other people's work style
    • Situations - Personal and professional circumstances that influence how we communicate and interact with one another

    Where appropriate and when opportunities arise, ask individuals directly about their preferred work styles and method for communication. What is their preferred method of communication? During a normal course of interaction vs. for urgent priorities?

    2.2.1 Brainstorm possible engagement strategies

    Consider the following when brainstorming engagement strategies for different work styles.

    A table of involvement, influence, and connection.

    Think engagement strategies in different professional scenarios:

    • Meetings - Where and how you connect
    • Communicating - How and what you communicate to create connection
    • Collaborating - What degree of involved in shared activities
    • Persuading - How you influence or direct others to get things done

    Expand New Interpersonal Skills

    Use the Business Archetypes to brainstorm possible approaches for engaging with different work styles. Additional communication and engagement tactics may need to be considered based on circumstances and changing situations.

    A diagram that shows business archetypes and engagement strategies.

    Communicate Effectively

    Productive communication is a dialogue that requires active listening, tailoring messages to fluid situations, and seeking feedback to adapt.

    A diagram of elements that contributes to better align intention and impact

    Be Relevant

    • Understand why you need to communicate
    • Determine what you need to convey
    • Tailor your message to what matters to the audience and their context
    • Identify the most appropriate medium based on the situation

    Be Consistent and Accurate

    • Say what you mean and mean what you say to avoid duplicity
    • Information should be accurate and complete
    • Communicate truthfully; do not make false promises or hide bad news
    • Don't gossip

    Be Clear and Concise

    • Keep it simple and avoid excessive jargon
    • State asks upfront to set intention and transparency
    • Avoid ambiguity and focus on outcomes over details
    • Be brief and to the point or risk losing stakeholder's attention

    Be Attentive and Authentic

    • Stay engaged and listen actively
    • Be curious and inquire for clarification or explanation
    • Be flexible to adapt to both verbal and non-verbal cues
    • Be authentic in your approach to sharing yourself
    • Avoid "canned" approaches

    A diagram of listen, observe, reflect.


    "Good communication is the bridge between confusion and clarity."– Nat Turner (LinkedIn, 2020)

    Exemplar: Engaging With Jane

    A diagram that shows Exemplar: Engaging With Jane

    Exemplar: Engaging With Ali

    A diagram that shows Exemplar: Engaging With Ali

    Develop an Action Plan

    Moving from intent to action requires a plan to ensure you stay committed through the peaks and troughs.

    Create Your 120-Day Plan

    An action plan example

    Key elements of the action plan:

    • Strategic priorities – Your top focus
    • Objective – Your goals
    • 30-60-90-120 Day Topics – Key agenda items
    • Meeting Progress Notes – Key takeaways from meetings
    • Private Notes – Confidential observations

    Investing in relationships is a long-term process. You need to accumulate enough trust to trade or establish coalitions to expand your sphere of influence. Even the strongest of professional ties will have their bouts of discord. To remain committed to building the relationship during difficult periods, use an action plan that helps you stay grounded around:

    • Shared purpose
    • Removing emotion from the situation
    • Continuously learning from every interaction

    Photo of Angela Diop
    "Make intentional actions to set intentionality. Plans are good to keep you grounded and focused especially when relationship go through ups and down and there are changes: to new people and new relationships."
    – Angela Diop, Senior Director, Executive Services, Info-Tech & former VP of Information Services with Unity Health Care

    Activity: Design a Tailored Action Plan

    30-60 minutes

    3.1.0 Determine your personal expectations

    Establish your personal goals and expectations around what you are seeking from the relationship. Determine the strength of your current connection and identify where you want to move the relationship across the continuum of commitment.

    Use insights from your stakeholder's profile to explore their span of influence and degree of interest in supporting your strategic priorities.

    3.1.1 Determine what you want from the relationship

    Based on your personal goals, identify where you want to move the relationship across the continuum of commitment: What are you hoping to achieve from the relationship? How will this help create a win/win situation for both you and the key stakeholder?

    A diagram of Continuum of Commitment.

    3.1.2 Identify your metrics for progress

    Fostering relationships take time and commitment. Utilizing metrics or personal success criteria for each of your focus areas will help you stay on track and find opportunities to make each engagement valuable instead of being transactional.

    A graph that shows influence vs interest.

    Make your action plan impactful

    Level of Connection

    The strength of the relationship will help inform the level of time and effort needed to achieve your goals.

    • Is this a new or existing relationship?
    • How often do you connect with this individual?
    • Are the connections driven by a shared purpose or transactional as needs arise?

    Focus on Relational Value

    Cultivate your network and relationship with the goal of building emotional connection, understanding, and trust around your shared purpose and organization's vision through regular dialogue. Be mindful of transactional exchanges ("quid pro quo") to be strategic about its use. Treat every interaction as equally important regardless of agenda, duration, or channel of communication.

    Plan and Prepare

    Everyone's time is valuable, and you need to come prepared with a clear understanding of why you are engaging. Think about the intentionality of the conversation:

    • Gain buy-in
    • Create transparency
    • Specific ask
    • Build trust and respect
    • Provide information to clarify, clear, or contain a situation

    Non-Verbal Communication Matters

    Communication is built on both overt expressions and subtext. While verbal communication is the most recognizable form, non-lexical components of verbal communication (i.e. paralanguage) can alter stated vs. intended meaning. Engage with the following in mind:

    • Tone, pitch, speed, and hesitation
    • Facial expressions and gestures
    • Choice of channel for engagement

    Exemplar: Action Plan for VP, Digital

    A diagram that shows Exemplar: Action Plan for VP, Digital

    Make Relationship Management a Daily Habit

    Management plans are living documents and need to be flexible to adapt to changes in stakeholder context.

    Monitor and Adjust to Communicate Strategically

    A diagram that shows Principles for Effective Communication and Key Measures

    Building trust takes time and commitment. Treat every conversation with your key stakeholders as an investment in building the social capital to expand your span of influence when and where you need it to go. This requires making relationship management a daily habit. Action plans need to be a living document that is your personal journal to document your observations, feelings, and actions. Such a plan enables you to make constant adjustments along the relationship journey.

    "Without involvement, there is no commitment. Mark it down, asterisk it, circle it, underline it."– Stephen Convey (LinkedIn, 2016)

    Capture some simple metrics

    If you can't measure your actions, you can't manage the relationship.

    An example of measures: what, why, how - metrics, and intended outcome.

    While a personal relationship journal is not a formal performance management tool, identifying some tangible measures will improve the likelihood of aligning your intent with outcomes. Good measures will help you focus your efforts, time, and resources appropriately.

    Keep the following in mind:

    1. WHAT are you trying to measure?
      Specific to the situation or scenario
    2. WHY is this important?
      Relevant to your personal goals
    3. HOW will you measure?
      Achievable and quantifiable
    4. WHAT will the results tell you?
      Intended outcome that is directional

    Summary of accomplishments

    Knowledge Gained

    • Relationship management is critical to a CIO's success
    • A personal relationship journal will help build:
      • Customized approach to engaging stakeholders
      • New communication skills to adapt to different work styles

    New Concepts

    • Work style assessment framework and engagement strategies
    • Effective communication strategies
    • Continuum of commitment to establish personal goals

    Approach to Creating a Personal Journal

    • Step-by-step approach to create a personal journal
    • Key elements for inclusion in a journal
    • Exemplar and recommendations

    Related Info-Tech Research

    Photo of Tech Trends and Priorities Research Centre

    Tech Trends and Priorities Research Centre

    Access Info-Tech's Tech Trend reports and research center to learn about current industry trends, shifts in markets, and disruptions that are impacting your industry and sector. This is a great starting place to gain insights into how the ecosystem is changing your business and the role of IT within it.

    Photo of Embed Business Relationship Management in IT

    Embed Business Relationship Management in IT

    Create a business relationship management (BRM) function in your program to foster a more effective partnership with the business and drive IT's value to the organization.

    Photo of Become a Transformational CIO

    Become a Transformational CIO

    Collaborate with the business to lead transformation and leave behind a legacy of growth.

    Appendix: Framework

    Content:

    • Adaptation of DiSC profile assessment
    • DiSC Profile Assessment
    • FIRO-B Framework
    • Experience Cube

    Info-Tech's Adaption of DiSC Assessment

    A diagram of business archetypes

    Info-Tech's Business Archetypes was created based on our analysis of the DiSC Profile and Myers-Briggs FIRO-B personality assessment tools that are focused on assessing interpersonal traits to better understand personalities.

    The adaptation is due in part to Info-Tech's focus on not designing a personality assessment tool as this is neither the intent nor the expertise of our services. Instead, the primary purpose of this adaptation is to create a simple framework for our members to base their observations of behavioral cues to identify appropriate communication styles to better interact with key stakeholders.

    Cautionary note:
    Business archetypes are personas and should not be used to label, make assumptions and/or any other biased judgements about individual personalities. Every individual has all elements and aspects of traits across various spectrums. This must always remain at the forefront when utilizing any type of personality assessments or frameworks.

    Click here to learn about DiSC Profile
    Click here learn about FIRO-B
    Click here learn about Experience Cube

    DiSC Profile Assessment

    A photo of DiSC Profile Assessment

    What is DiSC?

    DisC® is a personal assessment tool that was originally developed in 1928 by psychologist William Moulton Marston, who designed it to predict job performance. The tool has evolved and is now widely used by thousands of organizations around the world, from large government agencies and Fortune 500 companies to nonprofit and small businesses, to help improve teamwork, communication, and productivity in the workplace. The tool provides a common language people can use to better understand themselves and those they interact with - and use this knowledge to reduce conflict and improve working relationships.

    What does DiSC mean?

    DiSC is an acronym that stands for the four main personality profiles described in the Everything DiSC model: (D)ominance, (i)nfluence, (S)teadiness, (C)onscientiousness

    People with (D) personalities tend to be confident and emphasize accomplishing bottom-line results.
    People with (i) personalities tend to be more open and emphasize relationships and influencing or persuading others.
    People with (S) personalities tend to be dependable and emphasize cooperation and sincerity.
    People with (C) personalities tend to emphasize quality, accuracy, expertise, and competency.

    Go to this link to explore the DiSC styles

    FIRO-B® – Interpersonal Assessment

    A diagram of FIRO framework

    What is FIRO workplace relations?

    The Fundamental Interpersonal Relations Orientation Behavior (FIRO-B®) tool has been around for forty years. The tool assesses your interpersonal needs and the impact of your behavior in the workplace. The framework reveals how individuals can shape and adapt their individual behaviors, influence others effectively, and build trust among colleagues. It has been an excellent resource for coaching individuals and teams about the underlying drivers behind their interactions with others to effectively build successful working relationships.

    What does the FIRO framework measure?

    The FIRO framework addresses five key questions that revolve around three interpersonal needs. Fundamentally, the framework focuses on how you want to express yourself toward others and how you want others to behave toward you. This interaction will ultimately result in the universal needs for (a) inclusion, (b) control, and (c) affection. The insights from the results are intended to help individuals adjust their behavior in relationships to get what they need while also building trust with others. This will allow you to better predict and adapt to different situations in the workplace.

    How can FIRO influence individual and team performance in the workplace?

    FIRO helps people recognize where they may be giving out mixed messages and prompts them to adapt their exhibited behaviors to build trust in their relationships. It also reveals ways of improving relationships by showing individuals how they are seen by others, and how this external view may differ from how they see themselves. Using this lens empowers people to adjust their behavior, enabling them to effectively influence others to achieve high performance.

    In team settings, it is a rich source of information to explore motivations, underlying tensions, inconsistent behaviors, and the mixed messages that can lead to mistrust and derailment. It demonstrates how people may approach teamwork differently and explains the potential for inefficiencies and delays in delivery. Through the concept of behavioral flexibility, it helps defuse cultural stereotypes and streamline cross-cultural teams within organizations.

    Go to this link to explore FIRO-B for Business

    Experience Cube

    A diagram of experience cube model.

    What is an experience cube?

    The Experience Cube model was developed by Gervase Bushe, a professor of Leadership and Organization at the Simon Fraser University's school of Business and a thought leader in the field of organizational behavior. The experience cube is intended as a tool to plan and manage conversations to communicate more effectively in the moment. It does this by promoting self-awareness to better reduce anxiety and adapt to evolving and uncertain situations.

    How does the experience cube work?

    Using the four elements of the experience cube (Observations, Thoughts, Feelings, and Wants) helps you to separate your experience with the situation from your potential judgements about the situation. This approach removes blame and minimizes defensiveness, facilitating a positive discussion. The goal is to engage in a continuous internal feedback loop that allows you to walk through all four quadrants in the moment to help promote self-awareness. With heightened self-awareness, you may (1) remain curious and ask questions, (2) check-in for understanding and clarification, and (3) build consensus through agreement on shared purpose and next steps.

    Observations: Sensory data (information you take in through your senses), primarily what you see and hear. What a video camera would record.

    Thoughts: The meaning you add to your observations (i.e. the way you make sense of them, including your beliefs, expectations, assumptions, judgments, values, and principles). We call this the "story you make up."

    Feelings: Your emotional or physiological response to the thoughts and observations. Feelings words such as sad, mad, glad, scared, or a description of what is happening in your body.

    Wants: Clear description of the outcome you seek. Wants go deeper than a simple request for action. Once you clearly state what you want, there may be different ways to achieve it.

    Go to this link to explore more: Experience Cube

    Research Contributors and Experts

    Photo of Joanne Lee
    Joanne Lee
    Principal, Research Director, CIO Advisory
    Info-Tech Research Group

    Joanne is a professional executive with over twenty-five years of experience in digital technology and management consulting spanning healthcare, government, municipal, and commercial sectors across Canada and globally. She has successfully led several large, complex digital and business transformation programs. A consummate strategist, her expertise spans digital and technology strategy, organizational redesign, large complex digital and business transformation, governance, process redesign, and PPM. Prior to joining Info-Tech Research Group, Joanne was a Director with KPMG's CIO Advisory management consulting services and the Digital Health practice lead for Western Canada. She brings a practical and evidence-based approach to complex problems enabled by technology.

    Joanne holds a Master's degree in Business and Health Policy from the University of Toronto and a Bachelor of Science (Nursing) from the University of British Columbia.



    Photo of Gord Harrison
    Gord Harrison
    Senior Vice President, Research and Advisory
    Info-Tech Research Group

    Gord Harrison, SVP, Research and Consulting, has been with Info-Tech Research Group since 2002. In that time, Gord leveraged his experience as the company's CIO, VP Research Operations, and SVP Research to bring the consulting and research teams together under his current role, and to further develop Info-Tech's practical, tactical, and value-oriented research product to the benefit of both organizations.

    Prior to Info-Tech, Gord was an IT consultant for many years with a focus on business analysis, software development, technical architecture, and project management. His background of educational game software development, and later, insurance industry application development gave him a well-rounded foundation in many IT topics. Gord prides himself on bringing order out of chaos and his customer-first, early value agile philosophy keeps him focused on delivering exceptional experiences to our customers.



    Photo of Angela Diop
    Angela Diop
    Senior Director, Executive Services
    Info-Tech Research Group

    Angela has over twenty-five years of experience in healthcare, as both a healthcare provider and IT professional. She has spent over fifteen years leading technology departments and implementing, integrating, managing, and optimizing patient-facing and clinical information systems. She believes that a key to a healthcare organization's ability to optimize health information systems and infrastructure is to break the silos that exist in healthcare organizations.

    Prior to joining Info-Tech, Angela was the Vice President of Information Services with Unity Health Care. She has demonstrated leadership and success in this area by fostering environments where business and IT collaborate to create systems and governance that are critical to providing patient care and sustaining organizational health.

    Angela has a Bachelor of Science in Systems Engineering and Design from the University of Illinois and a Doctorate of Naturopathic Medicine from Bastyr University. She is a Certified CIO with the College of Healthcare Information Management Executives. She is a two-time Health Information Systems Society (HIMSS) Davies winner.



    Photo of Edison Barreto
    Edison Barreto
    Senior Director, Executive Services
    Info-Tech Research Group

    Edison is a dynamic technology leader with experience growing different enterprises and changing IT through creating fast-paced organizations with cultural, modernization, and digital transformation initiatives. He is well versed in creating IT and business cross-functional leadership teams to align business goals with IT modernization and revenue growth. Over twenty-five years of Gaming, Hospitality, Retail, and F&B experience has given him a unique perspective on guiding and coaching the creation of IT department roadmaps to focus on business needs and execute successful changes.

    Edison has broad business sector experience, including:
    Hospitality, Gaming, Sports and Entertainment, IT policy and oversight, IT modernization, Cloud first programs, R&D, PCI, GRDP, Regulatory oversight, Mergers acquisitions and divestitures.



    Photo of Mike Tweedie
    Mike Tweedie
    Practice Lead, CIO Strategy
    Info-Tech Research Group

    Michael Tweedie is the Practice Lead, CIO – IT Strategy at Info-Tech Research Group, specializing in creating and delivering client-driven, project-based, practical research, and advisory. He brings more than twenty-five years of experience in technology and IT services as well as success in large enterprise digital transformations.

    Prior to joining Info-Tech, Mike was responsible for technology at ADP Canada. In that role, Mike led several large transformation projects that covered core infrastructure, applications, and services and worked closely with and aligned vendors and partners. The results were seamless and transparent migrations to current services, like public cloud, and a completely revamped end-user landscape that allowed for and supported a fully remote workforce.

    Prior to ADP, Mike was the North American Head of Engineering and Service Offerings for a large French IT services firm, with a focus on cloud adoption and complex ERP deployment and management; he managed large, diverse global teams and had responsibilities for end-to-end P&L management.

    Mike holds a Bachelor's degree in Architecture from Ryerson University.



    Photo of Carlene McCubbin
    Carlene McCubbin
    Practice Lead, People and Leadership
    Info-Tech Research Group

    Carlene McCubbin is a Research Lead for the CIO Advisory Practice at Info-Tech Research Group covering key topics in operating models & design, governance, and human capital development.

    During her tenure at Info-Tech, Carlene has led the development of Info-Tech's Organization and Leadership practice and worked with multiple clients to leverage the methodologies by creating custom programs to fit each organization's needs.

    Before joining Info-Tech, Carlene received her Master of Communications Management from McGill University, where she studied development of internal and external communications, government relations, and change management. Her education honed her abilities in rigorous research, data analysis, writing, and understanding the organization holistically, which has served her well in the business IT world.



    Photo of Anubhav Sharma
    Anubhav Sharma
    Research Director, CIO Strategy
    Info-Tech Research Group

    Anubhav is a digital strategy and execution professional with extensive experience in leading large-scale transformation mandates for organizations both in North America and globally, including defining digital strategies for leading banks and spearheading a large-scale transformation project for a global logistics pioneer across ten countries. Prior to joining Info-Tech Research Group, he held several industry and consulting positions in Fortune 500 companies driving their business and technology strategies. In 2023, he was recognized as a "Top 50 Digital Innovator in Banking" by industry peers.

    Anubhav holds an MBA in Strategy from HEC Paris, a Master's degree in Finance from IIT-Delhi, and a Bachelor's degree in Engineering.



    Photo of Kim Osborne-Rodriguez
    Kim Osborne-Rodriguez
    Research Director, CIO Strategy
    Info-Tech Research Group

    Kim is a professional engineer and Registered Communications Distribution Designer (RCDD) with over a decade of experience in management and engineering consulting spanning healthcare, higher education, and commercial sectors. She has worked on some of the largest hospital construction projects in Canada, from early visioning and IT strategy through to design, specifications, and construction administration. She brings a practical and evidence-based approach to digital transformation, with a track record of supporting successful implementations.

    Kim holds a Bachelor's degree in Mechatronics Engineering from University of Waterloo.



    Photo of Amanda Mathieson
    Amanda Mathieson
    Research Director, People and Leadership
    Info-Tech Research Group

    Amanda joined Info-Tech Research Group in 2019 and brings twenty years of expertise working in Canada, the US, and globally. Her expertise in leadership development, organizational change management, and performance and talent management comes from her experience in various industries spanning pharmaceutical, retail insurance, and financial services. She takes a practical, experiential approach to people and leadership development that is grounded in adult learning methodologies and leadership theory. She is passionate about identifying and developing potential talent, as well as ensuring the success of leaders as they transition into more senior roles.

    Amanda has a Bachelor of Commerce degree and Master of Arts in Organization and Leadership Development from Fielding Graduate University, as well as a post-graduate diploma in Adult Learning Methodologies from St. Francis Xavier University. She also has certifications in Emotional Intelligence – EQ-i 2.0 & 360, Prosci ADKAR® Change Management, and Myers-Briggs Type Indicator Step I and II.

    Bibliography

    Bacey, Christopher. "KPMG/Harvey Nash CIO Survey finds most organizations lack enterprise-wide digital strategy." Harvey Nash/KPMG CIO Survey. Accessed Jan. 6, 2023. KPMG News Perspective - KPMG.us.com

    Calvert, Wu-Pong Susanna. "The Importance of Rapport. Five tips for creating conversational reciprocity." Psychology Today Magazine. June 30, 2022. Accessed Feb. 10, 2023. psychologytoday.com/blog

    Coaches Council. "14 Ways to Build More Meaningful Professional Relationships." Forbes Magazine. September 16, 2020. Accessed Feb. 20, 2023. forbes.com/forbescoachescouncil

    Council members. "How to Build Authentic Business Relationships." Forbes Magazine. June 15, 2021. Accessed Jan. 15, 2023. Forbes.com/business council

    Deloitte. "Chief Information Officer (CIO) Labs. Transform and advance the role of the CIO." The CIO program. Accessed Feb. 5, 2021.

    Dharsarathy, Anusha et al. "The CIO challenge: Modern business needs a new kind of tech leader." McKinsey and Company. January 27, 2020. Accessed Feb 2023. Mckinsey.com

    DiSC profile. "What is DiSC?" DiSC Profile Website. Accessed Feb. 5, 2023. discprofile.com

    FIRO Assessment. "Better working relationships". Myers Brigg Website. Resource document downloaded Feb. 10, 2023. myersbriggs.com/article

    Fripp, Patricia. "Frippicisms." Website. Accessed Feb. 25, 2023. fripp.com

    Grossman, Rhys. "The Rise of the Chief Digital Officer." Russell Reynolds Insights, January 1, 2012. Accessed Jan. 5, 2023. Rise of the Chief Digital Officer - russellreynolds.com

    Kambil, Ajit. "Influencing stakeholders: Persuade, trade, or compel." Deloitte Article. August 9, 2017. Accessed Feb. 19, 2023. www2.deloitte.com/insights

    Kambil, Ajit. "Navigating the C-suite: Managing Stakeholder Relationships." Deloitte Article. March 8, 2017. Accessed Feb. 19, 2023. www2.deloitte.com/insights

    Korn Ferry. "Age and tenure in the C-suite." Kornferry.com. Accessed Jan. 6, 2023. Korn Ferry Study Reveals Trends by Title and Industry

    Kumthekar, Uday. "Communication Channels in Project". Linkedin.com, 3 March 2020. Accessed April 27, 2023. Linkedin.com/Pulse/Communication Channels

    McWilliams, Allison. "Why You Need Effective Relationships at Work." Psychology Today Magazine. May 5, 2022. Accessed Feb. 11, 2023. psychologytoday.com/blog

    McKinsey & Company. "Why do most transformations fail? A conversation with Harry Robinson." Transformation Practice. July 2019. Accessed Jan. 10, 2023. Mckinsey.com

    Mind Tools Content Team. "Building Good Work Relationships." MindTools Article. Accessed Feb. 11, 2023. mindtools.com/building good work relationships

    Pratt, Mary. "Why the CIO-CFO relationship is key to digital success." TechTarget Magazine. November 11, 2021. Accessed Feb. 2023. Techtarget.com

    LaMountain, Dennis. "Quote of the Week: No Involvement, No Commitment". Linkedin.com, 3 April 2016. Accessed April 27, 2023. Linkedin.com/pulse/quote-week-involvement

    PwC Pulse Survey. "Managing Business Risks". PwC Library. 2022. Accessed Jan. 30, 2023. pwc.com/pulse-survey

    Rowell, Darin. "3 Traits of a Strong Professional Relationship." Harvard Business Review. August 8, 2019. Accessed Feb. 20, 2023. hbr.org/2019/Traits of a strong professional relationship

    Sinek, Simon. "The Optimism Company from Simon Sinek." Website. Image Source. Accessed, Feb. 21, 2023. simonsinek.com

    Sinek, Simon. "There are only two ways to influence human behavior: you can manipulate it or you can inspire it." Twitter. Dec 9, 2022. Accessed Feb. 20, 2023. twitter.com/simonsinek

    Whitbourne, Susan Krauss. "10 Ways to Measure the Health of Relationship." Psychology Today Magazine. Aug. 7, 2021. Accessed Jan. 30, 2023. psychologytoday.com/blog

    Collaborate Effectively in Microsoft Teams

    • Buy Link or Shortcode: {j2store}63|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications

    Your organization has adopted Microsoft Teams, but users are not maximizing their use of it.

    • IT needs to support the business to get the best value out of Microsoft Teams: managing Teams effectively while also enabling end users to use Teams creatively.
    • IT must follow best practices for evaluation of new functionality when integrating Microsoft and third-party apps and also communicate changes to end users.
    • Due in part to the frequent addition of new features and lack of communication and training, many organizations don’t know which apps would benefit their users.

    Our Advice

    Critical Insight

    Collaboration is as much an art as a science. IT can help users collaborate more effectively in Teams by removing friction – while still maintaining guardrails – for users attempting to build out and experiment with features and capabilities.

    Impact and Result

    Use Info-Tech’s Collaborate Effectively in Microsoft Teams to help collaboration flourish:

    • Collate key organizational collaboration use cases.
    • Prioritize the most important Teams apps and features to support use cases.
    • Implement request process for new Teams apps.
    • Communicate new Teams collaboration functionality.

    Collaborate Effectively in Microsoft Teams Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Collaborate Effectively in Microsoft Teams Deck – Maximize the use of your chosen collaboration software solution.

    Set up your users for Teams collaboration success. Create a process that improves their ability to access, understand, and maximize their use of your chosen collaboration software solution.

    • Collaborate Effectively in Microsoft Teams Storyboard

    2. Microsoft Teams End-User Satisfaction Survey – Capture end-user feedback on their collaborative use of Microsoft Teams.

    The survey responses will inform your organization's collaboration use cases for Teams and help you to identify which features and apps to enable.

    • Microsoft Teams End-User Satisfaction Survey

    3. Microsoft Teams Planning Tool – A tool to help prioritize features to implement.

    Use this Excel tool to help you document the organization’s key collaboration use cases and prioritize which Teams apps to implement and encourage adoption on.

    • Microsoft Teams Planning Tool
    [infographic]

    Further reading

    Collaborate Effectively in Microsoft Teams

    Empower your users to explore Teams collaboration beyond the basics.

    Analyst Perspective

    Life after Teams implementation

    You have adopted Teams, implemented it, and painted an early picture for your users on the basics. However, your organization is not yet maximizing its use of Teams' collaboration capabilities. Although web conferencing, channel-based collaboration, and chat are the most obvious ways Teams supports collaboration, users must explore Teams' functionality further to harness the application's full potential.

    You should enable your users to expand their collaboration use cases in Teams, but not at the risk of being flooded with app requests, nor user confusion or dissatisfaction. Instead, develop a process to evaluate and integrate new apps that will benefit the organization. Encourage your users to request new apps that will benefit them, while proactively planning for app integration that users should be alerted to.

    Photo of Emily Sugerman, Research Analyst, Infrastructure and Operations, Info-Tech Research Group. Emily Sugerman
    Research Analyst, Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Your organization has adopted Microsoft Teams, but users are not getting the maximum benefit.

    • IT needs to support the business to get the best value out of Microsoft Teams: managing Teams effectively while enabling end-user creativity.
    • IT must follow best practices for evaluating new functionality when integrating Microsoft and third-party apps, while communicating changes to end users.
    • Due partly to the frequent addition of new features and lack of communication and training, many organizations don't know which apps would benefit their users.

    Common Obstacles

    • Users are unenthusiastic about exploring Teams further due to negative past experiences, preference for other applications, or indifference.
    • End users are unaware of the available range of features. When they become aware and try to add unapproved or unlicensed apps, they experience the frustration of being declined.
    • Users seek support from IT who are unfamiliar with new Teams features an apps, or with supporting Teams beyond the basics.
    • IT teams have no process to raise end-user awareness of these apps and functionality.

    Info-Tech's Approach

    Use Info-Tech's Collaborate Effectively in Microsoft Teams to help collaboration flourish:

    • Collate key organizational collaboration use cases
    • Prioritize the most important Teams apps and features to support use cases
    • Implement request process for new Teams apps
    • Communicate new Teams collaboration functionality

    Info-Tech Insight

    Collaboration is as much an art as a science. IT can help users collaborate more effectively in Teams by removing friction – while still maintaining guardrails – for users attempting to build out and experiment with features and capabilities.

    Are your users in a Teams rut?

    Are users failing to maximize their use of Teams to collaborate and get work done?

    Teams can do much more than chat, video conferencing, and document sharing. A fully-deployed Teams also lets users leverage apps and advanced collaboration features.

    However, IT must create a process for evaluating and approving Microsoft and third-party apps, and for communicating changes to end users.

    In the end, IT needs to support the business to get the best value out of Microsoft Teams: managing Teams effectively while also enabling end-user creativity.

    Third-party app use in Teams is rising:

    “Within Teams, the third-party apps with 10,000 users and above rose nearly 40% year-over-year.”
    Source: UC Today, 2023.

    Collaborate effectively in Microsoft Teams

    Set up your users for Teams collaboration success. Create a process that improves their ability to access, understand, and maximize their use of your chosen collaboration software solution.

    Challenges with Teams collaboration

    • Lack of motivation to explore available features
    • Scattered information
    • Lack of comfort using Teams beyond the basics
    • Blocked apps
    • Overlapping features
    • Confusing permissions

    Empowering Collaboration in Microsoft Teams

    1. Identify current collaboration challenges and use cases in Teams
    2. Create Teams app request workflows
    3. Set up communication hubs in Teams
    4. Empower end users to customize their Teams for effective collaboration

    Solution

    • Collate key organizational collaboration use cases
    • Prioritize the most important Teams apps and features to support use cases
    • Implement request process for new Teams apps
    • Communicate new Teams collaboration functionality

    Project deliverables

    Use these tools to develop your plan to enable effective collaboration in Microsoft Teams.

    Key deliverable:

    Microsoft Teams Planning Tool

    An Excel tool for documenting the organization's key collaboration use cases and prioritizing which Teams apps to implement and encourage adoption of.

    Sample of the Microsoft Teams Planning Tool deliverable.

    Additional support:

    Microsoft Teams End-User Satisfaction Survey

    Use or adapt this survey to capture user perception of how effectively Teams supports collaboration needs.

    Sample of the End-user satisfaction survey deliverable.

    Insight Summary

    Key Insight:

    Collaboration is as much an art as a science. IT can help users collaborate more effectively in Teams by removing friction – while still maintaining guardrails – for users attempting to build out and experiment with features and capabilities.

    Additional insights:

    Insight 1

    Users can browse the Teams app store and attempt to add unapproved apps, but they may not be able to distinguish between available and blocked apps. To avoid a bad user experience, communicate which apps they can add without additional approval and which they will need to send through an approval process.

    Insight 2

    Teams lets you customize the message users see when they request unapproved apps and/or redirect their request to your own URL. Review this step in the request process to ensure users are seeing the instructions that they need to see.

    Insight 3

    A Teams hub is where users can access a service catalog of approved Teams apps and submit service requests for new ones via the Make a Request button.

    Section 1: Collaborating Effectively in Teams for IT

    Section 1

    Collaborating Effectively in Teams for IT

    Section 2

    Collaborating Effectively in Teams for End Users

    Stop: Do you need the Teams Cookbook?

    If you:

    • are at the Teams implementation stage,
    • require IT best practices for initial governance of Teams creation, or
    • require end-user best practices for basic Teams functionality …

    Consult the Microsoft Teams Cookbook first.

    Understand the Microsoft vision of Teams collaboration

    Does it work for you?

    Microsoft's vision for Teams collaboration is to enable end-user freedom. For example, out of the box, users can create their own teams and channels unless IT restricts this ability.

    Teams is meant to be more than just chats and meetings. Microsoft is pushing Teams app integration so that Teams becomes, essentially, a landing page from which users can centralize their work and org updates.

    In partnership with the business, IT must determine which guardrails are necessary to balance end-user collaboration and creativity with the need for governance and control.

    Why is it difficult to increase the caliber of collaboration in Teams?

    Because collaboration is inherently messy, complex, and creative

    Schubert & Glitsch find that enterprise collaboration systems (such as Teams) have characteristics that reflect the unstructured and creative nature of collaboration. These systems “are designed to support joint work among people in the workplace. . . [They] contain, for the most part, unstructured content such as documents, blogs, or news posts,” and their implementations “are often reported to follow a ‘bottom up' and rather experimental introduction approach.” The open-endedness of the tool requires users to be able to creatively and voluntarily apply it, which in turn requires more enterprise effort to help increase adoption over time through trial and error.

    Source: Procedia Computer Science, 2015

    Info-Tech Insight

    Collaboration is as much an art as a science. IT can help users collaborate more effectively in Teams by removing friction – while still maintaining guardrails – for users attempting to build out and experiment with features and capabilities.

    Activity 1: Identify current challenges

    Input: Team input, Survey results
    Output: List of Teams challenges experienced by the organization
    Materials: Whiteboard (digital or physical)
    Participants: Teams collaboration working group

    First, identify what works and what doesn't for your users in Teams

    • Have users reported any challenges with Teams as their primary means of channel-based collaboration? Run a short survey to capture end-user sentiment on how Teams works for them. This survey can be set up and distributed through Microsoft Forms. Distribute either to the whole organization or a specific focus group. Gather feedback from users on the following: What are the major ways they need to collaborate to do their jobs? What IT-supported tools do they need to support this collaboration? What specific aspects of Teams do they want to better exploit?
    • If you send out transactional surveys on service desk tickets, run a report on Teams-related tickets to identify common complaints.
    • Brainstorm Teams challenges IT has experienced personally or have seen reported – especially difficulties with collaboration.
    • Once you have the data, group the challenges into themes. Are the challenges specifically related to collaboration? Data issues? Support issues? Access issues? Technical issues? Document them in tab 2 of the Microsoft Teams Planning Tool.

    Download the Microsoft Teams End-User Satisfaction Survey template

    Define your organization's key collaboration scenarios

    Next, identify what users need to do in Teams

    The term collaboration scenarios has been proposed to describe the types of collaboration behavior your software – in this case, Teams – must support (Schubert & Glitsch, 2015). A successful implementation of this kind of tool requires that you “identif[y] use cases and collaboration scenarios that best suit a specific company and the people working in it” (Schubert & Glitsch, 2016).

    Teams tends to support the following kinds of collaboration and productivity goals (see list).

    What types of collaboration scenarios arise in the user feedback in the previous activity? What do users most need to do?

    Be proactive: Configure Microsoft Teams to match collaboration scenarios/use cases your users must engage in. This will help prevent an increase in shadow IT, where users attempt to bring in unapproved/unreviewed software that might duplicate your existing service catalog and/or circumvent the proper review and procurement process.

    MS Teams Use Cases

    1. Gather feedback
    2. Collaboratively create content
    3. Improve project & task management
    4. Add media content
    5. Conduct knowledge management
    6. Increase meeting effectiveness
    7. Increase employee engagement
    8. Enhance professional development
    9. Provide or access support
    10. Add third-party apps

    Activity 2: Match your collaboration scenarios to Teams capabilities

    Input: Collaboration scenarios, Teams use cases
    Output: Ranked list of Teams features to implement and/or promote
    Materials: Microsoft Teams Planning Tool
    Participants: Teams collaboration working group

    Which features support the key collaboration use cases?

    1. Using the Microsoft Teams Planning Tool, list your organization's key collaboration scenarios. Draw on the data returned in the previous activity. List them in Tab 2.
    2. See the following slide for the types of collaboration use cases Teams is designed to support. In the planning tool, select use cases that best match your organizational collaboration scenarios.
    3. Dive into more specific features on Tab 3, which are categorized by collaboration use case. Where do users' collaboration needs align with Teams' inherent capabilities? Add lines in Tab C for the third-party apps that you are considering adding to Teams.
    4. In columns B and C of Tab 3, decide and prioritize the candidates for implementation. Review the list of prioritized features on tab 4.

    NB: Microsoft has introduced a Teams Premium offering, with additional capabilities for meetings and webinars (including customized banding, meeting watermarks, and virtual webinar green rooms) and will paywall some features previously available without Premium (live caption translations, meeting data on attendee departure/arrival times) (“What is Microsoft Teams Premium?”, n.d.)

    Download the Microsoft Teams Planning Tool

    MS Teams productivity & collab features

    Teams apps & collaboration features enable the following types of work. When designing collaboration use cases, identify which types of collaboration are necessary, then explore each category in depth.

    1. Gather feedback

      Solicit feedback and comments, and provide updates
    2. Collaboratively create content

      Compose as a group, with live-synced changes
    3. Improve project & task management

      Keep track of projects and tasks
    4. Add media content

      Enrich Teams conversations with media, and keep a library of video resources
    5. Knowledge management

      Pull together document libraries and make information easier to find
    6. Increase meeting effectiveness

      Facilitate interactions and document meeting outcomes
    7. Increase employee engagement

      Use features that enhance social interaction among Teams users
    8. Enhance professional development

      Find resources to help achieve professional goals
    9. Provide or access support

      IT and user-facing resources for accessing and/or providing support
    10. Add third-party apps

      Understand the availability/restrictions of the built-in Teams app catalog

    The Teams app store

    • The lure of the app store: Your users will encounter a mix of supported and unsupported applications, some of which they can access, some for which you have no licenses, some built by your organization, some built by Microsoft or third parties. However, the distinction between these categories may not be immediately apparent to users. Microsoft does not remove blocked apps from users' view.
    • Users may attempt to add unsupported apps and then receive error messages or prompts to send a request through Teams to IT for approval.
    • App add-ins are not limited to those built by Microsoft Corporation. The Teams app store also features a plethora of third-party apps that can provide value.
    • However, their third-party status introduces another set of complications.
    • Attempting to add third-party apps may expose users to sales pitches and encourage the implementation of shadow IT, circumventing the IT request process.

    Info-Tech Insight

    Users can browse and attempt to add unapproved apps in the Teams app store, but they may have difficulty distinguishing between available and blocked apps. To avoid a bad user experience, communicate to your users which apps they can add without additional approval, and which must be sent through an approval process.

    Decide how you will evaluate requests for new Teams apps

    • As you encourage users to explore and fully utilize Teams, you may see increased requests for admin approval for apps you do not currently support.
    • To prevent disorganized response and user dissatisfaction, build out a workflow for handling new/unapproved Teams app requests. Ensure the workflow accounts for Microsoft and third-party apps.
    • What must you consider when integrating third-party tools? You must have control over what users may add. These requests should follow, or build upon, your existing process for non-standard requests, including a process for communicating the change.
    • Track the fulfillment time for Teams app requests. The longer the user must wait for a response, the more their satisfaction will decline.

    icrosoft suggests that you regularly review the app usage report in the Teams admin center as “a signal about the demand for an app within your organization.” This will help you proactively determine which apps to evaluate for approval.

    Build request workflow for unsupported Teams apps

    What are the key steps?

    1. Request comes in
    2. Review by a technical review team
    3. Review by service desk or business analyst
    4. Additional operational technical reviews if necessary
    5. Procurement and installation
    6. Communication of result to requester
    7. App added to the catalog so it can be used by others

    Example workflow of a 'Non-Standard Software Request Process'.

    Info-Tech Insight

    Teams allows you to customize the message users see when they request an unapproved app and/or redirect their request to your own URL. Review this step in the request process to ensure your users are seeing the instructions that they need to see.

    Download the Service Request Workflow library

    Incorporate new approved service requests into a service request catalog

    Follow the process in Reduce Shadow IT With a Service Request Catalog to build out a robust request management process and service catalog to continuously incorporate new non-standard requests and advertise new Teams apps:

    • Design the service
    • Design the catalog
    • Build the catalog
    • Market the service

    Sample of the 'Reduce Shadow IT With a Service Request Catalog' blueprint.

    Add a company hub to Teams

    Use Teams to help users access the company intranet for organizational information that is relevant to their roles.

    This can be done in two ways:

    1. By adding a SharePoint home site to Teams.
    2. By leveraging Viva Connections: A hub to access other apps and Viva services. The user sees a personalized dashboard, feed, and resources.

    Venn diagram with two circles 'Viva Connections - App-based employee experience where individuals get their work done' and 'Home Sites - Portal that features organizational news, events, and supplemental resources'. The overlapping middle has a list: 'News, Shared navigation, Integrates with M365, Developer platforms & management, Audience targeting, Web parts, Permissions'. (Venn diagram recreated from Microsoft Learn, 2023.)

    Info-Tech Insight

    The hub is where users can access a service catalog of approved Teams apps and submit service requests for a new one via a Make a Request button.

    Communicate changes to Teams

    Let end users know what's available and how to add new productivity tools.

    Where will users find approved Teams apps? How will you inform people about what's available? Once a new app is available, how is this communicated?

    Options:

    • Communicate new Teams features in high-visibility places (e.g. the Hub).
    • Leverage the Power Apps Bulletins app in Teams to communicate regular announcements about new features.
    • Create a company-wide Team with a channel called “What's New in Teams.” Post updates on new features and integrations, and link to more detailed knowledgebase articles on how to use the new features.
    • Aim for the sweet spot of communication frequency: not too much nor too little.

    Measure your success

    Determine how you will evaluate the success of your efforts to improve the Teams collaboration experience

    Improved satisfaction with Teams: Increased net promoter score (NPS)

    Utilization of features: Increased daily average users on key features, apps, integrations

    Timeliness: % of SLAs met for service request fulfillment

    Improved communication to end users about Teams' functionality: Satisfaction with knowledgebase articles on Teams

    Satisfaction with communication from IT

    Section 2: Collaborating Effectively in Teams for End Users

    Section 1

    Collaborating Effectively in Teams for IT

    Section 2

    Collaborating Effectively in Teams for End Users

    For IT: Use this section to help users understand Teams collaboration features

    Share the collateral in this section with your users to support their deeper exploration of Teams collaboration.

    • Use the Microsoft Teams Planning Tool to prepare a simple service catalog of the features and apps available to your users.
    • Edit Tab 2 (MS Teams Collab Features & Apps) by deleting the blocked apps/features.
    • Share this document with your users by linking to it via this image on the following slides:
    Sample of the Microsoft Teams Planning Tool deliverable.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    End-user customization of Teams

    Consider how you want to set up your Teams view. Add the apps you already use to have them at your fingertips in Teams.

    You can . . .

    1. Customize your navigation bar by pinning your preferred apps and working with them within Teams (Microsoft calls these personal apps).
    2. Customize your message bar by adding the app extensions you find most useful. Screenshot of the message bar with the 3-dot highlighted.
    3. Customize chats and Teams by adding tabs with content your group needs frequent access to. Screenshot of MS Teams tabs with the plus sign highlighted.
    4. Set up connectors to send notifications from apps to a Team and bots to answer questions and automate simple tasks. Screenshot of the 'Set up a connector' button.

    Learn more from Microsoft here

    MS Teams productivity & collab features

    The Apps catalog includes a range of apps that users may add to channels, chat, or the navigation bar. Teams also possesses other collaboration features that may be underused in your organization.

    1. Gather feedback

      Solicit feedback and comments, and provide updates
    2. Collaboratively create content

      Compose as a group, with live-synced changes
    3. Improve project & task management

      Keep track of projects and tasks
    4. Add media content

      Enrich Teams conversations with media, and keep a library of video resources
    5. Knowledge management

      Pull together document libraries and make information easier to find
    6. Increase meeting effectiveness

      Facilitate interactions and document meeting outcomes
    7. Increase employee engagement

      Use features that enhance social interaction among Teams users
    8. Enhance professional development

      Find resources to help achieve professional goals
    9. Provide or access support

      IT and user-facing resources for accessing and/or providing support
    10. Add third-party apps

      Understand the availability/restrictions of the built-in Teams app catalog

    Samples of four features: 'Prioritize with a voting table', 'Launch a live meeting poll', 'Launch a survey', and 'Request an update'.

    Download the Microsoft Teams Collaboration Tool for an expanded list of features & apps

    Use integrated Teams features to gather feedback and provide updates

    • Vote: Create a list of items for teams to brainstorm pros and cons, and then tabulate votes on. This component can be edited inline by anyone with whom the component is shared. The edits will sync anywhere the component is shared.
    • Meeting polls: Capture instant feedback from teams, chat, and call participants. Participant anonymity can be set by the poll organizer. Results can be exported.
    • Create surveys and quizzes and share the results. Results can be exported.
    • Create, track, and review updates and progress reports from teams and individuals.

    Collaboratively create content

    Samples of four features: 'Add Office suite docs', 'Brainstorm in Whiteboard', 'Add Loop components', and 'Take notes in OneNote'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Use integrated Teams features composed as a group, with live-synced changes

    • Microsoft Office documents: Add/upload files to a chat or channel discussion. Find them again in the Files tab or add the file itself as a tab to a chat or channel and edit it within Teams.
    • Brainstorm with the Whiteboard application. Add a whiteboard to a tab or to a meeting.
    • Add Loop components to a chat: Create a list, checklist, paragraph, or table that can be edited in real time by anyone in the chat.
    • Add OneNote to a chat or channel tab or use during a meeting to take notes. Pin OneNote to your app bar if it's one of your most frequently-used apps.

    Improve project & task management

    Samples of four features: 'Request approvals and updates', 'Add & track tasks', 'Create a personal notespace', and 'Manage workflows'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Keep track of projects and tasks

    • Use the Approvals and Update apps to create, track, and respond to requests for approvals and progress reports within Teams.
    • Use Tasks by Planner & To Do to track both individual and team tasks. Pin the Tasks app to the app bar, add a plan as a tab to a Team, and turn any Teams message into a task by right-clicking on it.
    • Start a chat with yourself to maintain a private space to jot down quick notes.
    • Add Lists to a Teams channel.
    • Explore automation: Add pre-built Teams workflows from the Workflows app, or build new ones in PowerAutomate
    • IT teams may leverage Teams apps like Azure Boards, Pipelines, Repos, AD notifications, and GitHub.

    Add media content

    Samples of four features: 'Share news stories', 'Share YouTube videos', 'Share Stream content', and 'Add RSS feeds'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Enrich Teams conversations with media, and keep a library of video resources

    • Search for and add specific news stories to a chat or channel. See recent news stories in search.
    • Search, share, and watch YouTube videos.
    • Share video links from Microsoft Stream.
    • Add RSS feeds.

    Knowledge management

    Samples of four features: 'SharePoint Pages', 'SharePoint document library', 'SharePoint News', and 'Who'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Pull together document libraries and make information easier to find

    • Add a page from an existing SharePoint site to a Team as a tab.
    • Add a SharePoint document library to a Team as a tab.
    • Search names of members of your organization to learn about their role, place in the organizational structure, and contact information.

    Increase meeting effectiveness

    Samples of four features: 'Take meeting notes', 'Set up a Q&A', 'Use live captions', and 'Record and transcribe meetings'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Facilitate interactions and document meeting outcomes

    • Take simple notes during a meeting.
    • Start conversations and ask and answer questions in a dedicated Q&A space during the Teams meeting.
    • Turn on live captions during the meeting.
    • Record a meeting and automatically generate a transcript of the meeting.
    • Assign attendees to breakout rooms.
    • Track the effectiveness of the meeting by producing an attendance report with the number of attendees, the meeting start/end time, a list of the attendees, and participation in activities.

    Increase employee engagement

    Samples of four features: 'Send praise', 'Build an avatar', 'Add video effects', and 'Play games during meetings'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Use features that enhance social interaction among Teams users

    • Send supportive comments to colleagues using Praise.
    • Build out digital avatars to toggle on during meetings instead of your own video.
    • Apply different visual effects, filters, and backgrounds to your screen during meetings.
    • Games for Work: Launch icebreaker games during a meeting.
    • Translate a Teams message from another language to your default language.
    • Send emojis, GIFs, and stickers in messages or as reactions to others' messages. You can also send reactions live during meetings to increase meeting engagement.

    Enhance professional development

    Samples of four features: 'Launch Viva Learning', 'Turn on Speaker Coach', 'Viva Insights', and 'Viva Goals'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    Connect with learning resources and apply data-driven feedback based on Teams usage

    • Add learning materials from various course catalogs in Viva Learning.
    • Speaker Coach: Receive AI feedback on your performance as a speaker during a meeting.
    • Receive automatically generated insights and suggestions from Viva Insights on work habits and time allocation to different work activities.
    • Viva Goals: Track organizational "objectives and key results"/manage organizational goals

    Provide or access support

    Samples of four features: 'Access MS Support', 'Manage Teams & M365', 'Deploy power virtual agents', and 'Consult MS resource center'.

    Download the Microsoft Teams Planning Tool for an expanded list of features & apps

    IT and user-facing resources for accessing or providing support

    • Admin: Carry out simple Teams management tasks (for IT).
    • Power Virtual Agents: Build out chatbots to answer user questions (can be built by IT and end users for their customers).
    • Resource Center: A combination of pre-built Microsoft resources (tips, templates) with resources provided by organizational IT.
    • Support: Access Microsoft self-serve knowledgebase articles (for IT).

    Add third-party apps

    Understand the availability/restrictions of the built-in Teams app catalog

    • App add-ins are not limited to those built by Microsoft Corporation. The Teams app store also features a plethora of third-party apps that may provide value.
    • However, being able to view an app in the app store does not necessarily mean it's supported or licensed by your organization.
    • Teams will allow users to request access to apps, which will then be evaluated by your IT support team. Follow your service desk's recommended request process for requesting and justifying the addition of a new Teams app that is not currently supported.
    • Before making the request, investigate existing Teams features to determine if the functionality is already available.

    Research contributors

    Mike Cavanagh
    Global Service Desk Manager
    Clearwater Seafoods LP

    Info-Tech contributors:

    Benedict Chang, Senior Advisory Analyst

    John Donovan, Principal Research Director

    Allison Kinnaird, Practice Lead

    P.J. Ryan, Research Director

    Natalie Sansone, Research Director

    Christine West, Managing Partner

    Related Info-Tech Research

    Sample of the 'Reduce Shadow IT with a Service Request Catalog' blueprint.

    Reduce Shadow IT With a Service Request Catalog

    Foster business relationships through sourcing-as-a-service. There is a direct correlation between service delivery dissatisfaction and increases in shadow IT. Whether the goal is to reduce shadow IT or gain control, improved customer service and fast delivery are key to making lasting changes.

    Sample of the 'Microsoft Teams Cookbook' blueprint.

    Microsoft Teams Cookbook

    Recipes for best practices and use cases for Teams. Microsoft Teams is not a standalone app. Successful utilization of Teams occurs when conceived in the broader context of how it integrates with M365. Understanding how information flows between Teams, SharePoint Online, and OneDrive for Business, for instance, will aid governance with permissions, information storage, and file sharing.

    Sample of the 'Govern Office 365 (M365)' blueprint.

    Govern Office 365

    You bought it. Use it right. Map your organizational goals to the administration features available in the Office 365/M365 console. Your governance should reflect your requirements.

    Bibliography

    Mehta, Tejas. “The Home Site App for Microsoft Teams.” Microsoft Community Hub. https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/the-home-site-app-for-microsoft-teams/ba-p/1714255.

    Overview: Viva Connections. 7 Mar. 2023, https://learn.microsoft.com/en-us/viva/connections/viva-connections-overview.

    Rogers, Laura. “SharePoint Home Site in Teams.” Wonderlaura, 24 Jun 2021. https://wonderlaura.com/2021/06/24/sharepoint-home...

    Schubert, Petra, and Johannes H. Glitsch. “Adding Structure to Enterprise Collaboration Systems: Identification of Use Cases and Collaboration Scenarios.” Procedia Computer Science, vol. 64, Jan. 2015, pp. 161–69. ScienceDirect, https://doi.org/10.1016/j.procs.2015.08.477.

    Schubert, Petra, and Johannes Glitsch. “Use Cases and Collaboration Scenarios: How Employees Use Socially-Enabled Enterprise Collaboration Systems (ECS).” International Journal of Information Systems and Project Management, vol. 4, no. 2, Jan. 2016, pp. 41–62.

    Thompson, Mark. “User Requests for Blocked Apps in the Teams Store.” Supersimple365, 5 Apr 2022, https://supersimple365.com/user-requests-for-apps-...

    “What is Microsoft Teams Premium?” Breakwater IT, n.d., https://breakwaterit.co.uk/guides/microsoft-teams-...

    Wills, Jonny. “Microsoft Teams Monthly Users Hits 280 Million.” UC Today, 25 Jan. 2023, https://www.uctoday.com/unified-communications/microsoft-teams-monthly-users-hits-280-million/.

    Streamline Application Maintenance

    • Buy Link or Shortcode: {j2store}402|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: 20 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Maintenance
    • Parent Category Link: /maintenance
    • Application maintenance teams are accountable for the various requests and incidents coming from a variety business and technical sources. The sheer volume and variety of requests create unmanageable backlogs.
    • The increasing complexity and reliance on technology within the business has set unrealistic expectations on maintenance teams. Stakeholders expect teams to accommodate maintenance without impact on project schedules.

    Our Advice

    Critical Insight

    • Improving maintenance’s focus and attention may mean doing less but more valuable work. Teams need to be realistic about what can be committed and be prepared to justify why certain requests have to be pushed down the backlog (e.g. lack of business value, high risks).
    • Maintenance must be treated like any other development activity. The same intake and prioritization practices and quality standards must be upheld, and best practices followed.

    Impact and Result

    • Justify the necessity of streamlined maintenance. Gain a grounded understanding of stakeholder objectives and concerns, and validate their achievability against the current state of the people, process, and technologies involved in application maintenance.
    • Strengthen triaging and prioritization practices. Obtain a holistic picture of the business and technical impacts, risks, and urgencies of each accepted maintenance requests in order to justify its prioritization and relevance within your backlog. Identify opportunities to bundle requests together or integrate them within project commitments to ensure completion.
    • Establish and govern a repeatable process. Develop a maintenance process with well-defined stage gates, quality controls, and roles and responsibilities, and instill development best practices to improve the success of delivery.

    Streamline Application Maintenance Research & Tools

    Start here – read the Executive Brief

    Read our Executive Brief to understand the common struggles found in application maintenance, their root causes, and the Info-Tech methodology to overcoming these hurdles.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand your maintenance priorities

    Understand the stakeholder priorities driving changes in your application maintenance practice.

    • Streamline Application Maintenance – Phase 1: Assess the Current Maintenance Landscape
    • Application Maintenance Operating Model Template
    • Application Maintenance Resource Capacity Assessment
    • Application Maintenance Maturity Assessment

    2. Instill maintenance governance

    Identify the appropriate level of governance and enforcement to ensure accountability and quality standards are upheld across maintenance practices.

    • Streamline Application Maintenance – Phase 2: Develop a Maintenance Release Schedule

    3. Enhance triaging and prioritization practices

    Build a maintenance triage and prioritization scheme that accommodates business and IT risks and urgencies.

    • Streamline Application Maintenance – Phase 3: Optimize Maintenance Capabilities

    4. Streamline maintenance delivery

    Define and enforce quality standards in maintenance activities and build a high degree of transparency to readily address delivery challenges.

    • Streamline Application Maintenance – Phase 4: Streamline Maintenance Delivery
    • Application Maintenance Business Case Presentation Document
    [infographic]

    Workshop: Streamline Application Maintenance

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Your Maintenance Priorities

    The Purpose

    Understand the business and IT stakeholder priorities driving the success of your application maintenance practice.

    Understand any current issues that are affecting your maintenance practice.

    Key Benefits Achieved

    Awareness of business and IT priorities.

    An understanding of the maturity of your maintenance practices and identification of issues to alleviate.

    Activities

    1.1 Define priorities for enhanced maintenance practices.

    1.2 Conduct a current state assessment of your application maintenance practices.

    Outputs

    List of business and technical priorities

    List of the root-cause issues, constraints, and opportunities of current maintenance practice

    2 Instill Maintenance Governance

    The Purpose

    Define the processes, roles, and points of communication across all maintenance activities.

    Key Benefits Achieved

    An in-depth understanding of all maintenance activities and what they require to function effectively.

    Activities

    2.1 Modify your maintenance process.

    2.2 Define your maintenance roles and responsibilities.

    Outputs

    Application maintenance process flow

    List of metrics to gauge success

    Maintenance roles and responsibilities

    Maintenance communication flow

    3 Enhance Triaging and Prioritization Practices

    The Purpose

    Understand in greater detail the process and people involved in receiving and triaging a request.

    Define your criteria for value, impact, and urgency, and understand how these fit into a prioritization scheme.

    Understand backlog management and release planning tactics to accommodate maintenance.

    Key Benefits Achieved

    An understanding of the stakeholders needed to assess and approve requests.

    The criteria used to build a tailored prioritization scheme.

    Tactics for efficient use of resources and ideal timing of the delivery of changes.

    A process that ensures maintenance teams are always working on tasks that are valuable to the business.

    Activities

    3.1 Review your maintenance intake process.

    3.2 Define a request prioritization scheme.

    3.3 Create a set of practices to manage your backlog and release plans.

    Outputs

    Understanding of the maintenance request intake process

    Approach to assess the impact, urgency, and severity of requests for prioritization

    List of backlog management grooming and release planning practices

    4 Streamline Maintenance Delivery

    The Purpose

    Understand how to apply development best practices and quality standards to application maintenance.

    Learn the methods for monitoring and visualizing maintenance work.

    Key Benefits Achieved

    An understanding of quality standards and the scenarios for where they apply.

    The tactics to monitor and visualize maintenance work.

    Streamlined maintenance delivery process with best practices.

    Activities

    4.1 Define approach to monitor maintenance work.

    4.2 Define application quality attributes.

    4.3 Discuss best practices to enhance maintenance development and deployment.

    Outputs

    Taskboard structure and rules

    Definition of application quality attributes with user scenarios

    List of best practices to streamline maintenance development and deployment

    5 Finalize Your Maintenance Practice

    The Purpose

    Create a target state built from appropriate metrics and attainable goals.

    Consider the required items and steps for the implementation of your optimization initiatives.

    Key Benefits Achieved

    A realistic target state for your optimized application maintenance practice.

    A well-defined and structured roadmap for the implementation of your optimization initiatives.

    Activities

    5.1 Refine your target state maintenance practices.

    5.2 Develop a roadmap to achieve your target state.

    Outputs

    Finalized application maintenance process document

    Roadmap of initiatives to achieve your target state

    Map Your Business Architecture to Define Your Strategy

    • Buy Link or Shortcode: {j2store}579|cart{/j2store}
    • member rating overall impact (scale of 10): 9.4/10 Overall Impact
    • member rating average dollars saved: $357,799 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • Organizations need to innovate rapidly to respond to the changing forces in their industry, but their IT initiatives often fail to deliver meaningful outcomes.
    • Planners face challenges in understanding the relationships between the important customer-focused innovations they’re trying to introduce and the resources (capabilities) that make them possible, including applications, human resources, information, and processes. For example, are we risking the success of a new service offering by underpinning it with a legacy or manual solution?

    Our Advice

    Critical Insight

    Successful execution of business strategy requires planning that:

    1. Accurately reflects organizational capabilities.
    2. Is traceable so all levels can understand how decisions are made.
    3. Makes efficient use of organizational resources.

    To accomplish this, the business architect must engage stakeholders, model the business, and drive planning with business architecture.

    • Business architecture is often regarded as an IT function when its role and tools should be fixtures within the business planning and innovation practice.
    • Any size of organization – from start-ups to global enterprises -- can benefit from using a common language and modeling rigor to identify the opportunities that will produce the greatest impact and value.
    • You don’t need sophisticated modeling software to build an effective business architecture knowledgebase. In fact, the best format for engaging business stakeholders is intuitive visuals using business language.

    Impact and Result

    • Execute more quickly on innovation and transformation initiatives.
    • More effectively target investments in resources and IT according to what goals and requirements are most important.
    • Identify problematic areas (e.g. legacy applications, manual processes) that hinder the business strategy and create inefficiencies in our information technology operation.

    Map Your Business Architecture to Define Your Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Map Your Business Architecture Deck – A step-by-step document that walks you through how to properly engage business and IT in applying a common language and process rigor to build key capabilities required to achieve innovation and growth goals.

    Build a structured, repeatable framework for both IT and business stakeholders to appraise the activities that deliver value to consumers; and assess the readiness of their capabilities to enable them.

    • Map Your Business Architecture to Define Your Strategy – Phases 1-3

    2. Stakeholder Engagement Strategy Template – A best-of-breed template to help you build a clear, concise, and compelling strategy document for identifying and engaging stakeholders.

    This template helps you ensure that your business architecture practice receives the resources, visibility, and support it needs to be successful, by helping you develop a strategy to engage the key stakeholders involved.

    • Stakeholder Engagement Strategy Template

    3. Value Stream Map Template – A template to walk through the value streams that are tied to your strategic goals.

    Record the complete value stream and decompose it into stages. Add a description of the expected outcome of the value stream and metrics for each stage.

    • Value Stream Map Template

    4. Value Stream Capability Mapping Template – A template to define capabilities and align them to selected value streams.

    Build a business capability model for the organization and map capabilities to the selected value stream.

    • Value Stream – Capability Mapping Template
    [infographic]

    Workshop: Map Your Business Architecture to Define Your Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Discover the Business Context

    The Purpose

    Identify and consult stakeholders to discover the business goals and value proposition for the customer.

    Key Benefits Achieved

    Engage stakeholders and SMEs in describing the business and its priorities and culture.

    Identify focus for the areas we will analyze and work on.

    Activities

    1.1 Select key stakeholders

    1.2 Plan for engaging stakeholders

    1.3 Gather business goals and priorities

    Outputs

    Stakeholder roles

    Engagement plan

    Business strategy, value proposition

    2 Define Value Streams

    The Purpose

    Describe the main value-adding activities of the business from the consumer’s point of view, e.g. provide product or service.

    Key Benefits Achieved

    Shared understanding of why we build resources and do what we do.

    Starting point for analyzing resources and investing in innovation.

    Activities

    2.1 Define or update value streams

    2.2 Decompose selected value stream(s) into value stages and identify problematic areas and opportunities

    Outputs

    Value streams for the enterprise

    Value stages breakdown for selected value stream(s)

    3 Build Business Capability Map

    The Purpose

    Describe all the capabilities that make up an organization and enable the important customer-facing activities in the value streams.

    Key Benefits Achieved

    Basis for understanding what resources the organization has and their ability to support its growth and success.

    Activities

    3.1 Define and describe all business capabilities (Level 1)

    3.2 Decompose and analyze capabilities for a selected priority value stream.

    Outputs

    Business Capability Map (Level 1)

    Business Capabilities Level 2 for selected value stream

    4 Develop a Roadmap

    The Purpose

    Use the Business Capability Map to identify key capabilities (e.g. cost advantage creator), and look more closely at what applications or information or business processes are doing to support or hinder that critical capability.

    Key Benefits Achieved

    Basis for developing a roadmap of IT initiatives, focused on key business capabilities and business priorities.

    Activities

    4.1 Identify key capabilities (cost advantage creators, competitive advantage creators)

    4.2 Assess capabilities with the perspective of how well applications, business processes, or information support the capability and identify gaps

    4.3 Apply analysis tool to rank initiatives

    Outputs

    Business Capability Map with key capabilities: cost advantage creators and competitive advantage creators

    Assessment of applications or business processes or information for key capabilities

    Roadmap of IT initiatives

    Further reading

    Map Your Business Architecture to Define Your Strategy

    Plan your organization’s capabilities for best impact and value.

    Info-Tech Research Group

    Info-Tech is a provider of best-practice IT research advisory services that make every IT leader’s job easier.

    35,000 members sharing best practices you can leverage Millions spent developing tools and templates annually Leverage direct access to over 100 analysts as an extension of your team Use our massive database of benchmarks and vendor assessments Get up to speed in a fraction of the time

    Analyst perspective

    Know your organization’s capabilities to build a digital and customer-driven culture.

    Business architecture provides a holistic and unified view of:

    • All the organization’s activities that provide value to their clients (value streams).
    • The resources that make them possible and effective (capabilities, i.e. its employees, software, processes, information).
    • How they inter-relate, i.e. depend on and impact each other to help deliver value.

    Without a business architecture it is difficult to see the connections between the business’s activities for the customer and the IT resources supporting them – to demonstrate that what we do in IT is customer-driven.

    As a map of your business, the business architecture is an essential input to the digital strategy:

    • Develop a plan to transform the business by investing in the most important capabilities.
    • Ensure project initiatives are aligned with business goals as they evolve.
    • Respond more quickly to customer requirements and to disruptions in the industry by streamlining operations and information sharing across the enterprise.

    Crystal Singh, Research Director, Data and Analytics

    Crystal Singh
    Research Director, Data and Analytics
    Info-Tech Research Group

    Andrea Malick, Research Director, Data and Analytics

    Andrea Malick
    Research Director, Data and Analytics
    Info-Tech Research Group

    Executive summary

    Your Challenge Common Obstacles Info-Tech’s Approach

    Organizations need to innovate rapidly to respond to ever-changing forces and demands in their industry. But they often fail to deliver meaningful outcomes from their IT initiatives within a reasonable time.

    Successful companies are transforming, i.e. adopting fluid strategies that direct their resources to customer-driven initiatives and execute more quickly on those initiatives. In a responsive and digital organization, strategies, capabilities, information, people, and technology are all aligned, so work and investment are consistently allocated to deliver maximum value.

    You don’t have a complete reference map of your organization’s capabilities on which to base strategic decisions.

    You don’t know how to prioritize and identify the capabilities that are essential for achieving the organization’s customer-driven objectives.

    You don’t have a shared enterprise vision, where everyone understands how the organization delivers value and to whom.

    Begin important business decisions with a map of your organization – a business reference architecture. Model the business in the form of architectural blueprints.

    Engage your stakeholders. Recognize the opportunity for mapping work, and identify and engage the right stakeholders.

    Drive business architecture forward to promote real value to the organization. Assess your current projects to determine if you are investing in the right capabilities. Conduct business capability assessments to identify opportunities and prioritize projects.

    Info-Tech Insight
    Business architecture is the set of strategic planning techniques that connects organization strategy to execution in a manner that is accurate and traceable and promotes the efficient use of organizational resources.

    Blueprint activities summary

    Phase Purpose Activity Outcome
    1. Business context:
    Identify organization goals, industry drivers, and regulatory requirements in consultation with business stakeholders.
    Identify forces within and outside the organization to consider when planning the focus and timing of digital growth, through conducting interviews and surveys and reviewing existing strategies. Business value canvas, business strategy on a page, customer journey
    2. Customer activities (value stream):
    What is the customer doing? What is our reason for being as a company? What products and services are we trying to deliver?
    Define or update value streams, e.g. purchase product from supplier, customer order, and deliver product to customer. Value streams enterprise-wide (there may be more than one set of value streams, e.g. a medical school and community clinic)
    Prioritize value streams:
    Select key value streams for deeper analysis and focus.
    Assess value streams. Priority value streams
    Value stages:
    Break down the selected value stream into its stages.
    Define stages for selected value streams. Selected value stream stages
    3. Business capability map, level 1 enterprise:
    What resources and capabilities at a high level do we have to support the value streams?
    Define or update the business capabilities that align with and support the value streams. Business capability map, enterprise-wide capabilities level 1
    Business capability map, level 2 for selected area:
    List resources and capabilities that we have at a more detailed level.
    Define or update business capabilities for selected value stream to level 2. Business capability map, selected value stream, capability level 2
    Heatmap Business Capability Map: Flag focus areas in supporting technology, applications, data and information.

    Info-Tech’s workshop methodology

    Day 1: Discover Business Context Day 2: Define Value Streams Day 3: Build Business Capability Map Day 4: Roadmap Business Architecture
    Phase Steps

    1.1 Collect corporate goals and strategies

    1.2 Identify stakeholders

    2.1 Build or update value streams

    2.2 Decompose selected value stream into value stages and analyze for opportunities

    3.1 Update business capabilities to level 1 for enterprise

    3.2 For selected value streams, break down level 1 to level 2

    3.3 Use business architecture to heatmap focus areas: technology, information, and processes

    3.4 Build roadmap of future business architecture initiatives

    Phase Outcomes
    • Organizational context and goals
    • Business strategy on a page, customer journey map, business model canvas
    • Roles and responsibilities
    • Value stream map and definitions
    • Selected value stream(s) decomposed into value stages
    • Enterprise business capabilities map to level 1
    • Business architecture to level 2 for prioritized value stream
    • Heatmap business architecture
    • Business architecture roadmap, select additional initiatives

    Key concepts for this blueprint

    INDUSTRY VALUE CHAIN DIGITAL TRANSFORMATION BUSINESS ARCHITECTURE
    A high-level analysis of how the industry creates value for the consumer as an overall end-to-end process. The adoption of digital technologies to innovate and re-invent existing business, talent ,and operating models to drive growth, business value, and improved customer experience. A holistic, multidimensional business view of capabilities, end-to-end value, and operating model in relation to the business strategy.
    INDUSTRY VALUE STREAM STRATEGIC OBJECTIVES CAPABILITY ASSESSMENTS
    A set of activities, tasks, and processes undertaken by a business or a business unit across the entire end-to-end business function to realize value. A set of standard objectives that most industry players will feature in their corporate plans. A heat-mapping effort to analyze the maturity and priority of each capability relative to the strategic priorities that they serve.

    Info-Tech’s approach

    1 Understand the business context and drivers
    Deepen your understanding of the organization’s priorities by gathering business strategies and goals. Talking to key stakeholders will allow you to get a holistic view of the business strategy and forces shaping the strategy, e.g. economy, workforce, and compliance.
    2 Define value streams; understand the value you provide
    Work with senior leadership to understand your customers’ experience with you and the ways your industry provides value to them.
    Assess the value streams for areas to explore and focus on.
    3 Customize the industry business architecture; develop business capability map
    Work with business architects and enterprise architects to customize Info-Tech’s business architecture for your industry as an enterprise-wide map of the organization and its capabilities.
    Extend the business capability map to more detail (Level 2) for the value stream stages you select to focus on.

    Business architecture is a planning function that connects strategy to execution

    Business architecture provides a framework that connects business strategy and IT strategy to project execution through a set of models that provide clarity and actionable insights. How well do you know your business?

    Business architecture is:

    • Inter-disciplinary: Business architecture is a core planning activity that supports all important decisions in the organization, for example, organizational resources planning. It’s not just about IT.
    • Foundational: The best way to answer the question, “Where do we start?” or “Where is our investment best directed?”, comes from knowing your organization, what its core functions and capabilities are (i.e. what’s important to us as an organization), and where there is work to do.
    • Connecting: Digital transformation and modernization cannot work with siloes. Connecting siloes means first knowing the organization and its functions and recognizing where the siloes are not communicating.

    Business architecture must be branded as a front-end planning function to be appropriately embedded in the organization’s planning process.

    Brand business architecture as an early planning pre-requisite on the basis of maintaining clarity of communication and spreading an accurate awareness of how strategic decisions are being made.

    As an organization moves from strategy toward execution, it is often unclear as to exactly how decisions pertaining to execution are being made, why priority is given to certain areas, and how the planning function operates.

    The business architect’s primary role is to model this process and document it.

    In doing so, the business architect creates a unified view as to how strategy connects to execution so it is clearly understood by all levels of the organization.

    Business architecture is part of the enterprise architecture framework

    Business Architecture
    Business strategy map Business model canvas Value streams
    Business capability map Business process flows Service portfolio
    Data Architecture Application Architecture Infrastructure Architecture
    Conceptual data model Application portfolio catalog Technology standards catalog
    Logical data model Application capability map Technology landscape
    Physical data model Application communication model Environments location model
    Data flow diagram Interface catalog Platform decomposition diagram
    Data lifecycle diagram Application use-case diagram Network computing / hardware diagram
    Security Architecture
    Enterprise security model Data security model Application security model

    Business architecture is a set of shared and practical views of the enterprise

    The key characteristic of the business architecture is that it represents real-world aspects of a business, along with how they interact.

    Many different views of an organization are typically developed. Each view is a diagram that illustrates a way of understanding the enterprise by highlighting specific information about it:

    • Business strategy view captures the tactical and strategic goals that drive an organization forward.
    • Business capabilities view describes the primary business functions of an enterprise and the pieces of the organization that perform those functions.
    • Value stream view defines the end-to-end set of activities that deliver value to external and internal stakeholders.
    • Business knowledge view establishes the shared semantics (e.g. customer, order, and supplier) within an organization and relationships between those semantics (e.g. customer name, order date, supplier name) – an information map.
    • Organizational view captures the relationships among roles, capabilities, and business units, the decomposition of those business units into subunits, and the internal or external management of those units.

    Business architect connects all the pieces

    The business owns the strategy and operating model; the business architect connects all the pieces together.

    R Business Architect (Responsible)
    A Business Unit Leads (Accountable)
    C Subject Matter Experts (Consulted)
    – Business Lines, Operations, Data, Technology Systems & Infrastructure Leads
    I Business Operators (Informed)
    – Process, Data, Technology Systems & Infrastructure

    Choose a key business challenge to address with business architecture

     Choose a key business challenge to address with business architecture

    Picking the right project is critical to setting the tone for business architecture work in the organization.

    Best practices for business architecture success

    Consider these best practices to maintain a high level of engagement from key stakeholders throughout the process of establishing or applying business architecture.

    Balance short-term cost savings with long-term benefits

    Participate in project governance to facilitate compliance

    Create a center of excellence to foster dialogue

    Identify strategic business objectives

    Value streams: Understand how you deliver value today

    It is important to understand the different value-generating activities that deliver an outcome for and from your customers.

    We do this by looking at value streams, which refer to the specific set of activities an industry player undertakes to create and capture value for and from the end consumer (and so the question to ask is, how do you make money as an organization?).

    Our approach helps you to strengthen and transform those value streams that generate the most value for your organization.

    Understand how you deliver value today

    An organization can have more than one set of streams.
    For example, an enterprise can provide both retail shopping and financial services, such as credit cards.

    Define the organization’s value streams

    • Value streams connect business goals to the organization’s value realization activities. They enable an organization to create and capture value in the market place by engaging in a set of interconnected activities. Those activities are dependent on the specific industry segment an organization operates within. Value streams can extend beyond the organization into the supporting ecosystem, whereas business processes are contained within and the organization has complete control over them.
    • There are two types of value streams: core value streams and support value streams. Core value streams are mostly externally facing: they deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map. Support value streams are internally facing and provide the foundational support for an organization to operate.
    • An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers. Info-Tech recommends identifying and organizing the value streams with customers and partners as end-value receivers.

    Example: Value stream descriptions for the retail industry

    Value Streams Create or Purchase the Product Manage Inventory Distribute Product Sell Product, Make Product Available to Customers
    • Product is developed before company sells it.
    • Make these products by obtaining raw materials from external suppliers or using their own resources.
    • Retailers purchase the products they are going to sell to customers from manufacturers or wholesale distributors.
    • Retailer success depends on its ability to source products that customers want and are willing to buy.
    • Inventory products are tracked as they arrive in the warehouse, counted, stored, and prepared for delivery.
    • Estimate the value of your inventory using retail inventory management software.
    • Optimizing distribution activities is an important capability for retailers. The right inventory needs to be at a particular store in the right quantities exactly when it is needed. This helps to maximize sales and minimize how much cash is held up in inventory.
    • Proper supply chain management can not only reduce costs for retailers but drive revenues by enhancing shopping experiences.
    • Once produced, retailers need to sell the products. This is done through many channels including physical stores, online, the mail, or catalogs.
    • After the sale, retailers typically have to deliver the product, provide customer care, and manage complaints.
    • Retailers can use loyalty programs, pricing, and promotions to foster repeat business.

    Value streams describe your core business

    Value streams describe your core business

    Value streams – the activities we do to provide value to customers – require business capabilities.

    Value streams are broken down further into value stages, for example, the Sell Product value stream has value stages Evaluate Options, Place Order, and Make Payment.

    Think of value streams as the core operations: the reason for your organization’s being. A professional consulting organization may have a legal team but it does not brand itself as a law firm. A core value stream is providing research products and services; a business capability that supports it is legal counsel.

    Decompose the value stream into stages

    The stages of a value stream are usually action-oriented statements or verbs that make up the individual steps involved throughout the scope of the value stream, e.g. Place Order or Make Payment.

    Each value stream should have a trigger or starting point and an end result for a client or receiver.

    Decompose the value stream into stages

    There should be measurable value or benefits at each stage. These are key performance indicators (KPIs). Spot problem areas in the stream.

    Value streams usually fall into one of these categories:

    1. Fulfillment of products and services
    2. Manufacturing
    3. Software products
    4. Supporting value streams (procurement of supplies, product planning)

    Value streams need capabilities

    • Value streams connect business goals to the organization’s value realization activities. They enable an organization to create and capture value in the market place by engaging in a set of interconnected activities.
    • There are two types of value streams: core value streams and support value streams. Core value streams are mostly externally facing: they deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map. Support value streams are internally facing and provide the foundational support for an organization to operate.
    • There can be different end-value receivers. Info-Tech recommends identifying and organizing the value streams with customers and partners as end-value receivers.

    Value streams need business capabilities

    Business capabilities are built up to allow the business to perform the activities that bring value to customers. Map capabilities to the value-add activities in the value stream. Business capabilities lie at the top layer of the business architecture:

    • They are the most stable reference for planning organizations.
    • They make strategy more tangible.
    • If properly defined, they can help overcome organizational silos.

    Value streams need business capabilities

    Example business capability map – Higher Education

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and represents a view of what your data program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Example business capability map for: Higher Education

    Example business capability map for Higher Education

    Example business capability map – Local Government

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and represents a view of what your data program must support.

    Example business capability map for: Local Government

    Example business capability map for Local Government

    Value streams need business capabilities

    Value streams – the activities we do to provide value to customers – require business capabilities. Value streams are broken down further into value stages.

    Business capabilities are built up to allow the business to perform the activities that bring value to customers. Map capabilities to the activities in the value stage to spot opportunities and problems in delivering services and value.

    Business processes fulfill capabilities. They are a step-by-step description of who is performing what to achieve a goal. Capabilities consist of networks of processes and the resources – people, technology, materials – to execute them.

    Capability = Processes + Software, Infrastructure + People

    Prioritize a value stream and identify its supporting capabilities

    Prioritize your improvement objectives and business goals and identify a value stream to transform.

    Align the business objectives of your organization to your value streams (the critical actions that take place within your organization to add value to a customer).

    Prioritize a value stream to transform based on the number of priorities aligned to a value stream, and/or the business value (e.g. revenue, EBITDA earnings, competitive differentiation, or cost efficiency).

    Decompose the selected value stream into value stages.

    Align capabilities level 1 and 2 to value stages. One capability may support several value stages in the stream.

    Build a business architecture for the prioritized value stream with a map of business capabilities up to level 2.

    NOTE: We can’t map all capabilities all at once: business architecture is an ongoing practice; select key mapping initiatives each year based on business goals.

    Prioritize a value stream and identify its supporting capabilities

    Map business capabilities to Level 2

     Map business capabilities to Level 2

    Map capabilities to value stage

    Map capabilities to value stage

    Business value realization

    Business value defines the success criteria of an organization as manifested through organizational goals and outcomes, and it is interpreted from four perspectives:

    • Profit generation: The revenue generated from a business capability with a product that is enabled with modern technologies.
    • Cost reduction: The cost reduction when performing business capabilities with a product that is enabled with modern technologies.
    • Service enablement: The productivity and efficiency gains of internal business operations from products and capabilities enhanced with modern technologies.
    • Customer and market reach: The improved reach and insights of the business in existing or new markets.

    Business Value Matrix

    Value, goals, and outcomes cannot be achieved without business capabilities

    Break down your business goals into strategic and achievable initiatives focused on specific value streams and business capabilities.

    Business goals and outcomes

    Accelerate the process with an industry business architecture

    It’s never a good idea to start with a blank page.

    The business capability map available from Info-Tech and with industry standard models can be used as an accelerator. Assemble the relevant stakeholders – business unit leads and product/service owners – and modify the business capability map to suit your organization’s context.

    Acceleration path: Customize generic capability maps with the assistance of our industry analysts.

    Accelerate the process with an industry business architecture

    Identify goals and drivers

    Consider organizational goals and industry forces when planning.

    Business context Define value streams Build business capability map
    1.1 Select key stakeholders
    1.2 Collect and understand corporate goals
    2.1 Update or define value streams
    2.2 Decompose and analyze selected value stream
    3.1 Build level 1 capability map
    3.2 Build level 2 capability map
    3.3 Heatmap capability map
    3.4 Roadmap

    Use inputs from business goals and strategies to understand priorities.

    It is not necessary to have a comprehensive business strategy document to start – with key stakeholders, the business architect should be able to gather a one-page business value canvas or customer journey.

    Determine how the organization creates value

    Begin the process by identifying and locating the business mission and vision statements.

    What is business context?

    “The business context encompasses an understanding of the factors impacting the business from various perspectives, including how decisions are made and what the business is ultimately trying to achieve. The business context is used by IT to identify key implications for the execution of its strategic initiatives.”

    Source: Businesswire, 2018

    Identify the key stakeholders who can help you promote the value of business architecture

    First, as the CIO, you must engage executive stakeholders and secure their support.
    Focus on key players who have high power and high interest in business architecture.

    Engage the stakeholders who are impacted the most and have the power to impede the success of business architecture.

    For example, if the CFO – who has the power to block funding – is disengaged, business architecture will be put at risk.

    Use Info-Tech’s Stakeholder Power Map Template to help prioritize time spent with stakeholders.

    Sample power map

    Identify the key stakeholders concerned with the business architecture project

    A business architecture project may involve the following stakeholders:

    Business architecture project stakeholders

    You must identify who the stakeholders are for your business architecture work.

    Think about:

    • Who are the decision makers and key influencers?
    • Who will impact the business architecture work? Who will the work impact?
    • Who has vested interest in the success or failure of the practice?
    • Who has the skills and competencies necessary to help us be successful?

    Avoid these common mistakes:

    • Don’t focus on the organizational structure and hierarchy. Often stakeholder groups don’t fit the traditional structure.
    • Don’t ignore subject-matter experts on either the business or IT side. You will need to consider both.

    1.1 Identify and assemble key stakeholders

    1-3 hours

    Build an accurate depiction of the business.

    1. It is important to make sure the right stakeholders participate in this exercise. The exercise of identifying capabilities for an organization is very introspective and requires deep analysis.
    2. Consider:
      1. Who are the decision makers and key influencers?
      2. Who will impact the business capability work? Who has a vested interest in the success or failure of the outcome?
      3. Who has the skills and competencies necessary to help you be successful?
    3. Avoid:
      1. Don’t focus on the organizational structure and hierarchy. Often stakeholder groups don’t fit the traditional structure.
      2. Don’t ignore subject matter experts on either the business or IT side. You will need to consider both.
    Input Output
    • List of who is accountable for key business areas and decisions
    • Organizational chart
    • List of who has decision-making authority
    • A list of the key stakeholders
    Materials Participants
    • Whiteboard/Flip Charts
    • Modeling software (e.g. Visio, ArchiMate)
    • Business capability map industry models
    • CIO
    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • Departmental Executives & Senior Managers

    Conduct interviews with the business to gather intelligence for strategy

    Talking to key stakeholders will allow you to get a holistic view of the business strategy.

    Stakeholder interviews provide holistic view of business strategy

    Build a strategy on a page through executive interviews and document reviews

    Understanding the business mandate and priorities ensures alignment across the enterprise.

    A business strategy must articulate the long-term destination the business is moving into. This illustration shapes all the strategies and activities in every other part of the business, including what IT capabilities and resources are required to support business goals. Ultimately, the benefits of a well-defined business strategy increase as the organization scales and as business units or functions are better equipped to align the strategic planning process in a manner that reflects the complexity of the organization.

    Using the Business Strategy on a Page canvas, consider the questions in each bucket to elicit the overall strategic context of the organization and uncover the right information to build your digital strategy. Interview key executives including your CEO, CIO, CMO, COO, CFO, and CRO, and review documents from your board or overall organizational strategy to uncover insights.

    Info-Tech Insight
    A well-articulated and clear business strategy helps different functional and business units work together and ensures that individual decisions support the overall direction of the business.

    Focus on business value and establish a common goal

    Business architecture is a strategic planning function and the focus must be on delivering business value.

    Examples business objectives:

    • Digitally transform the business, redefining its customer interactions.
    • Identify the root cause for escalating customer complaints and eroding satisfaction.
    • Identify reuse opportunities to increase operational efficiency.
    • Identify capabilities to efficiently leverage suppliers to handle demand fluctuations.

    Info-Tech Insight
    CIOs are ideally positioned to be the sponsors of business architecture given that their current top priorities are digital transformation, innovation catalyzation, and business alignment.

    1.2 Collect and understand business objectives

    1-3 hours

    Having a clear understanding of the business is crucial to executing on the strategic IT initiatives.

    1. Discover the strategic CIO initiatives your organization will pursue:
    • Schedule interviews.
    • Use the CIO Business Vision diagnostic or Business Context Discovery Tool.
  • Document the business goals.
  • Update and finalize business goals.
  • InputOutput
    • Existing business goals and strategies
    • Existing IT strategies
    • Interview findings
    • Diagnostic results
    • List of business goals
    • Strategy on a page
    • Business model canvas
    • Customer journey
    MaterialsParticipants
    • CIO Business Vision diagnostic
    • Interview questionnaire
    • CIO
    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • Departmental Executives & Senior Managers

    CIO Business Vision Diagnostic

    CEO

    Vision

    Where do you want to go?
    What is the problem your organization is addressing?

    Mission/Mandate

    What do you do?
    How do you do?
    Whom do you do it for?

    Value Streams

    Why are you in business? What do you do?
    What products and services do you provide?
    Where has your business seen persistent demand?

    Key Products & Services

    What are your top three to five products and services?

    Key Customer Segments

    Who are you trying to serve or target?
    What are the customer segments that decide your value proposition?

    Value Proposition

    What is the value you deliver to your customers?

    Future Value Proposition

    What is your value proposition in three to five years’ time?

    Digital Experience Aspirations

    How can you create a more effective value stream?
    For example, greater value to customers or better supplier relationships.

    Business Resilience Aspirations

    How can you reduce business risks?
    For example, compliance, operational, security, or reputational.

    Sustainability (or ESG) Aspirations

    How can you deliver ESG and sustainability goals?

    Interview the following executives for each business goal area.

    CEO
    CRO
    COO

    Core Business Goals

    What are the core business goals to meet business objectives?

    Top Priorities & Initiatives

    What are the top initiatives and priorities over the planning horizon?

    Performance Insights/Metrics

    What do we need to achieve?
    How can the success be measured?

    CMO
    COO
    CFO

    Shared Business Goals

    What are the shared (operational) business goals to meet business objectives?

    Top Priorities & Initiatives

    What are the top initiatives and priorities over the planning horizon?

    Performance Insights/Metrics

    What do we need to achieve?
    How can the success be measured?

    CFO
    CIO
    COO
    CHRO

    Enabling Business Goals

    What are the enabling (supporting/enterprise) business goals to meet business objectives?

    Top Priorities & Initiatives

    What are the top initiatives and priorities over the planning horizon?

    Performance Insights/Metrics

    What do we need to achieve?
    How can the success be measured?

    Craft a strategy to increase stakeholder support and participation

    The BA practice’s supporters are potential champions who will help you market the value of BA; engage with them first to create positive momentum. Map out the concerns of each group of stakeholders so you can develop marketing tactics and communications vehicles to address them.

    Example Communication Strategy

    Stakeholder Concerns Tactics to Address Concerns Communication Vehicles Frequency
    Supporters
    (High Priority)
    • Build ability to execute BA techniques
    • Build executive support
    • Build understanding of how they can contribute to the success of the BA practice
    • Communicate the secured executive support
    • Help them apply BA techniques in their projects
    • Show examples of BA work (case studies)
    • Personalized meetings and interviews
    • Department/functional meetings
    • Communities of practice or centers of excellent (education and case studies)
    Bi-Monthly
    Indifferent
    (Medium Priority)
    • Build awareness and/or confidence
    • Feel like BA has nothing to do with them
    • Show quick wins and case studies
    • Centers of excellence (education and case studies
    • Use the support of the champions
    Quarterly
    Resistors
    (Medium Priority)
    • BA will cause delays
    • BA will step in their territory
    • BA’s scope is too broad
    • Lack of understanding
    • Prove the value of BA – case studies and metrics
    • Educate how BA complements their work
    • Educate them on the changes resulting from the BA practice’s work, and involve them in crafting the process
    • Individual meetings and interviews
    • Political jockeying
    • Use the support of the champions
    Tailored to individual groups

    1.3 Craft a strategy to increase stakeholder support and participation

    1-2 hours

    Now that you have organized and categorized your stakeholders based on their power, influence, interest, and knowledge of business architecture, it is time to brainstorm how you are going to gain their support and participation.

    Think about the following:

    • What are your stakeholders’ concerns?
    • How can you address them?
    • How will you deliver the message?
    • How often will you deliver the message?

    Avoid these common mistakes:

    • Your communication strategy development should be an iterative process. Do not assume to know the absolute best way to get through to every resistor right away. Instead, engage with your supporters for their input on how to communicate to resistors and repeat the process for indifferent stakeholders as well.
    Input Output
  • Stakeholder Engagement Map
    • Stakeholder Communications Strategy
    Materials Participants
    • Stakeholder Engagement Strategy Template
    • A computer
    • A whiteboard and markers CIO
    • Business Architect
    • IT Department Leads

    Download the Stakeholder Engagement Strategy Template for this project.

    Engaging the right stakeholders

    CASE STUDY

    Industry
    Financial - Banking

    Source
    Anonymous

    Situation Complication Result

    To achieve success with the business architecture initiative, the bank’s CIO needed to put together a plan to engage the right stakeholders in the process.

    Without the right stakeholders, the initiative would suffer from inadequate information and thus would run the risk of delivering an ineffective solution.

    The bank’s culture was resistant to change and each business unit had its own understanding of the business strategy. This was a big part of the problem that led to decreasing customer satisfaction.

    The CIO needed a unified vision for the business architecture practice involving people, process, and technology that all stakeholders could support.

    Starting with enlisting executive support in the form of a business sponsor, the CIO identified the rest of the key stakeholders, in this case, the business unit heads, who were necessary to engage for the initiative.

    Once identified, the CIO promoted the benefits of business architecture to each of the business unit heads while taking stock of their individual needs.

    1.4 Develop a plan to engage key stakeholders

    1 hour

    Using your stakeholder power map as a starting point, focus on the three most important quadrants: those that contain stakeholders you must keep informed, those to keep satisfied, and the key players.

    Plot the stakeholders from those quadrants on a stakeholder engagement map.

    Think about the following:

    • Who are your resistors? These individuals will actively detract from project’s success if you don’t address their concerns.
    • Who is indifferent? These individuals need to be educated more on the benefits of business architecture to have an opinion either way.
    • Who are your supporters? These individuals will support you and spread your message if you equip them to do so.

    Avoid these common mistakes:

    • Do not jump to addressing resistor concerns first. Instead, equip your supporters with the info they need to help your cause and gain positive momentum before approaching resistors.
    InputOutput
    • Stakeholder Engagement Map
    • Stakeholder Communications Strategy
    MaterialsParticipants
    • Stakeholder Engagement Strategy Template
    • A computer
    • A whiteboard and markers
    • CIO
    • Business Architect
    • IT Department Leads

    Download the Stakeholder Engagement Strategy Template for this project.

    1.5 Craft a strategy to increase stakeholder support and participation

    1-2 hours

    Now that you have organized and categorized your stakeholders based on their power, influence, interest, and knowledge of business architecture, it is time to brainstorm how you are going to gain their support and participation.

    Think about the following:

    • What are your stakeholders’ concerns?
    • How can you address them?
    • How will you deliver the message?
    • How often will you deliver the message?

    Avoid these common mistakes:

    • Your communication strategy development should be an iterative process. Do not assume to know the absolute best way to get through to every resistor right away. Instead, engage with your supporters for their input on how to communicate to resistors and repeat the process for indifferent stakeholders as well.
    InputOutput
    • Stakeholder Engagement Map
    • Stakeholder Communications Strategy
    MaterialsParticipants
    • Stakeholder Engagement Strategy Template
    • A computer
    • A whiteboard and markers
    • CIO
    • Business Architect
    • IT Department Leads

    Download the Stakeholder Engagement Strategy Template for this project.

    Define value streams

    Identify the core activities your organization does to provide value to your customers.

    Business context Define value streams Build business capability map

    1.1 Select key stakeholders
    1.2 Collect and understand corporate goals

    2.1 Update or define value streams
    2.2 Decompose and analyze selected value stream

    3.1 Build Level 1 capability map
    3.2 Build Level 2 capability map
    3.3 Heatmap capability map
    3.4 Roadmap

    This phase will walk you through the following activities:

    • Note: It is recommended that you gather and leverage relevant industry standard business architecture models you may have available to you. Example: Info-Tech Industry Business Architecture, BIZBOK, APQC.
    • Defining or updating the organization’s value streams.
    • Selecting priority value streams for deeper analysis.

    This phase involves the following participants:

    • Business Architect, Enterprise Architect
    • Relevant Business Stakeholder(s): Business Unit Leads, Departmental Executives, Senior Mangers, Business Analysts

    Define the organization’s value streams

    • Value streams connect business goals to the organization’s value realization activities. They enable an organization to create and capture value in the marketplace by engaging in a set of interconnected activities. Those activities are dependent on the specific industry segment an organization operates within. Value streams can extend beyond the organization into the supporting ecosystem, whereas business processes are contained within and the organization has complete control over them.
    • There are two types of value streams: core value streams and support value streams. Core value streams are mostly externally facing: they deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map. Support value streams are internally facing and provide the foundational support for an organization to operate.
    • An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers. Info-Tech recommends identifying and organizing the value streams with customers and partners as end-value receivers.

    Connect business goals to value streams

    Example strategy map and value stream

    Identifying value streams

    Value streams connect business goals to organization’s value realization activities. They enable an organization to create and capture value in the market place by engaging in a set of interconnected activities.

    There are several key questions to ask when endeavoring to identify value streams.

    Key Questions
    • Who are your customers?
    • What are the benefits we deliver to them?
    • How do we deliver those benefits?
    • How does the customer receive the benefits?

    Example: Value stream descriptions for the retail industry

    Value StreamsCreate or Purchase ProductManage InventoryDistribute ProductSell Product
    • Retailers need to purchase the products they are going to sell to customers from manufacturers or wholesale distributors.
    • A retailer’s success depends on its ability to source products that customers want and are willing to buy.
    • In addition, they need to purchase the right amount and assortment of products based on anticipated demand.
    • The right inventory needs to be at a particular store in the right quantities exactly when it is needed. This helps to maximize sales and minimize how much cash is held up in inventory.
    • Inventory management includes tracking, ordering, and stocking products, e.g. raw materials, finished products, buffer inventory.
    • Optimizing distribution activities is important for retailers.
    • Proper supply chain management can not only reduce costs for retailers but also drive revenues by enhancing shopping experiences.
    • Distribution includes transportation, packaging and delivery.
    • As business becomes global, it is important to ensure the whole distribution channel is effective.
    • Once produced, retailers need to sell the products. This is done through many channels including physical stores, online, the mail, or catalogs.
    • After the sale, retailers typically have to deliver the product, provide customer care, and manage complaints.
    • Retailers can use loyalty programs, pricing, and promotions to foster repeat business.

    Value streams describe your core business

    Value streams – the activities we do to provide value to customers – require business capabilities.

    Value streams are broken down further into value stages, for example, Sell Product value stream has value stages Evaluate Options, Place Order, and Make Payment.

    Think of value streams as the core operations, the reason for our organization’s being. A professional consulting organization may have a legal team but it does not brand itself as a law firm. A core value stream is providing research products and services – a business capability that supports it is legal counsel.

    2.1 Define value streams

    1-3 hours

    Unify the organization’s perspective on how it creates value.

    1. Write a short description of the value stream that includes a statement about the value provided and a clear start and end for the value stream. Validate the accuracy of the descriptions with your key stakeholders.
    2. Consider:
      1. How does the organization deliver those benefits?
      2. How does the customer receive the benefits?
      3. What is the scope of your value stream? What will trigger the stream to start and what will the final value be?
    3. Avoid: Don’t start with a blank page. Use Info-Tech’s business architecture models for sample value streams.
    Input Output
    • Business strategy or goals
    • Financial statements
    • Info-Tech’s industry-specific business architecture
    • List of organizational specific value streams
    • Detailed value stream definition(s)
    Materials Participants
    • Whiteboard / Kanban Board
    • Reference Architecture Template – See your Account Representative for details
    • Other industry standard reference architecture models: BIZBOK, APQC, etc.
    • Info-Tech Archi Models
    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • CIO
    • Departmental Executives & Senior Managers

    See your Info-Tech Account Representative for access to the Reference Architecture Template

    Decompose the value stream into stages

    The stages of a value stream are usually action-oriented statements or verbs that make up the individual steps involved throughout the scope of the value stream, e.g. Place Order or Make Payment.

    Each value stream should have a trigger or starting point and an end result for a client or receiver.

    Decompose the value stream into stages

    There should be measurable value or benefits at each stage.
    These are key performance indicators (KPIs).
    Spot problem areas in the stream.

    Value streams usually fall into one of these categories:

    1. Fulfillment of products and services
    2. Manufacturing
    3. Software products
    4. Supporting value streams (procurement of supplies, product planning)

    Value stream and value stages examples

    Customer Acquisitions
    Identify Prospects > Contact Prospects > Verify Interests

    Sell Product
    Identify Options > Evaluate Options > Negotiate Price and Delivery Date > Place Order > Get Invoice > Make Payment

    Product Delivery
    Confirm Order > Plan Load > Receive Warehouse > Fill Order > Ship Order > Deliver Order > Invoice Customer

    Product Financing
    Initiate Loan Application > Decide on Application > Submit Documents > Review & Satisfy T&C > Finalize Documents > Conduct Funding > Conduct Funding Audits

    Product Release
    Ideate > Design > Build > Release

    Sell Product is a value stream, made up of value stages Identify options, Evaluate options, and so on.

    2.2 Decompose selected value streams

    1-3 hours

    Once we have a good understanding of our value streams, we need to decide which ones to focus on for deeper analysis and modeling, e.g. extend the business architecture to more detailed level 2 capabilities.

    Organization has goals and delivers products or services.

    1. Identify which value propositions are most important, e.g. be more productive or manage money more simply.
    2. Identify the value stream(s) that create the value proposition.
    3. Break the selected value stream into value stages.
    4. Analyze value stages for opportunities.

    Practical Guide to Agile Strategy Execution

    InputOutput
    • Value stream maps and definitions
    • Business goals, business model canvas, customer journey (value proposition) Selected value streams decomposed into value stages
    • Analysis of selected value streams for opportunities
    • Value stream map
    MaterialsParticipants
    • Whiteboard / Kanban Board
    • Reference Architecture Template – See your Account Representative for details
    • Other industry standard reference architecture models: BIZBOK, APQC, etc.
    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • CIO
    • Departmental Executives & Senior Managers

    Build your value stream one layer at a time to ensure clarity and comprehensiveness

    The first step of creating a value stream is defining it.

    • In this step, you create the parameters around the value stream and document them in a list format.
    • This allows you to know where each value stream starts and ends and the unique value it provides.

    The second step is the value stream mapping.

    • The majority of the mapping is done here where you break down your value stream into each of its component stages.
    • Analysis of these stages allows for a deeper understanding of the value stream.
    • The mapping layer connects the value stream to organizational capabilities.

    Define the value streams that are tied to your strategic goals and document them in a list

    Title

    • Create a title for your value stream that indicates the value it achieves.
    • Ensure your title is clear and will be understood the same way across the organization.
    • The common naming convention for value streams is to use nouns, e.g. product purchase.

    Scope

    • Determine the scope of your value stream by defining the trigger to start the value stream and final value delivered to end the value stream.
    • Be precise with your trigger to ensure you do not mistakenly include actions that would not trigger your value stream.
    • A useful tip is creating a decision tree and outlining the path that results in your trigger.

    Objectives

    • Determine the objectives of the value stream by highlighting the outcome it delivers.
    • Identify the desired outcomes of the value stream from the perspective of your organization.

    Example Value Streams List

    Title Scope Objectives
    Sell Product From option identification to payment Revenue Growth

    Create a value stream map

    A Decompose the Value Stream Into Stages B Add the Customer Perspective
    • Determine the different stages that comprise the value stream.
    • Place the stages in the correct order.
    • Outline the likely sentiment and meaningful needs of the customer at each value stage.
    C Add the Expected Outcome D Define the Entry and Exit Criteria
    • Define the desired outcome of each stage from the perspective of the organization.
    • Define both the entry and exit criteria for each stage.
    • Note that the entry criteria of the first stage is what triggers the value stream.
    E Outline the Metrics F Assess the Stages
    • For each stage of the value stream, outline the metrics the organization can use to identify its ability to attain the desired outcome.
    • Assess how well each stage of the value stream is performing against its target metrics and use this as the basis to drill down into how/where improvements can be made.

    Decompose the value stream into its value stages

    The first step in creating a value stream map is breaking it up into its component stages.

    The stages of a value stream are usually action-oriented statements or verbs that make up the individual steps involved throughout the scope of the value stream.

    Illustration of decomposing value stream into its value stages

    The Benefit
    Segmenting your value stream into individual stages will give you a better understanding of the steps involved in creating value.

    Connect the stages of the value stream to a specific customer perspective

    Example of a sell product value stream

    The Benefit
    Adding the customer’s perspective will inform you of their priorities at each stage of the value stream.

    Connect the stages of the value stream to a desired outcome

    Example of a sell product value stream

    The Benefit
    Understanding the organization’s desired outcome at each stage of the value stream will help set objectives and establish metrics.

    Define the entry and exit criteria of each stage

    Example of entry and exit criteria for each stage

    The Benefit
    Establishing the entry and exit criteria for each stage will help you understand how the customer experience flows from one end of the stream to the other.

    Outline the key metric(s) for each stage

    Outline the key metrics for each stage

    The Benefit
    Setting metrics for each stage will facilitate the tracking of success and inform the business architecture practitioner of where investments should be made.

    Example value stream map: Sell Product

    Assess the stages of your value stream map to determine which capabilities to examine further

    To determine which specific business capabilities you should seek to assess and potentially refine, you must review performance toward target metrics at each stage of the value stream.

    Stages that are not performing to their targets should be examined further by assessing the capabilities that enable them.

    Value Stage Metric Description Metric Target Current Measure Meets Objective?
    Evaluate Options Number of Product Demonstrations 12,000/month 9,000/month No
    Identify Options Google Searches 100K/month 100K/month Yes
    Identify Options Product Mentions 1M/month 1M/month Yes
    Website Traffic (Hits)
    Average Deal Size
    Number of Deals
    Time to Complete an Order
    Percentage of Invoices Without Error
    Average Time to Acquire Payment in Full

    Determine the business capabilities that support the value stage corresponding with the failing metric

    Sell Product

    Identify Options > Evaluate Options > Negotiate Price and Delivery Date > Place Order > Get Invoice > Make Payment

    The value stage(s) that doesn’t meet its objective metrics should be examined further.

    • This is done through business capability mapping and assessment.
    • Starting at the highest level (level 0) view of a business, the business architecture practitioner must drill down into the lower level capabilities that support the specific value stage to diagnose/improve an issue.

    Info-Tech Insight
    In the absence of tangible metrics, you will have to make a qualitative judgement about which stage(s) of the value stream warrant further examination for problems and opportunities.

    Build business capability map

    Align supporting capabilities to priority activities.

    Business context Define value streams Build business capability map
    1.1 Select key stakeholders
    1.2 Collect and understand corporate goals
    2.1 Update or define value streams
    2.2 Decompose and analyze selected value stream
    3.1 Build Level 1 capability map
    3.2 Build Level 2 capability map
    3.3 Heatmap capability map
    3.4 Roadmap

    This step will walk you through the following activities:

    • Determine which business capabilities support value streams
    • Accelerate the process with an industry reference architecture
    • Validate the business capability map
    • Establish level 2 capability

    This step involves the following participants:

    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • CIO
    • Departmental Executives & Senior Managers

    Outcomes of this step

  • A validated level 1 business capability map
  • Level 2 capabilities for selected value stream(s)
  • Heatmapped business capability map
  • Business architecture initiatives roadmap
  • Develop a business capability map – level 1

    • Business architecture consists of a set of techniques to create multiple views of an organization; the primary view is known as a business capability map.
    • A business capability defines what a business does to enable value creation and achieve outcomes, rather than how. Business capabilities are business terms defined using descriptive nouns such as “Marketing” or “Research and Development.” They represent stable business functions, are unique and independent of each other, and typically will have a defined business outcome. Business capabilities should not be defined as organizational units and are typically longer lasting than organizational structures.
    • A business capability mapping process should begin at the highest-level view of an organization, the level 1, which presents the entire business on a page.
    • An effective method of organizing business capabilities is to split them into logical groupings or categories. At the highest level, capabilities are either “core” (customer-facing functions) or “enabling” (supporting functions).
    • As a best practice, Info-Tech recommends dividing business capabilities into the categories illustrated to the right.

    The Business Capability Map is the primary visual representation of the organization’s key abilities or services that are delivered to stakeholders. This model forms the basis of strategic planning discussions.

    Example of a business capability map

    Example business capability map – Higher Education

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and represents a view of what your data program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Example business capability map for: Higher Education

    Example business capability map for higher education

    Example business capability map – Local Government

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and represents a view of what your data program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Example business capability map for: Local Government

    Example business capability map for local government

    Map capabilities to value stage

    Example of a value stage

    Source: Lambert, “Practical Guide to Agile Strategy Execution”

    3.1 Build level 1 business capability map

    1-3 hours

    1. Analyze the value streams to identify and describe the organization’s capabilities that support them. This stage requires a good understanding of the business and will be a critical foundation for the business capability map. Use the reference business architecture’s business capability map for your industry for examples of level 1 and 2 business capabilities and the capability map template to work in.
    2. Avoid:
      1. Don’t repeat capabilities. Capabilities are typically mutually exclusive activities.
      2. Don’t include temporary initiatives. Capabilities should be stable over time. The people, processes, and technologies that support capabilities will change continuously.

    Ensure you engage with the right stakeholders:

    Don’t waste your efforts building an inaccurate depiction of the business: The exercise of identifying capabilities for an organization is very introspective and requires deep analysis.

    It is challenging to develop a common language that everyone will understand and be able to apply. Invest in the time to ensure the right stakeholders are brought into the fold and bring their business area expertise and understanding to the table.

    InputOutput
    • Existing business capability maps
    • Value stream map
    • Info-Tech’s industry-specific business architecture
    • Level 1 business capability map for enterprise
    MaterialsParticipants
    • Whiteboard
    • Reference Architecture Template – See your Account Representative for details
    • Other industry standard reference architecture models: BIZBOK, APQC, etc.
    • Archi Models
    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • CIO
    • Departmental Executives & Senior Managers

    Prioritize one value stream and build a business architecture to level 2 capabilities

    Prioritize your innovation objectives and business goals, and identify a value stream to transform.

    Align the innovation goals and business objectives of your organization to your value streams (the critical actions that take place within your organization to add value to a customer).
    Prioritize a value stream to transform based on the number of priorities aligned to a value stream and/or the business value (e.g. revenue, EBITDA earnings, competitive differentiation, or cost efficiency).
    Working alongside a business or enterprise architect, build a reference architecture for the prioritized value stream up to level 2.

    Example of a value stream to business architecture level 2 capabilities

    Info-Tech Insight
    To produce maximum impact, focus on value streams that provide two-thirds of your enterprise value (EBITDA earnings).

    From level 1 to level 2 business capabilities

    Example moving from level 1 to level 2 business capabilities

    3.2 Build level 2 business capability map

    1-3 hours

    It is only at level 2 and further that we can pinpoint the business capabilities – the exact resources, whether applications or data or processes – that we need to focus on to realize improvements in the organization’s performance and customer experience.

    1. Gather industry reference models and any existing business capability maps.
    2. For the selected value stream, further break down its level 1 business capabilities into level 2 capabilities.
    3. You can often represent the business capabilities on a single page, providing a holistic visual for decision makers.
    4. Use meaningful names for business capabilities so that planners, stakeholders, and subject matter experts can easily search the map.
    InputOutput
    • Existing business capability maps
    • Value stream map
    • Info-Tech’s industry-specific business architecture
    • Level 1 business capability map
    • Level 2 Business Capability Map for selected Value Stream
    MaterialsParticipants
    • Whiteboard
    • Reference Architecture Template – See your Account Representative for details.
    • Other industry standard reference architecture models: BIZBOK, APQC, etc.
    • Archi Models
    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • CIO
    • Departmental Executives & Senior Managers

    Download: See your Account Representative for access to Info-Tech’s Reference Architecture Template

    3.3 Heatmap business capability map

    1-3 hours

    Determine the organization’s key capabilities.

    1. Determine cost advantage creators. If your organization has a cost advantage over competitors, the capabilities that enable it should be identified and prioritized. Highlight these capabilities and prioritize the programs that support them.
    2. Determine competitive advantage creators. If your organization does not have a cost advantage over competitors, determine if it can deliver differentiated end-customer experiences. Once you have identified the competitive advantages, understand which capabilities enable them. These capabilities are critical to the success of the organization and should be highly supported.
    3. Define key future state capabilities. In addition to the current and competitive advantage creators, the organization may have the intention to enhance new capabilities. Discuss and select the capabilities that will help drive the attainment of future goals.
    4. Assess how well information, applications, and processes support capabilities.
    InputOutput
    • Business capability map
    • Cost advantage creators
    • Competitive advantage creators
    • IT and business assessments
    • Key business capabilities
    • Business process review
    • Information assessment
    • Application assessment
    • List of IT implications
    MaterialsParticipants
    • Whiteboard
    • Reference Architecture Template – See your Account Representative for details.
    • Other industry standard reference architecture models: BIZBOK, APQC, etc.
    • Archi Models
    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • CIO
    • Departmental Executives & Senior Managers

    Download: See your Account Representative for access to Info-Tech’s Reference Architecture Template

    Business capability map: Education

    Illustrative example of a business capability map for education

    Define key capabilities

    Illustrative example of Define key capabilities

    Note: Illustrative Example

    Business process review

    Illustrative example of a business process review

    Note: Illustrative Example

    Information assessment

     Illustrative example of an Information assessment

    Note: Illustrative Example

    Application assessment

     Illustrative example of an Application assessment

    Note: Illustrative Example

    MoSCoW analysis for business capabilities

     Illustrative example of a MoSCoW analysis for business capabilities

    Note: Illustrative Example

    Ranked list of IT implications

    MoSCoW Rank IT Implication Value Stream Impacted Comments/Actions
    M [Implication] [Value Stream]
    M [Implication] [Value Stream]
    M [Implication] [Value Stream]
    S [Implication] [Value Stream]
    S [Implication] [Value Stream]
    S [Implication] [Value Stream]
    C [Implication] [Value Stream]
    C [Implication] [Value Stream]
    C [Implication] [Value Stream]
    W [Implication] [Value Stream]
    W [Implication] [Value Stream]
    W [Implication] [Value Stream]

    3.4 Roadmap business architecture initiatives

    1-3 hours

    Unify the organization’s perspective on how it creates value.

    1. Write a short description of the value stream that includes a statement about the value provided and a clear start and end for the value stream. Validate the accuracy of the descriptions with your key stakeholders.
    2. Consider:
      1. How does the organization deliver those benefits?
      2. How does the customer receive the benefits?
      3. What is the scope of your value stream? What will trigger the stream to start and what will the final value be?
    3. Don’t start with a blank page. Use Info-Tech’s business architecture models for sample value streams.
    InputOutput
    • Existing business capability maps
    • Value stream map
    • Info-Tech’s industry-specific business architecture
    • Level 1 business capability map
    • Heatmapped business capability map
    MaterialsParticipants
    • Whiteboard
    • Reference Architecture Template – See your Account Representative for details.
    • Other industry standard reference architecture models: BIZBOK, APQC, etc.
    • Archi Models
    • Enterprise/Business Architect
    • Business Analysts
    • Business Unit Leads
    • CIO
    • Departmental Executives & Senior Managers

    Download: See your Account Representative for access to Info-Tech’s Reference Architecture Template

    Example: Business architecture deliverables

    Enterprise Architecture Domain Architectural View Selection
    Business Architecture Business strategy map Required
    Business Architecture Business model canvas Optional
    Business Architecture Value streams Required
    Business Architecture Business capability map Not Used
    Business Architecture Business process flows
    Business Architecture Service portfolio
    Data Architecture Conceptual data model
    Data Architecture Logical data model
    Data Architecture Physical data model
    Data Architecture Data flow diagram
    Data Architecture Data lineage diagram

    Tools and templates to compile and communicate your business architecture work

    The Industry Business Reference Architecture Template for your industry is a place for you to collect all of the activity outputs and outcomes you’ve completed for use in next-steps.

    Download the Industry Business Reference Architecture Template for your industry

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options

    Research Contributors and Experts

    Name Role Organization
    Ibrahim Abdel-Kader Research Analyst, Data & Analytics Info-Tech Research Group
    Ben Abrishami-Shirazi Technical Counselor, Enterprise Architecture Info-Tech Research Group
    Andrew Bailey Consulting, Manager Info-Tech Research Group
    Dana Dahar Research & Advisory Director, CIO / Digital Business Strategy Info-Tech Research Group
    Larry Fretz VP Info-Tech Research Group
    Shibly Hamidur Enterprise Architect Toronto Transit Commission (TTC)
    Rahul Jaiswal Principal Research Director, Industry Info-Tech Research Group
    John Kemp Executive Counselor, Executive Services Info-Tech Research Group
    Gerald Khoury Senior Executive Advisor Info-Tech Research Group
    Igor Ikonnikov Principal Advisory Director, Data & Analytics Info-Tech Research Group
    Daniel Lambert VP Benchmark Consulting
    Milena Litoiu Principal Research Director, Enterprise Architecture Info-Tech Research Group
    Andy Neill AVP Data & Analytics, Chief Enterprise Architect Info-Tech Research Group
    Rajesh Parab Research Director, Data & Analytics Info-Tech Research Group
    Rick Pittman VP, Research Info-Tech Research Group
    Irina Sedenko Research Director, Data & Analytics Info-Tech Research Group

    Bibliography

    Andriole, Steve. “Why No One Understands Enterprise Architecture & Why Technology Abstractions Always Fail.” Forbes, 18 September 2020. Web.

    “APQC Process Classification Framework (PCF) – Retail.” American Productivity & Quality Center, 9 January 2019. Web.

    Brose, Cari. “Who’s on First? Architecture Roles and Responsibilities in SAFe.” Business Architecture Guild, 9 March 2017. Web.

    Burlton, Roger, Jim Ryne, and Daniel St. George. “Value Streams and Business Processes: The Business Architecture Perspective.” Business Architecture Guild, December 2019. Web.

    “Business Architecture: An overview of the business architecture professional.” Capstera, 5 January 2022. Web.

    Business Architecture Guild. “What is Business Architecture?” Business Analyst Mentor, 18 November 2022. Web.

    “Business Architecture Overview.” The Business Architecture Working Group of the Object Management Group (OMG), n.d. Web.

    “Delivering on your strategic vision.” The Business Architecture Guild, n.d. Web.

    Ecker, Grant. “Deploying business architecture.” LinkedIn, 11 November 2021. (Presentation)

    IRIS. “Retail Business Architecture Framework and Examples.” IRIS Business Architect, n.d. Web.

    IRIS. “What Is Business Architecture?” IRIS Business Architect, 8 May 2014. Web.

    IRIS. “Your Enterprise Architecture Practice Maturity 2021 Assessment.” IRIS Business Architect, 17 May 2021. Web.

    Khuen, Whynde. “How Business Architecture Breaks Down and Bridges Silos.” Biz Arch Mastery, January 2020. Web.

    Lambert, Daniel. “Practical Guide to Agile Strategy Execution.” 18 February 2020.

    Lankhorst, Marc, and Bernd Ihnen. “Mapping the BIZBOK Metamodel to the ArchiMate Language.” Bizzdesign, 2 September 2021. Web.

    Ramias, Alan, and Andrew Spanyi, “Demystifying the Relationship Between Processes and Capabilities: A Modest Proposal.” BPTrends, 2 February 2015. Web.

    Newman, Daniel. “NRF 2022: 4 Key Trends From This Year’s Big Show.” Forbes, 20 January 2022. Web.

    Research and Markets. “Define the Business Context Needed to Complete Strategic IT Initiatives: 2018 Blueprint.” Business Wire, 1 February 2018. Web.

    Sabanoglu, Tugba. “Retail market worldwide - Statistics & Facts.” Statista, 21 April 2022. Web.

    Spacey, John. “Capability vs Process.” Simplicable, 18 November 2016. Web.

    “The Definitive Guide to Business Capabilities.” LeanIX, n.d. Web.

    TOGAF 9. Version 9.1. The Open Group, 2011. Web.

    “What is Business Architecture?” STA Group, 2017. PDF.

    Whittie, Ralph. “The Business Architecture, Value Streams and Value Chains.” BA Institute, n.d. Web.

    IT Organizational Design

    • Buy Link or Shortcode: {j2store}32|cart{/j2store}
    • Related Products: {j2store}32|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.1/10
    • member rating average dollars saved: $83,392
    • member rating average days saved: 21
    • Parent Category Name: People and Resources
    • Parent Category Link: /people-and-resources

    The challenge

    • IT can ensure full business alignment through an organizational redesign.
    • Finding the best approach for your company is difficult due to many frameworks and competing priorities.
    • External competitive influences and technological trends exacerbate this.

    Our advice

    Insight

    • Your structure is the critical enabler of your strategic direction. Structure dictates how people work together and how they can fill in their roles to create the desired business value. 
    • Constant change is killing for an organization. You need to adapt, but you need a stable baseline and make sure the change is in line with the overall strategy and company context.
    • A redesign is only successful if it really happens. Shifting people into new positions is not enough to implement a redesign. 

    Impact and results 

    • Define your redesign principles. They will act as a manifesto to your change. It also provides for a checklist, ensuring that the structure does not deviate from the business strategy.
    • Visualize the new design with a customized operating model for your company. It must demonstrate how IT creates value and supports the business value creation chains.
    • Define the future-state roles, functions, and responsibilities to enable your IT department to support the business effectively.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief explains to you the challenges associated with the organizational redesign. We'll show you our methodology and the ways we can help you in completing this.

    Define your organizational design principles and select your operating model

    The design principles will govern your organizational redesign; Align the principles with your business strategy.

    • Redesign Your IT Organizational Structure – Phase 1: Craft Organizational Design Principles and Select an IT Operating Model (ppt)
    • Organizational Design Communications Deck (ppt)

    Customize the selected IT operating model to your company

    Your operating model must account for the company's nuances and culture.

    • Redesign Your IT Organizational Structure – Phase 2: Customize the IT Operating Model (ppt)
    • Operating Models and Capability Definition List (ppt)

    Design the target-state of your IT organizational structure

    Go from an operating model to the structure fit for your company.

    • Redesign Your IT Organizational Structure – Phase 3: Architect the Target-State IT Organizational Structure (ppt)
    • Organizational Design Capability RACI Chart (xls)
    • Work Unit Reference Structures (Visio)
    • Work Unit Reference Structures (pdf)

    Communicate the benefits of the new structure

    Change does not come easy. People will be anxious. Craft your communications to address critical concerns and obtain buy-in from the organization. If the reorganization will be painful, be up-front on that, and limit the time in which people are uncertain.

    • Redesign Your IT Organizational Structure – Phase 4: Communicate the Benefits of the New Organizational Structure (ppt)

     

    Develop Your Agile Approach for a Successful Transformation

    • Buy Link or Shortcode: {j2store}163|cart{/j2store}
    • member rating overall impact (scale of 10): 9.2/10 Overall Impact
    • member rating average dollars saved: $86,469 Average $ Saved
    • member rating average days saved: 16 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Your organization wants to shorten delivery time and improve quality by adopting Agile delivery methods.
    • You know that Agile transformations are complex and difficult to implement.
    • Your organization may have started using Agile, but with only limited success.
    • You want to maximize your Agile transformation’s chances of success.

    Our Advice

    Critical Insight

    • Agile transformations are more likely to be successful when the entire organization understands Agile fundamentals, principles, and practices; the “different way of working” that Agile requires; and the role each person plays in its success.

    Impact and Result

    • Understand the “what and why” of Agile.
    • Identify your organization’s biggest Agile pain points.
    • Gain a deeper understanding of Agile principles and practices, and apply these to your Agile pain points.
    • Create a list of action items to address your organization’s Agile challenges.

    Develop Your Agile Approach for a Successful Transformation Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify common Agile challenges

    Identify your organization's biggest Agile pain points so you can focus attention on those topics that are impacting your Agile capabilities the most.

    • Develop Your Agile Approach for a Successful Transformation – Phases 1-2

    2. Establish a solid foundation for Agile delivery

    Ensure that your organization has a solid understanding of Agile principles and practices to help ensure your Agile transformation is successful. Understand Agile's different way of working and identify the steps your organization will need to take to move from traditional Waterfall delivery to Agile.

    • Roadmap for Transition to Agile

    3. Backlog Management Module: Manage your backlog effectively

    The Backlog Management Module helps teams develop a better understanding of backlog management and user story decomposition. Improve your backlog quality by implementing a three-tiered backlog with quality filters.

    4. Scrum Simulation Module: Simulate effective Scrum practices

    The Scrum Simulation Module helps teams develop a better understanding of Scrum practices and the behavioral blockers affecting Agile teams and organizational culture. This module features two interactive simulations to encourage a deeper understanding of good Scrum practices and Agile principles.

    • Scrum Simulation Exercise (Online Banking App)

    5. Estimation Module: Improve product backlog item estimation

    The Estimation Module helps teams develop a better understanding of Agile estimation practices and how to apply them. Teams learn how Agile estimation and reconciliation provide reliable planning estimates.

    6. Product Owner Module: Establish an Effective Product Owner Role

    The Product Owner Module helps teams understand product management fundamentals and a deeper understanding of the product owner role. Teams define their product management terminology, create quality filters for PBIs moving through the backlog, and develop their product roadmap approach for key audiences.

    7. Product Roadmapping Module: Create effective product roadmaps

    The Product Roadmapping Module helps teams understand product road mapping fundamentals. Teams learn to effectively use the six tools of Product Roadmapping.

    [infographic]

    Further reading

    Develop Your Agile Approach for a Successful Transformation

    Understand Agile fundamentals, principles, and practices so you can apply them effectively in your organization.

    Analyst Perspective

    Understand Agile fundamentals, principles, and practices so you can apply them effectively in your organization.

    Pictures of Alex Ciraco and Hans Eckman

    Alex Ciraco and Hans Eckman
    Application Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Your organization wants to shorten delivery time and improve quality by adopting Agile delivery methods.
    • You know that Agile transformations are complex and difficult to implement.
    • Your organization may have started using Agile, but with only limited success.
    • You want to maximize your Agile transformation's chances of success.

    Common Obstacles

    • People seem to have different, conflicting, or inadequate knowledge of Agile principles and practices.
    • Your organization is not seeing the full benefits that Agile promises, and project teams aren't sure they are "doing Agile right."
    • Confusion and misinformation about Agile is commonplace in your organization.

    Info-Tech's Approach

    • Use our Common Agile Challenges Survey to identify your organization's Agile pain points.
    • Leverage this blueprint to level-set the organization on Agile fundamentals.
    • Address your survey's biggest Agile pain points to see immediate benefits and improvements in the way you practice Agile in your organization.

    Info-Tech Insight

    Agile transformations are more likely to be successful when the entire organization genuinely understands Agile fundamentals, principles and practices, as well as the role each person plays in its success. Focus on developing a solid understanding of Agile practices so your organization can "Be Agile", not just "Do Agile".

    Info-Tech's methodology

    1. Identify Common Agile Challenges

    2. Establish a Solid Foundation for Agile Delivery

    3. Agile Modules

    Phase Steps

    1.1 Identify common agile challenges

    2.1 Align teams with Agile fundamentals

    2.2 Interpret your common Agile challenges survey results

    2.3 (Optional) Move stepwise to iterative Agile delivery

    2.4 Identify insights and team feedback

    • Backlog Management Module:
      Manage Your Backlog Effectively
    • Scrum Simulation Module:
      Simulate Effective Scrum Practices
    • Estimation Module:
      Improve Product Backlog Item Estimation
    • Product Owner Module:
      Establish an Effective Product Owner Role
    • Product Roadmapping Module: Create Effective Product Roadmaps
    Phase Outcomes

    Understand common challenges associated with Agile transformations and identify your organization's struggles.

    Establish and apply a uniform understanding of Agile fundamentals and principles.

    Create a roadmap for your transition to Agile delivery and prioritized challenges.

    Foster deeper understanding of Agile principles and practices to resolve pain points.

    Develop your agile approach for a successful transformation

    Everyone's Agile journey is not the same.

    agile journey for a successful transformation

    Application delivery continues to fall short

    78% of IT professionals believe the business is "usually" or "always" out of sync with project requirements.
    Source: "10 Ways Requirements Can Sabotage Your Projects Right From the Start"

    Only 34% of software is rated as both important and effective by users.

    Source: Info-Tech's CIO Business Vision Diagnostic

    Agile DevOps is a progression of cultural, behavioral, and process changes. It takes time.

    An image of the trail to climb Mount Everest, with the camps replaced by the main steps of the agile approach to reaching Nirvana.

    Enhancements and maintenance are misunderstood

    an image showing the relationship between enhancements and maintenance.

    Source: "IEEE Transactions on Software Engineering"

    Why Agile/DevOps? It's about time to value

    Leaders and stakeholders are frustrated with long lead times to implement changes. Agile/DevOps promotes smaller, more frequent releases to start earning value sooner.

    A frequency graph showing the Time to delivering value depends on Frequency of Releases

    Time to delivering value depends on Frequency of Releases

    Embrace change, don't "scope creep" it

    64% of IT professionals adopt Agile to enhance their ability to manage changing priorities.

    71% of IT professionals found their ability to manage changing priorities improved after implementing Agile.

    Info-Tech Insight

    Traditional delivery processes work on the assumption that product requirements will remain constant throughout the SDLC. This results in delayed delivery of product enhancements which are critical to maintaining a positive customer experience.

    Adapted from: "12th Annual State of Agile Report"

    Agile's four core values

    "…while there is value in the items on the right, we value the items on the left more."
    – Source: "The Agile Manifesto"

    We value. . .

    Individuals and Interactions

    OVER

    Processes and Tools

    Working Software

    OVER

    Comprehensive Documentation

    Customer Collaboration

    OVER

    Contract Negotiation

    Responding to Change

    OVER

    Following a Plan

    Being Agile

    OVER

    Being Prescriptive

    Harness Agile's cultural advantages

    Collaboration

    • Team members leverage all their experience working toward a common goal.

    Iterations

    • Cycles provide opportunities for more product feedback.

    Continual Improvement

    • Self-managing teams continually improve their approach for the next iteration.

    Prioritization

    • The most important needs are addressed in the current iteration.

    Compare Waterfall and Agile – the "what" (how are they different?)

    This is an example of the Waterfall Approach.

    A "One and Done" Approach (Planning & Documentation Based)
    Elapsed time to deliver any value: Months to years

    This is an example of the Agile Approach

    An "Iterative" Approach (Empirical/Evidence Based)
    Elapsed time to deliver any value: Weeks

    Be aware of common myths around Agile

    1. … solve development and communication issues.
    2. … ensure you will finish requirements faster.
    3. … mean you don't need planning and documentation.

    "Although Agile methods are increasingly being adopted in globally distributed settings, there is no panacea for success."
    – "Negotiating Common Ground in Distributed Agile Development: A Case Study Perspective."

    "Without proper planning, organizations can start throwing more resources at the work which spirals into the classic Waterfall issues of managing by schedule."
    – Kristen Morton, Associate Implementation Architect,
    OneShield Inc., Info-Tech Interview

    Agile* SDLC

    With shared ownership instead of silos, we can deliver value at the end of every iteration (aka sprint)

    An image of the Agile SDLC Approach.

    * There are many Agile methodologies to choose from, but Scrum is by far the most widely used (and is shown above).

    Key Elements of the Agile SDLC

    • You are not "one-and-done." There are many short iterations with constant feedback.
    • There is an empowered product owner. This is a single authoritative voice that represents stakeholders.
    • There is a fluid product backlog. This enables prioritization of requirements "just-in-time."
    • Cross-functional, self-managing team. This team makes commitments and is empowered by the organization to do so.
    • Working, tested code at the end of each sprint. Value becomes more deterministic along sprint boundaries.
    • Demonstrate to stakeholders. Allow them to see and use the functionality and provide necessary feedback.
    • Feedback is being continuously injected back into the product backlog. This shapes the future of the solution.
    • Continuous improvement through sprint retrospectives.
    • "Internally Governed" when done right (the virtuous cycle of sprint-demo-feedback).

    A backlog stores and organizes PBIs at various stages of readiness

    A well-formed backlog can be thought of as a DEEP backlog:

    • Detailed Appropriately: Product backlog items (PBIs) are broken down and refined as necessary.
    • Emergent: The backlog grows and evolves over time as PBIs are added and removed.
    • Estimated: The effort a PBI requires is estimated at each tier.
    • Prioritized: The PBIs value and priority are determined at each tier.

    (Perforce, 2018)

    An image showing the Ideas; Qualified; Ready; funnel leading to the sprint approach.

    Outline the criteria to proceed to the next tier via quality filters

    Expand the concepts of defining "ready" and "done" to include the other stages of a PBIs journey through product planning.

    An image showing the approach you will use to Outline the criteria to proceed to the next tier via quality filters

    Info-Tech Insight: A quality filter ensures quality is met and teams are armed with the right information to work more efficiently and improve throughput.

    Deliverables

    Many steps in this blueprint are accompanied by supporting deliverables to help you accomplish your goals.

    Common Agile Challenges Survey
    Survey the organization to understand which of the common Agile challenges the organization is experiencing

    A screenshot from Common Agile Challenges Survey

    Roadmap for Transition to Agile
    Identify steps you will take to move your organization toward Agile delivery

    A screenshot from Roadmap for Transition to Agile

    Blueprint benefits

    IT Benefits

    Business Benefits

    • Consistent Agile delivery teams.
    • Delivery prioritized with business needs and committed work is achievable.
    • Improved ability to adjust future delivery cycles to meet changing business, market, and end-user needs.
    • Increased alignment and stability of resources with products and technology areas.
    • Reduction in the mean time to delivery of product backlog items.
    • Reduction in technical debt.
    • Better delivery alignment with enterprise goals, vision, and outcomes.
    • Improved coordination with product owners and stakeholders.
    • Quantifiable value realization following each release.
    • Product decisions made at the right time and with the right input.
    • Improved team morale and productivity.
    • Improved operational efficiency and process automation.
    • Increased employee retention and quality of new hires.
    • Reduction in accumulated project risk.

    Measure the value of this blueprint

    Implementing quality and consistent Agile practices improves SDLC metrics and reduces time to value.

    • Use Select and Use SDLC Metrics Effectivelyto track and measure the impact of Agile delivery. For example:
      • Reduction in PBI wait time
      • Improve throughput
      • Reduction in defects and defect severity
    • Phase 1 helps you prepare and send your Common Agile Challenges Survey.
    • Phase 2 builds a transformation plan aligned with your top pain points.

    Align Agile coaching and practices to address your key pain points identified in the Common Agile Challenges Survey.

    A screenshot from Common Agile Challenges Survey

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    This is an image of the eight calls which will take place over phases 1-3.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 8 calls over the course of 1 to 2 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Phases 1-2
    1.5 - 3.0 days estimated

    Backlog Management
    0.5 - 1.0 days estimated

    Scrum Simulation
    1.25 - 2.25 days estimated

    Estimation
    1.0 - 1.25 days estimated

    Product Owner
    1.0 - 1.75 days estimated

    Product Roadmapping
    0.5 - 1.0 days estimated

    Establish a Solid Foundation for Agile Delivery

    Define the
    IT Target State

    Assess the IT
    Current State

    Bridge the Gap and
    Create the Strategy

    Establish an Effective Product Owner Role

    Create Effective Product Roadmaps

    Activities

    1.1 Gather Agile challenges and gaps
    2.1 Align teams with Agile fundamentals
    2.2 Interpret your common Agile challenges survey results
    2.3 (Optional) Move stepwise to iterative Agile delivery
    2.4 Identify insights and team feedback

    1. User stories and the art of decomposition
    2. Effective backlog management and refinement
    3. Identify insights and team feedback
    1. Scrum sprint planning and retrospective simulation
    2. Pass the balls – sprint velocity game
    1. Improve product backlog item estimation
    2. Agile estimation fundamentals
    3. Understand the wisdom of crowds
    4. Identify insights and team feedback
    1. Understand product management fundamentals
    2. The critical role of the product owner
    3. Manage effective product backlogs and roadmaps
    4. Identify insights and team feedback
    1. Identify your product roadmapping pains
    2. The six "tools" of product roadmapping
    3. Product roadmapping exercise

    Deliverables

    1. Identify your organization's biggest Agile pain points.
    2. Establish common Agile foundations.
    3. Prioritize support for a better Agile delivery approach.
    4. Plan to move stepwise to iterative Agile delivery.
    1. A better understanding of backlog management and user story decomposition.
    1. Scrum sprint planning and retrospective simulation
    2. Pass the balls – sprint velocity game
    1. Improve product backlog item estimation
    2. Agile estimation fundamentals
    3. Understand the wisdom of crowds
    4. Identify insights and team feedback
    1. Understand product management fundamentals
    2. The critical role of the product owner
    3. Manage effective product backlogs and roadmaps
    4. Identify insights and team feedback
    1. Understand product vs. project orientation.
    2. Understand product roadmapping fundamentals.

    Agile Modules

    For additional assistance planning your workshop, please refer to the facilitation planning tool in the appendix.

    Related Info-Tech Research

    Mentoring for Agile Teams
    Get practical help and guidance on your Agile transformation journey.

    Implement DevOps Practices That Work
    Streamline business value delivery through the strategic adoption of DevOps practices.

    Deliver on Your Digital Product Vision
    Build a product vision your organization can take from strategy through execution.

    Deliver Digital Products at Scale
    Deliver value at the scale of your organization through defining enterprise product families.

    Phase 1

    Phase 1

    Phase 2

    Agile Modules

    1.1 Identify common Agile challenges

    2.1 Align teams with Agile fundamentals

    2.2 Interpret your common Agile challenges survey results

    2.3 (Optional) Move stepwise to iterative Agile delivery

    2.4 Identify insights and team feedback

    • Backlog Management Module: Manage Your Backlog Effectively
    • Scrum Simulation Module: Simulate Effective Scrum Practices
    • Estimation Module: Improve Product Backlog Item Estimation
    • Product Owner Module: Establish an Effective Product Owner Role
    • Product Roadmapping: Create Effective Product Roadmaps

    This phase will walk you through the following activities:

    • Decide who will participate in the Common Agile Challenges Survey
    • Compile the results of the survey to identify your organization's biggest pain points with Agile

    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Develop Your Agile Approach for a Successful Transformation

    Step 1.1

    Identify common Agile challenges

    Activities

    1.1 Distribute Common Agile Challenges Survey and collect results

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of your organization's Agile pain points.

    Focus Agile support where it is most needed

    A screenshot from Common Agile Challenges Survey

    Info-Tech Insight

    There isn't one approach that cures all the problems your Agile teams are facing. First, understand these common challenges, then develop a plan to address the root causes.

    Use Info-Tech's Common Agile Challenges Survey to determine common issues and what problems individual teams are facing. Use the Agile modules and supporting guides in this blueprint to provide targeted support on what matters most.

    Exercise 1.1.1 Distribute Common Agile Challenges Survey

    30 minutes

    1. Download Survey Template: Info-Tech Common Agile Challenges Survey template.
    2. Create your own local copy of the Common Agile Challenges Survey by using the template. The Common Agile Challenges Survey will help you to identify which of the many common Agile-related challenges your organization may be facing.
    3. Decide on the teams/participants who will be completing the survey. It is best to distribute the survey broadly across the organization and include participants from several teams and roles.
    4. Copy the link for your local survey and distribute it for participants to complete (we suggest giving them one week to complete it).
    5. Collect the consolidated survey results in preparation for the next phase.
    6. NOTE: Using this survey template requires having access to Microsoft Forms. If you do not have access to Microsoft Forms, an Info-Tech analyst can perform the survey for you.

    Output

    • Your organization's biggest Agile pain points

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Record the results in the Roadmap for Transition to Agile Template

    Phase 2

    Establish a Solid Foundation for Agile Delivery

    Phase 1

    Phase 2

    Agile Modules

    1.1 Identify common Agile challenges

    2.1 Align teams with Agile fundamentals

    2.2 Interpret your common Agile challenges survey results

    2.3 (Optional) Move stepwise to iterative Agile delivery

    2.4 Identify insights and team feedback

    • Backlog Management Module: Manage Your Backlog Effectively
    • Scrum Simulation Module: Simulate Effective Scrum Practices
    • Estimation Module: Improve Product Backlog Item Estimation
    • Product Owner Module: Establish an Effective Product Owner Role
    • Product Roadmapping: Create Effective Product Roadmaps

    This phase will walk you through the following activities:

    • Gain a fundamental understanding of Agile
    • Understand why becoming Agile is hard
    • Identify steps needed to become more Agile
    • Understand your biggest Agile pain points

    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Step 2.1

    Align teams with Agile fundamentals

    Activities

    2.1.1 Share what Agile means to you
    2.1.2 (Optional) Contrast two delivery teams
    2.1.3 (Optional) Dissect the Agilist's Oath
    2.1.4 (Optional) Create your prototype definitions of ready
    2.1.5 (Optional) Create your prototype definitions of done
    2.1.6 Identify the challenges of implementing agile in your organization

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of what Agile is and why we do it.

    Exercise 2.1.1 Share what Agile means to you

    30-60 minutes

    1. What is Agile? Why do we do it?
    2. As a group, discuss and capture your thoughts on:
      1. What is Agile (its characteristics, practices, differences from alternatives, etc.)?
      2. Why do we do it (its drivers, benefits, advantages, etc.)?
    3. Capture your findings in the table below:

    What is Agile?

    Why do we do it?

    (e.g. Agile mindset, principles, and practices)

    (e.g. benefits)

    Output

    • Your current understanding of Agile and its benefits

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Why Agile/DevOps? It's about time to value

    Leaders and stakeholders are frustrated with long lead times to implement changes. Agile/DevOps promotes smaller, more frequent releases to start earning value sooner.

    A graph demonstrating the increased frequency of release expected over time, from 1960 - present

    Time to delivering value depends on frequency of releases.
    Source: 5Q Partners

    The pandemic accelerated the speed of digital transformation

    With the massive disruption preventing people from gathering, businesses shifted to digital interactions with customers.

    December 2019 - 36%; acceleration of 3 years; July 2020 - 58%.

    Companies also accelerated the pace of creating digital or digitally enhanced products and services.

    December 2019 - 35%; acceleration of 3 years; July 2020 - 55%.

    (McKinsey, 2020 )

    "The Digital Economy incorporates all economic activity reliant on or significantly enhanced by the use of digital inputs, including digital technologies, digital infrastructure, digital services and data."
    (OECD Definition)

    What does "elite" DevOps look like?

    This is an image of an annotated table showing what elite devops looks like.

    Where are you now?
    Where do You Want to Be?

    * Google Cloud/Accelerate State of DevOps 2021

    Realize and sustain value with DevOps

    Businesses with elite DevOps practices…

    973x more frequent faster lead time code deployments from commit to deploy, 3x 6570x lower change failure rate faster time to recover.

    Waterfall vs. Agile – the "what" (How are they different?)

    This is an example of the Waterfall Approach.

    A "One and Done" Approach (Planning & Documentation Based)
    Elapsed time to deliver any value: Months to years

    This is an example of the Agile Approach

    An "Iterative" Approach (Empirical/Evidence Based)
    Elapsed time to deliver any value: Weeks

    (Optional) Exercise 2.1.2 A tale of two teams

    Discussion (5-10 minutes)

    As a group, discuss how these teams differ

    Team 1:
    An image of the business analyst passing the requirements baton to the architect runner.

    Team 2:
    An image of team of soldiers carrying a heavy log up a beach

    Image Credit: DVIDS

    Discuss differences between these teams:
    • How are they different?
    • How would you coach/train/manage/lead?
    • How does team members' behavior differ?
    • How would you measure each team?
    What would have to happen at your organization to make working like this possible?

    Output

    • How your organization can support Agile behavior and mindset

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Dissect the Agilist's Oath

    Read and consider each element of the oath.

    • As a member of this Scrum team, I recognize that we are all equally and collectively responsible for the success of this project.
    • Success is defined as achieving the best possible outcome for our stakeholders given the constraints of time, money, and circumstances we will face.
    • We will achieve this by working collaboratively with our product owner to regularly deliver high-quality, working, tested code that can be demonstrated, and we will adjust our path forward based on the feedback we receive.
    • I will holistically embrace the concept of "good enough for now" into my work practices, because I know that waiting for the best/perfect solution does not yield optimal results.
    • Collectively, we will work to holistically minimize risk for the project across all phases and disciplines.
    • My primary role will be _____ [PO, SM, BA, Dev, Arch, Test, Ops, etc.], but I will contribute wherever and however best serves the current needs of the project.
    • I recognize that working in Agile/Scrum is not an excuse to ignore important things like adequate design and documentation. Collectively, we will ensure that these things are completed incrementally to a level of detail and quality which adequately serves the organization and stakeholders.
    • We are a team, and we will succeed or fail as one.

    Exercise 2.1.3 (Optional) Dissect the Agilist's Oath

    30 minutes

    1. Each bullet point in the Agilist's Oath is chosen to convey one of eight key messages about Agile practices and the mindset change that's required by everyone involved.
    2. As a group, discuss the "message" for each bullet point in the Agilist's Oath. Then identify which of them would be "easy" and "hard" to achieve in your organization.
    • As a member of this Scrum team, I recognize that we are all equally and collectively responsible for the success of this project.
    • Success is defined as achieving the best possible outcome for our stakeholders given the constraints of time, money, and circumstances we will face.
    • We will achieve this by working collaboratively with our product owner to regularly deliver high-quality, working, tested code that can be demonstrated, and we will adjust our path forward based on the feedback we receive.
    • I will holistically embrace the concept of "good enough for now" into my work practices, because I know that waiting for the best/perfect solution does not yield optimal results.
    • Collectively, we will work to holistically minimize risk for the project across all phases and disciplines.
    • My primary role will be _____ [PO, SM, BA, Dev, Arch, Test, Ops, etc.], but I will contribute wherever and however best serves the current needs of the project.
    • I recognize that working in Agile/Scrum is not an excuse to ignore important things like adequate design and documentation. Collectively, we will ensure that these things are completed incrementally to a level of detail and quality which adequately serves the organization and stakeholders.
    • We are a team, and we will succeed or fail as one.

    Which aspects of the Agilist's Oath are "easy" in your org?

    Which aspects of the Agilist's Oath are "hard" in your org?

    Output

    • How your organization can support Agile behavior and mindset

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Be aware of common myths around Agile

    Agile does not . . . .

    1. … solve development and communication issues.
    2. … ensure you will finish requirements faster.
    3. … mean you don't need planning and documentation.

    "Although Agile methods are increasingly being adopted in globally distributed settings, there is no panacea for success."
    – "Negotiating Common Ground in Distributed Agile Development: A Case Study Perspective."

    "Without proper planning, organizations can start throwing more resources at the work which spirals into the classic Waterfall issues of managing by schedule."
    – Kristen Morton, Associate Implementation Architect,
    OneShield Inc., Info-Tech Interview

    Agile's four core values

    "…while there is value in the items on the right, we value the items on the left more."
    – Source: "The Agile Manifesto"

    We value. . .

    Individuals and Interactions

    OVER

    Processes and Tools

    Working Software

    OVER

    Comprehensive Documentation

    Customer Collaboration

    OVER

    Contract Negotiation

    Responding to Change

    OVER

    Following a Plan

    Being Agile

    OVER

    Being Prescriptive

    Consider the traditional/Waterfall SDLC

    With siloes and handoffs, valuable product is delivered only at the end of an extended project lifecycle.

    This is an image of the Traditional Waterfall SDLC approach

    View additional transition models in the appendix

    Agile* SDLC

    With shared ownership instead of silos, we can deliver value at the end of every iteration (aka sprint)

    Key Elements of the Agile SDLC

    • You are not "one-and-done". There are many short iterations with constant feedback.
    • There is an empowered product owner. This is a single authoritative voice that represents stakeholders.
    • There is a fluid product backlog. This enables prioritization of requirements "just-in-time"
    • Cross-functional, self-managing team. This team makes commitments and is empowered by the organization to do so.
    • Working, tested code at the end of each sprint. Value becomes more deterministic along sprint boundaries.
    • Demonstrate to stakeholders. Allow them to see and use the functionality and provide necessary feedback.
    • Feedback is being continuously injected back into the product backlog. This shapes the future of the solution.
    • Continuous improvement through sprint retrospectives.
    • "Internally Governed" when done right (the virtuous cycle of sprint-demo-feedback).

    This is a picture of the Agile SDLC approach.

    * There are many Agile methodologies to choose from, but Scrum (shown above) is by far the most widely used.

    Scrum roles and responsibilities

    Product Owner

    Scrum Master

    Team Members

    Responsible

    • For identifying the product features and their importance in the final deliverable.
    • For refining and reprioritizing the backlog that identifies which features will be delivered in the next sprint based on business importance.
    • For clearing blockers and escalations when necessary.
    • For leading scrums, retrospectives, sprint reviews, and demonstrations.
    • For team building and resolving team conflicts.
    • For creating, testing, deploying, and supporting deliverables and valuable features.
    • For self-managing. There is no project manager assigning tasks to each team member.

    Accountable

    • For delivering valuable features to stakeholders.
    • For ensuring communication throughout development.
    • For ensuring high-quality deliverables for the product owner.

    Consulted

    • By the team through collaboration, rather than contract negotiation.
    • By the product owner on resolution of risks.
    • By the team on suggestions for improvement.
    • By the scrum master and product owner during sprint planning to determine level of complexity of tasks.

    Informed

    • On the progress of the current sprint.
    • By the team on work completed during the current sprint.
    • On direction of the business and current priorities.

    Scrum ceremonies

    Are any of these challenges for your organization? Done When:

    Project Backlog Refinement (PO & SM): Prepare user stories to be used in the next two to three future sprints. User stories are broken down into small manageable pieces of work that should not span sprints. If a user story is too big for a sprint, it is broken down further here. The estimation of the user story is examined, as well as the acceptance criteria, and each is adjusted as necessary from the Agile team members' input.

    Regularly over the project's lifespan

    Sprint Planning (PO, SM & Delivery Team): Discuss the work for the upcoming sprint with the business. Establish a clear understanding of the expectations of the team and the sprint. The product owner decides if priority and content of the user stories is still accurate. The development team decides what they believe can be completed in the sprint, using the user stories, in priority order, refined in backlog refinement.

    At/before the start of each sprint

    Daily Stand-Up (SM & Delivery Team): Coordinate the team to communicate progress and identify any roadblocks as quickly as possible. This meeting should be kept to fifteen minutes. Longer conversations are tabled for a separate meeting. These are called "stand-ups" because attendees should stay standing for the duration, which helps keep the meeting short and focused. The questions each team member should answer at each meeting: What did I do since last stand-up? What will I do before the next stand-up? Do I have any roadblocks?

    Every day during the sprint

    Sprint Demo (PO, SM, Delivery Team & Stakeholders): Review and demonstrate the work completed in the sprint with the business (demonstrate working and tested code which was developed during the sprint and gather stakeholder feedback).

    At the end of each sprint

    Sprint Retrospective (SM & Delivery Team & PO): Discuss how the sprint worked to determine if anything can be changed to improve team efficiency. The intent of this meeting is not to find/place blame for things that went wrong, but instead to find ways to avoid/alleviate pain points.

    At the end of each sprint

    Sample delivery sprint calendar

    The following calendar illustrates a two-week Scrum cadence (including ceremonies). This diagram is for illustrative purposes only. The length of the sprint and timing of ceremonies may differ from delivery team to delivery team based on their needs and schedules.

    An image of a sample sprint delivery calendar

    Sample delivery sprint calendar

    The following calendar illustrates a three-week Scrum cadence (including ceremonies). This diagram is for illustrative purposes only. The length of the sprint and timing of ceremonies may differ from delivery team to delivery team based on their needs and schedules.

    An image of a sample sprint delivery calendar

    Ensure your teams have the right information

    Implement and enforce your definition of ready at each stage of planning. Ensure your teams understand the required tasks by clarifying the definition of done.*

    Ready

    Done
    • The request has a defined problem, and the value is understood.
    • The request is documented, and the owner is identified.
    • Business and IT roles are committed to participating in estimation and planning activities.
    • Estimates and plans are made and validated with IT teams and business representatives.
    • Stakeholders and decision makers accept the estimates and plans as well as the related risks.
    • Estimates and plans are documented and slated for future review.

    * Note that your definitions of ready and done may vary from project to project, and they should be decided on collectively by the delivery team at the beginning of the project (part of setting their "norms") and updated if/when needed.

    Exercise 2.1.4 (Optional) Create definition of ready and done for an oil change

    10-15 minutes

    Step 1:

    1. As a group, create a definition of ready and done for doing an oil change (this will help you to understand the nature and value of a definition of ready and done using a relatable example):

    Definition of Ready

    Checklist:

    Definition of Done

    Checklist – For each user story:

    The checklist of things that must be true/done to begin the oil change.

    • We have the customer's car and keys
    • We know which grade of oil the customer wants

    The checklist of things that must be true/done at the end of the oil change.

    • The oil has been changed
    • A reminder sticker has been placed on windshield

    Exercise 2.1.4 (Optional) Create your prototype definitions of ready

    30-60 minutes

    Step 2:

    1. As a group, review the two sample definitions of ready below and select the one you consider to be the best starting point for your prototype definition of ready.

    Definition of Ready SAMPLE 1:

    Checklist – For each user story:

    • Technical and business risks are identified.
    • Resources are available for development.
    • Story has been assigned to a sprint/iteration.
    • Organizational business value is defined.
    • A specific user has been identified.
    • Stakeholders and needs defined.
    • Process impacts are identified.
    • Data needs are defined.
    • Business rules and non-functional requirements are identified.
    • Acceptance criteria are ready.
    • UI design work is ready.
    • Story has been traced to the project, epic, and sprint goal.

    Definition of Ready SAMPLE 2:

    Checklist – For each user story:

    • The value of story to the user is clearly indicated.
    • The acceptance criteria for story have been clearly described.
    • User story dependencies identified.
    • User story sized by delivery team.
    • Scrum team accepts user experience artifacts.
    • Performance criteria identified, where appropriate.
    • Person who will accept the user story is identified.
    • The team knows how to demo the story.

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.1.4 (Optional) Create your prototype definitions of ready

    30-60 minutes

    Step 3:

    1. As a group, using the selected sample as your starting point, decide what changes need to be made (keep/add/delete/modify):

    Definition of Ready Checklist – For each user story:

    Disposition

    The value of story to the user is clearly indicated.

    Keep as is

    The acceptance criteria for story have been clearly described. Keep as is
    User story dependencies identified. Modify to: "Story has been traced to the project, epic, and sprint goal"
    User story sized by delivery team. Modify to: "User Stories have been sized by the Delivery team using Story Points"
    Scrum team accepts user experience artifacts. Keep as is
    Performance criteria identified, where appropriate. Keep as is
    Person who will accept the user story is identified.

    Delete

    The team knows how to demo the story. Keep as is

    Add: "Any performance related criteria have been identified where appropriate"

    Add: "Any data model related changes have been identified where needed"

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.1.4 (Optional) Create your prototype definitions of ready

    30-60 minutes

    Step 4:

    1. As a group, capture and agree on your prototype definition of ready*:

    Definition of Ready

    Checklist – For each user story:

    User stories and related requirements contain clear descriptions of what is expected of a given functionality. Business value is identified.

    • The value of the story to the user is clearly indicated.
    • The acceptance criteria for the story have been clearly described.
    • Story has been traced to the project, epic, and sprint goal.
    • User stories have been sized by the delivery team using story points.
    • Scrum team accepts user experience artifacts.
    • Performance criteria identified, where appropriate.
    • The team knows how to demo the story.
    • Any performance-related criteria have been identified where appropriate.
    • Any data-model-related changes have been identified where needed.

    Record the results in the Roadmap for Transition to Agile Template

    * This checklist helps Agile teams determine if the stories in their backlog are ready for sprint planning. As your team gains experience with Agile, tailor this list to your needs and follow it until the practice becomes second nature.

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.1.5 (Optional) Create your prototype definitions of done

    30-60 minutes

    Step 5:

    1. As a group, review the two sample definitions of ready below and select the one you consider to be the best starting point for your prototype definition of ready:

    SAMPLE 1:

    Definition of Done Checklist – For each user story:

    • Design complete
    • Code compiles
    • Static code analysis has been performed and passed
    • Peer reviewed with coding standards passed
    • Code merging completed
    • Unit tests and smoke tests are done/functional (preferably automated)
    • Meets the steps identified in the user story
    • Unit & QA test passed
    • Usability testing completed
    • Passes functionality testing including security testing
    • Data validation has been completed
    • Ready to be released to the next stage

    SAMPLE 2:

    Definition of Done Checklist – For each user story:

    • Work was completed in a way that a professional would say they are satisfied with their work.
    • Work has been seen by multiple team members.
    • Work meets the criteria of satisfaction described by the customer.
    • The work is part of a package that will be shared with the customer as soon as possible.
    • The work and any learnings from doing the work have been documented.
    • Completion of the work is known by and visible to all team members.
    • The work has passed all quality, security, and completeness checks as defined by the team.

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.1.4 (Optional) Create your prototype definitions of done

    30-60 minutes

    Step 6:

    1. As a group, using the selected sample as your starting point, decide what changes need to be made (keep/add/delete/modify):

    Definition of Ready Checklist – For each user story:

    Disposition

    • Work was completed in a way that a professional would say they are satisfied with their work.
    Keep as is
    • Work has been seen by multiple team members.
    Delete
    • Work meets the criteria of satisfaction described by the customer.
    Modify to: "All acceptance criteria for the user story have been met"
    • The work is a part of a package that will be shared with the customer as soon as possible.
    Modify to: "The user story is ready to be demonstrated to Stakeholders"
    • The work and any learnings from doing the work has been documented.
    Keep as is
    • Completion of the work is known by and visible to all team members.
    Keep as is
    • The work has passed all quality, security, and completeness checks as defined by the team.
    Modify to: "Unit, smoke and regression testing has been performed (preferably automated), all tests were passed"
    Add: "Any performance related criteria associated with the story have been met"

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.1.4 (Optional) Create your prototype definitions of done

    30-60 minutes

    Step 7:

    1. As a group, capture and agree on your prototype Definition of Done*:

    Definition of Done

    Checklist – For each user story:

    When the user story is accepted by the product owner and is ready to be released.

    • Work was completed in a way that a professional would say they are satisfied with their work.
    • All acceptance criteria for the user story have been met.
    • The user story is ready to be demonstrated to stakeholders.
    • The work and any learnings from doing the work have been documented.
    • Completion of the work is known by and visible to all team members.
    • Unit, smoke, and regression testing has been performed (preferably automated), and all tests were passed.
    • Any performance-related criteria associated with the story have been met.

    Record the results in the Roadmap for Transition to Agile Template

    * This checklist helps Agile teams determine if the stories in their backlog are ready for sprint planning. As your team gains experience with Agile, tailor this list to your needs and follow it until the practice becomes second nature.

    Output

    • Prototype definitions of ready and done for your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Getting to "Agile DevOps Nirvana" is hard, but it's worth it.

    An image of the trail to climb Mount Everest, from camps 1-4

    Agile DevOps is a progression of cultural, behavioral, and process changes.
    It takes time.

    An image of the trail to climb Mount Everest, with the camps replaced by the steps to deploy Agile, to reach Agile/Devops Nirvana

    Agile DevOps may be hard, but it's worth it…

    It turns out Waterfall is not as good at reducing risk and ensuring delivery after all.

    CHAOS RESOLUTION BY AGILE VERSUS WATERFALL
    Size Method Successful Challenged Failed
    All Size Projects Agile 39% 52% 9%
    Waterfall 11% 60% 29%

    Standish Group; CHAOS REPORT 2015

    "I believe in this [Waterfall] concept, but the implementation described above is risky and invites failure."

    – Winston W. Royce

    Compare Waterfall to Agile

    Waterfall

    Agile

    Roles and Responsibilities

    Silo your resources

    Defined/segregated responsibilities

    Handoffs between siloes via documents

    Avoid siloes

    Collective responsibility

    Transitions instead of handoffs

    Belief System

    Trust the process

    Assign tasks to individuals

    Trust the delivery team

    Assign ownership/responsibilities to the team

    Planning Approach

    Create a detailed plan before work begins

    Follow the plan

    High level planning only

    The plan evolves over project lifetime

    Delivery Approach

    One and done (big bang delivery at end of project)

    Iterative delivery (regularly demonstrate working code)

    Governance Approach

    Phases and gates

    Artifacts and approvals

    Demo working tested code and get stakeholder feedback

    Support delivery team and eliminate roadblocks

    Approach to Stakeholders

    Involved at beginning and end of project

    "Arm's length" relationship with delivery team

    Involved throughout project (sprint by sprint)

    Closely involved with delivery team (through full time PO)

    Approach to Requirements/Scope

    One-time requirements gathering at start of project

    Scope is fixed at beginning of project ("carved in stone")

    On going requirements gathering and refinement over time

    Scope is roughly determined at beginning (expect change)

    Approach to Changing Requirements

    Treats change like it is "bad"

    Onerous CM process (discourages change)

    Scope changes "require approval" and are disruptive

    Accepts change as natural part of development.

    Light Change Management process (change is welcome)

    Scope changes are handled like all changes

    Hybrid SDLC: Wagile/Agilfall/WaterScrumFall

    Valuable product delivered in multiple releases

    A picture of a hybrid waterfall - Agile approach.

    If moving directly from Waterfall to Agile is too much for your organization, this can be a valuable interim step (but it won't give you the full benefits of Agile, so be careful about getting stuck here).

    Exercise 2.1.6 Identify the challenges of implementing Agile in your organization

    30-60 minutes

    1. As a group, discuss:
      1. Why being Agile may be difficult in your organization?
      2. What are some of the roadblocks and speed bumps you may face?
      3. What incremental steps might the organization take toward becoming Agile?

    Record the results in the Roadmap for Transition to Agile Template

    Output

    • Why being Agile is hard in your organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Step 2.2

    Align teams with Agile fundamentals

    Activities

    2.2.1 Review the results of your Common Agile Challenges Survey (30-60 minutes)
    2.2.2 Align your support with your top five challenges

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your organization's biggest Agile pain points.

    Be aware of common Agile challenges

    The road to Agile is filled with potholes, speedbumps, roadblocks, and brick walls!

    1. Establish an effective product owner role (PO)
    2. Uncertainty about minimum viable product (MVP)
    3. How non-Agile teams (like architecture, infosec, operations, etc.) work with Agile teams
    4. Project governance/gating process
    5. What is the role of a PM/PMO in Agile?
    6. How to budget/plan Agile projects
    7. How to contract and work with an Agile vendor
    8. An Agile skills deficit (e.g. new-to-Agile teams who have difficulty "doing Agile right")
    9. General resistance to change in the organization
    10. Lack of Agile training, piloting, and coaching
    11. Different Agile approaches are used by different teams
    12. Backlog management and user story decomposition challenges
    13. Quality assurance challenges
    14. Hierarchical management practices and organization boundaries
    15. Difficulty with establishing autonomous Agile teams
    16. Lack of management support for Agile
    17. Poor Agile estimation practices
    18. Difficulty creating effective product roadmaps in Agile
    19. How do we know when an Agile project is ready to go live?
    20. Sprint goals are not being consistently met, or sprint deliverables that are full of bugs

    Exercise 2.2.1 Review the results of your Common Agile Challenges Survey

    30-60 minutes

    1. Using the results of your Common Agile Challenges Survey, fill in the bar chart with your top five pain points:

    A screenshot from Common Agile Challenges Survey

    Output

    • Your organization's biggest Agile pain points identified and prioritized

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.2.2 Align your support with your top five challenges

    30 minutes

    Using the Agile Challenges support mapping on the following slides, build your transformation plan and supporting resources. You can build your plan by individual team results or as an enterprise approach.

    Priority Agile Challenge Module Name and Sequence
    1
    1. Agile Foundations
    2. ?
    2
    1. Agile Foundations
    2. ?
    3
    1. Agile Foundations
    2. ?
    4
    1. Agile Foundations
    2. ?
    5
    1. Agile Foundations
    2. ?

    Output

    • Your organization's Agile Challenges transformation plan

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Map challenges to supporting modules

    Agile Challenges

    Supporting Resources

    Difficulty establishing an effective product owner (PO) or uncertainty about the PO role

    Modules:

    • Agile Foundations
    • Establish an Effective Product Owner Role
    Uncertainty about minimum viable product (MVP) and how to identify your MVP

    Modules:

    • Agile Foundations
    • Simulate Effective Scrum Practices
    How non-Agile teams (like architecture, info sec, operations, etc.) work with Agile teams

    Modules:

    • Agile Foundations
    • Work With Non-Agile Teams (Future)
    Project Governance/Gating processes that are unfriendly to Agile

    Modules:

    • Agile Foundations
    • Establish Agile-Friendly Gating (Future)
    Uncertainty about the role of a PM/PMO in Agile

    Modules:

    • Agile Foundations
    • Understand the role of PM/PMO in Agile Delivery (Future)
    Uncertainty about how to budget/plan Agile projects

    Modules:

    • Agile Foundations
    • Simulate Effective Scrum Practices
    • Understand Budgeting and Funding for Agile Delivery (Future)
    Creating an Agile friendly RFP/Contract (e.g. how to contract and work with an Agile vendor)

    Modules:

    • Agile Foundations
    • Work Effectively with Agile Vendors (Future)

    Note: Modules listed as (Future) are in development and may be available in draft format.

    Map challenges to supporting modules

    Agile Challenges

    Supporting Resources

    An Agile skills deficit (e.g. new-to-Agile teams who have difficulty "doing Agile right")

    Modules:

    • Agile Foundations
    General resistance in the organization to process changes required by Agile

    Modules:

    • Agile Foundations
    • Manage Organizational Change to Support Agile Delivery (Future)
    Lack of Agile training, piloting and coaching being offered by the organization

    Modules:

    • Agile Foundations
    Different Agile approaches are used by different teams, making it difficult to work together

    Modules:

    • Agile Foundations
    • Build Your Scrum Playbook (Future)
    Backlog management challenges (e.g. how to manage a backlog, and make effective use of Epics, Features, User Stories, Tasks and Bugs)

    Modules:

    • Agile Foundations
    • Manage Your Backlog Effectively
    Quality Assurance challenges (testing not being done well on Agile projects)

    Modules:

    • Agile Foundations
    • Establish Effect Quality Assurance for Agile Delivery (Future);
    • Use Test Automation Effectively (Future)
    Hierarchical management practices and organization boundaries make it difficult to be Agile

    Modules:

    • Agile Foundations
    • Manage Organizational Change to Support Agile Delivery (Future)

    Note: Modules listed as (Future) are in development and may be available in draft format.

    Map challenges to supporting modules

    Agile Challenges

    Supporting Resources

    Difficulty with establishing autonomous Agile teams (self managing, cross functional teams that are empowered by the organization to deliver)

    Modules:

    • Agile Foundations
    • Manage Organizational Change to Support Agile Delivery (Future)
    Lack of management support for Agile

    Modules:

    • Agile Foundations
    • Manage Organizational Change to Support Agile Delivery (Future)
    Poor understanding of Agile estimation techniques and how to apply them effectively

    Modules:

    • Agile Foundations
    • Estimation Module
    Difficulty creating effective product roadmaps in Agile

    Modules:

    • Agile Foundations
    • Product Roadmapping Tool
    How do we know when an Agile project is ready to go live

    Modules:

    • Agile Foundations
    • Decide When to Go Live (Future)
    Sprint goals are not being consistently met, or Sprint deliverables that are full of bugs

    Modules:

    • Agile Foundations
    • Establish Effect Quality Assurance for Agile Delivery (Future);
    • Use Test Automation Effectively (Future)

    Note: Modules listed as (Future) are in development and may be available in draft format.

    Map challenges to supporting blueprints

    Agile Challenges

    Supporting Resources

    Difficulty establishing an effective product owner (PO) or uncertainty about the PO role

    Blueprints: Build a Better Product Owner; Managing Requirements in an Agile Environment

    Uncertainty about minimum viable product (MVP) and how to identify your MVP

    Blueprints: Deliver on Your Digital Product Vision; Managing Requirements in an Agile Environment

    How non-Agile teams (like architecture, info sec, operations, etc.) work with Agile teams

    Blueprints: Create a Horizontally Optimized SDLC to Better Meet Business Demands, Extend Agile Practices Beyond IT, Implement DevOps Practices That Work; Build Your BizDevOps Playbook, Embed Security into the DevOps Pipeline

    Project Governance/Gating processes that are unfriendly to Agile

    Blueprints: Streamline Your Management Process to Drive Performance, Drive Business Value With a Right-Sized Project Gating Process

    Uncertainty about the role of a PM/PMO in Agile

    Blueprints: Define the Role of Project Management in Agile and Product-Centric Delivery, Create a Horizontally Optimized SDLC to Better Meet Business Demands

    Uncertainty about how to budget/plan Agile projects

    Blueprints: Identify and Reduce Agile Contract Risk

    Creating an Agile friendly RFP/Contract (e.g. how to contract and work with an Agile vendor)

    Blueprints: Identify and Reduce Agile Contract Risk

    Note: Modules listed as (Future) are in development and may be available in draft format.

    Map challenges to supporting blueprints

    Agile Challenges

    Supporting Resources

    An Agile skills deficit (e.g. new-to-Agile teams who have difficulty "doing Agile right")

    Blueprints: Perform an Agile Skills Assessment; Mentoring for Agile Teams

    General resistance in the organization to process changes required by Agile

    Blueprints: Master Organizational Change Management Practices

    Lack of Agile training, piloting and coaching being offered by the organization

    Blueprints: Perform an Agile Skills Assessment; Mentoring for Agile Teams

    Different Agile approaches are used by different teams, making it difficult to work together

    Blueprints: Create a Horizontally Optimized SDLC to Better Meet Business Demands, Extend Agile Practices Beyond IT

    Backlog management challenges (e.g. how to manage a backlog, and make effective use of epics, features, user stories, tasks and bugs)

    Blueprints: Deliver on Your Digital Product Vision, Managing Requirements in an Agile Environment

    Quality Assurance challenges (testing not being done well on Agile projects)

    Blueprints: Build a Software Quality Assurance Program, Automate Testing to Get More Done

    Hierarchical management practices and organization boundaries make it difficult to be Agile

    Blueprints: Master Organizational Change Management Practices

    Map challenges to supporting blueprints

    Agile Challenges

    Supporting Resources

    Difficulty with establishing autonomous Agile teams (self managing, cross functional teams that are empowered by the organization to deliver)

    Blueprints: Master Organizational Change Management Practices

    Lack of management support for Agile

    Blueprints: Master Organizational Change Management Practices

    Poor understanding of Agile estimation techniques and how to apply them effectively

    Blueprints: Estimate Software Delivery with Confidence, Managing Requirements in an Agile Environment

    Difficulty creating effective product roadmaps in Agile

    Blueprints: Deliver on Your Digital Product Vision

    How do we know when an Agile project is ready to go live

    Blueprints: Optimize Applications Release Management,Drive Business Value With a Right-Sized Project Gating Process, Managing Requirements in an Agile Environment

    Sprint goals are not being consistently met, or sprint deliverables that are full of bugs

    Blueprints: Build a Software Quality Assurance Program, Automate Testing to Get More Done, Managing Requirements in an Agile Environment

    Step 2.3

    Move stepwise to iterative Agile delivery (Optional)

    Activities

    2.3.1 (Optional) Identify a hypothetical project
    2.3.2 (Optional) Capture your traditional delivery approach
    2.3.3 (Optional) Consider what a two-phase delivery looks like
    2.3.4 (Optional) Consider what a four-phase delivery looks like
    2.3.5 (Optional) Consider what a four-phase delivery with monthly sprints looks like
    2.3.6 (Optional) Decide on your target state and the steps required to get there

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand the changes that must take place in your organization to support a more Agile delivery approach.

    Moving stepwise from traditional to Agile

    Your transition to Agile and more frequent releases doesn't need to be all at once. Organizations may find it easier to build toward smaller iterations.

    An image of the stepwise approach to adopting Agile.

    Exercise 2.3.1 (Optional) Identify a hypothetical project

    15-30 minutes

    1. As a group, consider some typical, large, mission-critical system deliveries your organization has done in the past (name a few as examples).
    2. Imagine a project like this has been assigned to your team, and the plan calls for delivering the system using your traditional delivery approach and taking two years to complete.
    3. Give this imaginary project a name (e.g. traditional project, our project).

    Name of your imaginary 2-year long project:

    e.g. Big Bang ERP

    Brief Project Description:

    e.g. Replace home-grown legacy ERP with a modern COTS product in a single release scheduled to be delivered in 24 months

    Record this in the Roadmap for Transition to Agile Template

    Info-Tech Best Practice

    For best results, complete these sub-exercises with representatives from as many functional areas as possible
    (e.g. stakeholders, project management, business analysis, development, testing, operations, architecture, infosec)

    Output

    • An imaginary delivery project that is expected to take 2 years to complete

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.2 (Optional) Capture your traditional delivery approach

    30 minutes

    1. As a group, discuss and capture the high-level steps followed (after project approval) in your traditional delivery approach using the table below and on the next page.

    Step

    Description

    Who is involved

    1
    • Gather detailed requirements (work with project stakeholders to capture all requirements of the system and produce a Detailed Requirements Document)

    PM, Business Analysts, Stakeholders, etc.

    2
    • Produce a Detailed Design Document (develop a design that will meet all requirements identified in the Detailed Requirements Document)
    • Produce a Detailed Test Plan for acceptance of the system
    • Produce a Detailed Project Plan for the system delivery
    • Perform threat and privacy assessment (using the detailed requirements and design documents, perform a Threat Risk Assessment and Privacy Impact Analysis)
    • Submit detailed design to Architecture Review Board
    • Provide Operations with full infrastructure requirements
    PM, Architects, InfoSec, ARB, Operations, etc.
    3
    • Develop software (follow the Detailed Design Document and develop a system which meets all requirements)
    • Perform Unit Testing on all modules of the system as they are developed
    PM, Developers, etc.
    4
    • Create Production Environment based on project specification
    • Perform Integration testing of all modules to ensure the system works as designed
    • Produce an Integration Test Report capturing the results of testing and any deficiencies
    PM, Testers, etc.
    5
    • Fix all Sev 1 and Sev 2 deficiencies found during Integration Testing
    • Perform regression testing
    • Perform User Acceptance Testing as per the Detailed Test Plan
    PM, Developers, Testers, Stakeholders, etc.
    6
    • Product Deployment Plan
    • Perform User and Operations Training
    • Produce updated Threat Risk Assessment and Privacy Impact Analysis
    • Seek CAB (Change Approval Board) approval to go live
    PM, Developers, Testers, Operations, InfoSec, CAB, etc.
    7
    • Close out and Lessons Learned
    • Verify value delivery
    PM, etc.

    Output

    • The high-level steps in your current (traditional) delivery approach and who is involved in each step

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.2 (Optional) Capture your traditional delivery approach

    Step

    Description

    Who is involved

    1
    • Gather detailed requirements (work with project stakeholders to capture all requirements of the system and produce a Detailed Requirements Document)

    PM, Business Analysts, Stakeholders, etc.

    2
    • Produce a Detailed Design Document (develop a design that will meet all requirements identified in the Detailed Requirements Document)
    • Produce a Detailed Test Plan for acceptance of the system
    • Produce a Detailed Project Plan for the system delivery
    • Perform threat and privacy assessment (using the detailed requirements and design documents, perform a Threat Risk Assessment and Privacy Impact Analysis)
    • Submit detailed design to Architecture Review Board
    • Provide Operations with full infrastructure requirements
    PM, Architects, InfoSec, ARB, Operations, etc.
    3
    • Develop software (follow the Detailed Design Document and develop a system which meets all requirements)
    • Perform Unit Testing on all modules of the system as they are developed
    PM, Developers, etc.
    4
    • Create Production Environment based on project specification
    • Perform Integration testing of all modules to ensure the system works as designed
    • Produce an Integration Test Report capturing the results of testing and any deficiencies
    PM, Testers, etc.
    5
    • Fix all Sev 1 and Sev 2 deficiencies found during Integration Testing
    • Perform regression testing
    • Perform User Acceptance Testing as per the Detailed Test Plan
    PM, Developers, Testers, Stakeholders, etc.
    6
    • Product Deployment Plan
    • Perform User and Operations Training
    • Produce updated Threat Risk Assessment and Privacy Impact Analysis
    • Seek CAB (Change Approval Board) approval to go live
    PM, Developers, Testers, Operations, InfoSec, CAB, etc.
    7
    • Close out and Lessons Learned
    • Verify value delivery
    PM, etc.

    Output

    • The high-level steps in your current (traditional) delivery approach and who is involved in each step

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.3 (Optional) Consider what a two-phase delivery looks like

    30 minutes

    1. As a group, imagine that project stakeholders tell you two years is too long to wait for the project, and they want to know if they can have something (even if it's not the whole thing) in production sooner.
    2. Now imagine that you are able to convince the stakeholders to work with you to do the following:
      1. Identify their most important project requirements.
      2. Work with you to describe a valuable subset of the project requirements which reflect about ½ of all features they need (call this Phase 1).
      3. Work with you to get this Phase 1 of the project into production in about 1 year.
      4. Agree to leave the remaining requirements (e.g. the less important ones) until Phase 2 (second year of project).
    3. As a group, identify:
      1. How hard this would be for your organization to do, on a scale of 1 to 10.
      2. Identify what changes are needed to make this happen (consider people, processes, and technology).
      3. Capture your results using the table on the following slide.

    Output

    • The high-level steps in your current (traditional) delivery approach and who is involved in each step

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.3 (Optional) Consider what a two-phase delivery looks like

    30 minutes

    1. What would be needed to let you deliver a two-year project in two one-year phases considering people, process, and technology?

    People

    Processes

    Technology

    • e.g. Stakeholders would need to make hard decisions about which features are more valuable/important than others (and stick to them)
    • e.g. Delivery team and stakeholders would need to work closely together to determine what is a feasible and valuable set of features which can go live in Phase 1
    • e.g. Operations will need to be prepared to support Phase 1 (earlier than before), and then support an updated system after Phase 2
    • e.g. No significant change to traditional processes other than delivering in two phases
    • e.g. Need to decide whether requirements for the full project need to be gathered up front, or do you just do Phase 1, and then Phase 2
    • e.g. No significant changes other than we need a production environment sooner, and infrastructure requirements for the full project may be different from what is needed just for Phase 1

    How difficult would this be to achieve in your organization? (1-easy, 10-next to impossible)

    e.g. 2

    Output

    • Understand how your organization would deliver a large project in two phases

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.4 (Optional) Consider what a four-phase delivery looks like

    30 minutes

    1. Now, imagine that project stakeholders tell you that even one year is still too long to wait for something of value in production, and they want to know if they can have something (even if it's not the whole thing) in production sooner.
    2. Now imagine that you are able to convince the stakeholders to work with you to do the following:
      1. From the "Phase 1" requirements in Exercise 2.3.3, they will identify the most important ones that they need first.
      2. They will work with you to describe a valuable subset of these project requirements which reflect about ½ of all features they need (call this Phase 1A).
      3. They will work with you to get this Phase 1A of the project into production in about six months.
      4. Agree to leave all the remaining requirements (e.g. the less important ones) until later phases.
    1. As a group, identify:
      1. How hard this would be for your organization to do, on a scale of 1 to 10?
      2. Identify what changes are needed to make this happen (consider people, processes, and technology).
      3. Capture your results using the table on the following slide.

    Output

    • Understand how your organization would deliver a large project in two phases

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.4 (Optional) Consider what a four-phase delivery looks like

    30 minutes

    1. What more would be needed to let you deliver a two-year project in four, six-month phases considering people, process, and technology?

    People

    Processes

    Technology

    • e.g. Stakeholders would need to make even harder (and faster) decisions about which features are most valuable/important than others.
    • e.g. Because we will be delivering releases so quickly, we'll ask the stakeholders to nominate a "primary contact" who can make decisions on requirements for each phase (also to answer questions from the project team, when needed, so they aren't slowed down).
    • e.g. Delivery team and the "primary contact" would work closely together to determine what is a feasible and valuable set of features to go live within Phase 1A, and then repeat this for the remaining Phases.
    • e.g. Operations will need to be prepared to support Phase 1A (even earlier than before), and then support the remaining phases. Ask them to dedicate someone as primary contact for this series of releases, and who provides guidance/support as needed.

    e.g. Heavy and time-consuming process steps (e.g. architecture reviews, data modelling, infosec approvals, change approval board) will need to be streamlined and made more "iteration-friendly."

    e.g. Gather detailed requirements only for Phase 1A, and leave the rest as high-level requirements to be more fully defined at the beginning of each subsequent phase.

    • e.g. We will need (at a minimum) a Production, and a Pre-production environment set up (and earlier in the project lifecycle) and solid regression testing at the end of each phase to ensure the latest Release doesn't break anything.
    • e.g. Since we will be going into production multiple times over this 2-year project, we should consider using automation (e.g. automated build, automated regression testing, and automated deployment).

    How difficult would this be to achieve in your organization? (1-easy, 10-next to impossible)

    e.g. 5

    Output

    • Understand how your organization would deliver a large project in two phases

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.5 (Optional) Consider what a four-phase delivery with monthly sprints looks like

    30 minutes

    1. Now, imagine that project stakeholders tell you that they are happy with the six-month release approach (e.g. expect to go live four times over the two-year project, with each release providing increased functionality), but they want to see your team's progress frequently between releases.
    2. Additionally, stakeholders tell you that instead of asking you to provide the traditional monthly project status reports, they want you to demonstrate whatever features you have built and work for the system on a monthly basis. This will be done in the form of a demonstration to a selected list of stakeholders each month.
    3. Each month, your team must show working, tested code (not prototypes or mockups, unless asked for) and demonstrate how this month's deliverable brings value to the business.
    4. Furthermore, the stakeholders would like to be able to test out the system each month, so they can play with it, test it, and provide feedback to your team about what they like and what they feel needs to change.
    5. To help you to achieve this, the stakeholders designate their primary contact as the "product owner" (PO) who will be dedicated to the project and will help your team to decide what is being delivered each month. The PO will be empowered by the stakeholders to make decisions on scope and priority on an expedited basis and will also answer questions on their behalf when your team needs guidance.
    6. You agree with the stakeholders these one-month deliverables will be called "sprints."

    Output

    • Understand how your organization would deliver a large project in two phases

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.5 (Optional) Consider what a four-phase delivery with monthly sprints looks like

    30 minutes

    1. What more would be needed to let you deliver a two-year project in 24 one-month sprints (plus four six-month releases) considering people, process, and technology?

    People

    Processes

    Technology

    • e.g. The team will need to work closely with the product owner (and/or stakeholders) on a continuous basis to understand requirements and their relative priority
    • e.g. Stakeholders will need to be available for demos and testing at the end of each sprint, and provide feedback to the team as quickly as possible
    • e.g. all functional siloes within IT (e.g. analysts, architects, infosec, developers, testers, operations) will need to work hand in hand on a continuous basis to deliver working tested code into a demo/test environment at the end of each sprint
    • e.g. there isn't enough time in each sprint to have team members working in siloes, instead, we will need to work together as a team to ensure that all aspects of the sprint (requirements, design, build, test, etc.) are worked on as needed (team is equally and collectively responsible for delivery of each sprint)
    • e.g. We can't deliver much in 1-month sprints if we work in siloes and are expected to do traditional documentation and handoffs (e.g. requirements document), so we will use a fluid project backlog instead of requirements documents, we will evolve our design iteratively over the course of the many sprints, and we will need to streamline the CAB process to allow for faster (more frequent) deployments
    • e.g. We will need to evolve the system's data model iteratively over the course of many sprints (rather than a one-and-done approach at the beginning of the project)
    • e.g. We will need to quickly decide the scope to be delivered in each sprint (focusing on highest value functionality first). Each sprint should have a well-defined "goal" that the team is trying to achieve
    • We will need any approval processes (e.g. architecture review, infosec review, CAB approval) to be streamlined and simplified in order to support more frequent and iterative deployment of the system
    • e.g. We will need to maximize our use of automation (build, test, and deploy) in order to maximize what we can deliver in each sprint (Note: the ROI on automation is much higher when we deliver in sprints than in a one-and-done delivery because we are iterating repeatedly over the course of the project
    • e.g. We will need to quickly stand-up environments (dev, test, prod, etc.) and to make changes/enhancements to these environments quickly (it makes sense to leverage infrastructure as a service [IaaS] techniques here)
    • e.g. We will need to automate our security related testing (e.g. static and dynamic security testing, penetration testing, etc.) so that it can be run repeatedly before each release moves into production. We may need to evolve this automated testing with each sprint depending on what new features/functions are being delivered in each release

    How difficult would this be to achieve in your organization? (1-easy, 10-next to impossible)

    e.g. 8

    Output

    • Understand how your organization would deliver a large project in two phases

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.6 (Optional) Define the steps to reach your target state

    30 minutes

    1. From Exercises 2.3.1-2.3.5, identify your current state on the stepwise transition from traditional to Agile (e.g. one-and-done).
    2. Then, identify your desired future state (e.g. 24 one-month sprints with six-month releases).
    3. Now, review your people, process, and technology changes identified in Exercises 2.3.1-2.3.5 and create a roadmap for this transition using the table on the next slide.

    Identify your current state from Exercises 2.3.1-2.3.5

    e.g. One-and-done

    Identify your desired state from Exercises 2.3.1-2.3.5

    e.g. 24x1 Month Sprints

    Output

    • A roadmap and timeline for adopting a more Agile delivery approach

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.3.6 (Optional) Define the steps to reach your target state

    30 minutes

    1. Fill in the table below with your next steps. Identify who will be responsible for each step along with the timeline for completion: "Now" refers to steps you will take in the immediate future (e.g. days to weeks), "Next" refers to steps you will take in the medium term (e.g. weeks to months), and "Later" refers to long-term items (e.g. months to years).

    Now

    Next Later

    What are you going to do now?

    What are you going to do very soon?

    What are you going to do in the future?

    Roadmap Item

    Who

    Date

    Roadmap Item

    Who

    Date

    Roadmap Item

    Who

    Date

    Work with Stakeholders to identify a product owner for the project.

    AC

    Jan 1

    Break down full deliverable into 4 phases with high level requirements for each phase

    DL

    Feb 15

    Work with operations to set up Dev, Test, Pre-Prod, and Prod environments for first phase (make use of automation/scripting)

    DL

    Apr 15

    Work with PO and stakeholders to help them understand Agile approach

    Jan 15

    Work with PO to create a project backlog for the first phase deliverable

    JK

    Feb 28

    Work with QA group to select and implement test automation for the project (start with smoke and regression tests)

    AC

    Apr 30

    Work with project gating body, architecture, infosec and operations to agree on incremental deliveries for the project and streamlined activities to get there

    AC

    Mar 15

    Record the results in the Roadmap for Transition to Agile Template

    Output

    • A roadmap and timeline for adopting a more Agile delivery approach

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Step 2.4

    Identify insights and team feedback

    Activities

    2.4.1 Identify key insights and takeaways
    2.4.2 Perform an exit survey

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your key insights and takeaways from Phase 2

    Exercise 2.4.1 Identify key insights and takeaways

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the intro to Agile presentation?
      2. What if any takeaways do participants feel are needed as a result of the presentation?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:
    What key insights have you gained? What takeaways have you identified?
    • (e.g. better understanding of Agile mindset, principles, and practices)
    • (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Exercise 2.4.2 Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Agile Modules

    Prioritize Agile support with your top challenges

    Backlog Management

    Scrum Simulation

    Estimation

    Product Owner

    Product Roadmapping

    1: User stories and the art of decomposition

    2: Effective backlog management & refinement

    3: Identify insights and team feedback

    1: Scrum sprint planning and retrospective simulation

    2: Pass the balls – sprint velocity game

    1: Improve product backlog item estimation

    2: Agile estimation fundamentals

    3: Understand the wisdom of crowds

    4: Identify insights and team feedback

    1: Understand product management fundamentals

    2: The critical role of the product owner

    3: Manage effective product backlogs and roadmaps

    4: Identify insights and team feedback

    1: Identify your product roadmapping pains

    2: The six "tools" of product roadmapping

    3: Product roadmapping exercise

    Organizations often struggle with numerous pain points around Agile delivery.
    The Common Agile Challenges Survey results will help you identify and prioritize the organization's biggest (most cited) pain points. Treat these pain points like a backlog and address the biggest ones first.

    Agile modules provide supporting activities:
    Each module provides guidance and supporting activities related to a specific Agile challenge from your survey. These modules can be arranged to meet each organization's or team's needs while providing cohesive and consistent messaging. For additional supporting research, please visit the Agile / DevOps Resource Center.
    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Backlog Management Module

    Manage your backlog effectively

    Activities

    Backlog 1.1 Identify your backlog and user story decomposition pains
    Backlog 1.2 What are user stories and why do we use them?
    Backlog 1.3 User story decomposition: password reset
    Backlog 1.4 (Optional) Decompose a real epic

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of backlog management and user story decomposition.

    Backlog Exercise 1.1 Identify your backlog and user story decomposition pains

    30-60 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What specific challenges you are facing with backlog management
      2. What specific challenges you are facing with user story decomposition
    1. Capture your findings in the table below:

    What are your specific backlog management and user story decomposition challenges?

    • (e.g. We have trouble telling the difference between epics, features, user stories, and tasks)
    • (e.g. We often don't finish all user stories in a sprint because some of them turn out to be too big to complete in one sprint)

    Output

    • Your specific backlog management and user story decomposition challenges

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    User stories and the art of decomposition

    User stories are core to Agile delivery.

    Good user story decomposition practices are key to doing Agile effectively.

    Agile doesn't use traditional "shoulds" and "shalls" to capture requirements

    Backlog Exercise 1.2 What are user stories and why do we use them?

    30-60 minutes

    1. User stories are a simple way of capturing requirements in Agile and have the form:

    Why do we capture requirements as user stories (what value do they provide)?

    How do they differ from traditional (should/shall) requirements (and are they better)?

    What else stands out to you about user stories?

    as a someone I want something so that achieve something.

    Example:
    As a banking customer, I want to see the current balance of my accounts so that I can know how much money I have in each account.

    Output

    • A better understanding of user stories and why they are used in Agile delivery

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    User stories are "placeholders for conversations"

    User stories enable collaboration and conversations to fully determine actual business requirements over time.

    e.g. As a banking customer, I want to see the current balance of my accounts so that I can know how much money I have in each account.

    Requirements, determined within the iterations, outline the steps to complete the story: how the user will access their account, the types of funds allowed, etc.

    User stories allow the product owners to prioritize and manage the product needs (think of them as "virtual sticky notes").

    User stories come in different "sizes"

    These items form a four-level hierarchy: epics, features, user stories, and tasks.
    They are collectively referred to as product backlog items or (PBIs)

    A table with the following headings: Agile; Waterfall; Relationship; Definition

    The process of taking large PBIs (e.g. epics and features) and breaking them down in to small PBIs (e.g. user stories and tasks) is called user story decomposition and is often challenging for new-to-Agile teams

    Backlog Exercise 1.3 User story decomposition: password reset

    30-60 minutes

    1. As a group, consider the following feature, which describes a high-level requirement from a hypothetical system:
      • FEATURE: As a customer, I want to be able to set and reset my password, so that I can transact with the system securely.
    2. Imagine your delivery team tells you that this is user story is too large to complete in one sprint, so they have asked you to decompose it into smaller pieces. Work together to break this feature down into several smaller user stories:
    User Story 1: User Story 2: User Story 3:
    As A I Want So That. As A I Want So That. As A I Want So That.

    Output

    • An epic which has been decomposed into smaller user stories which can be completed independently

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Backlog Exercise 1.3 User story decomposition: password reset

    Epic: As a customer, I want to be able to set and reset my password, so that I can transact securely.

    A single epic can be broken down into multiple user stories

    User Story 1: User Story 2: User Story 3: User Story 4:
    This is a picture of user story 1 This is a picture of user story 2 This is a picture of user story 3 This is a picture of user story 4

    Acceptance Criteria:
    Given that the customer has a password that they want to change,
    When the administrator clicks reset password on the admin console,
    Then the system will change the password and send it to the user.

    Acceptance Criteria:
    Given that the customer has a password that they want to change,
    When they click reset password in the system,
    Then the system will allow them to choose a new password and will save it the password and send it to the user.

    Acceptance Criteria:
    Given that the customer has not logged onto the system before,
    When they initially log in,
    Then the system will prompt them to change their password.

    Acceptance Criteria:
    Given that a password is stored in the database,
    When anyone looks at the password field in the database,
    Then the actual password will not be visible or easily decrypted.

    Are enablers included in your backlogs? Should they be?

    An enabler is any support activity needed to provide the means for future functionality. Enablers build out the technical foundations (e.g. architecture) of the product and uphold technical quality standards.

    Your audience will dictate the level of detail and granularity you should include in your enabler, but it is a good rule of thumb to stick to the feature level.

    Enablers

    Description

    Enabler Epics

    Non-functional and other technical requirements that support your features (e.g. data and system requirements)

    Enabler Capabilities of Features

    Enabler Stories

    Consider the various types of enabler

    Exploration

    Architectural

    Any efforts toward learning customer or user needs and creation of solutions and alternatives. Exploration enablers are heavily linked to learning milestones.

    Any efforts toward building components of your architecture. These will often be linked to delivery teams other than your pure development team.

    Infrastructure

    Compliance

    Any efforts toward building various development and testing environments. Again, these are artifacts that will relate to other delivery teams.

    Any efforts toward regulatory and compliance requirements in your development activities. These can be both internal and external.

    Source: Scaled Agile, "Enablers."

    Create, split, and bundle your PBIs

    The following questions can be helpful in dissecting an epic down to the user story level. The same line of thinking can also be useful for bundling multiple small PBIs together.

    An image showing how to Create, split, and bundle your PBIs

    Backlog Exercise 1.4 (Optional)
    Decompose a real epic

    30 minutes

    1. As a group, select a real epic or feature from one of your project backlogs which needs to be decomposed:
    2. Work together to decompose this epic down into several smaller features and/or user stories (user stories must be small enough to reasonably be completed within a sprint):

    Epic to be decomposed:

    As a ____ I want _____ so that ______

    User Story 1: User Story 2: User Story 3:
    As A I Want So That. As A I Want So That. As A I Want So That.

    Output

    • A real epic from your project backlog which has been decomposed into smaller features and user stories

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Backlog Management Module

    Manage your backlog effectively

    Activities

    Backlog 2.1 Identify enablers and blockers

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Backlog PBI filters.
    • A better understanding of backlog types and levels.

    Effective backlog management and refinement

    Working with a tiered backlog

    an image showing the backlog tiers: New Idea; Ideas; Qualified; Ready - sprint.

    Use a tiered approach to managing your backlog, and always work on the highest priority items first.

    Distinguish your specific goals for refining in the product backlog vs. planning for a sprint itself

    Often backlog refinement is used interchangeably or considered a part of sprint planning. The reality is they are very similar, as the required participants and objectives are the same however, there are some key differences.

    An image of a Venn diagram comparing Backlog Refinement to sprint Planning.

    A better way to view them is "pre-planning" and "planning."

    A backlog stores and organizes PBIs at various stages of readiness

    A well-formed backlog can be thought of as a DEEP backlog:

    • Detailed Appropriately: Product backlog items (PBIs) are broken down and refined as necessary.
    • Emergent: The backlog grows and evolves over time as PBIs are added and removed.
    • Estimated: The effort a PBI requires is estimated at each tier.
    • Prioritized: The PBIs value and priority are determined at each tier.

    (Perforce, 2018)

    An image showing the Ideas; Qualified; Ready; funnel leading to the sprint approach.

    Backlog tiers facilitate product planning steps

    An image of the product planning steps facilitated by Backlog Tiers

    Each activity is a variation of measuring value and estimating effort to validate and prioritize a PBI.

    A PBI meets our definition of done and passes through to the next backlog tier when it meets the appropriate criteria. Quality filters should exist between each tier.

    Backlog Exercise 2.1 Build a starting checklist of quality filters

    60 minutes

    1. Quality filters provide a checklist to ensure each Product Backlog Item (PBI) meets our definition of Done and is ready to move to the next backlog group (status).
    2. Create a checklist of basic descriptors that must be completed between each backlog level.
    3. If you completed this exercise in a different Module, review and update it here.
    4. Use this information to start your product strategy playbook in Deliver on Your Digital Product Vision.

    An image of the backlog tiers, identifying where product backlog and sprint backlog are

    Output

    • List of enablers and blockers to establishing product owners

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Outline the criteria to proceed to the next tier via quality filters

    Expand the concepts of defining "ready" and "done" to include the other stages of a PBIs journey through product planning.

    An image showing the approach you will use to Outline the criteria to proceed to the next tier via quality filters

    Info-Tech Insight: A quality filter ensures quality is met and teams are armed with the right information to work more efficiently and improve throughput.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver. Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    Facilitator slides: Explaining MVP

    Notes and Instructions

    The primary intent of this exercise is to explain the complex notion of MVP (it is one of the most misunderstood and contentious issues in Agile delivery). The exercise is intended to explain it in a simple and digestible way that will fundamentally change participants' understanding of MVP.

    Note that the slide contains animations.

    Imagine that your stakeholder tells you they want a blue 4-door sedan (consider this our "MVP" at this point), and you decide to build it the traditional way. As you build it (tires, then frame, then body, then joint body with frame and install engine), the stakeholder doesn't have anything they can use, and so they are only happy (and able to get value) at the end when the entire car is finished (point out the stakeholder "faces" go from unhappy to happy in the end).
    Animation 1:
    When we use Agile methods, we don't want to wait until the end before we have something the stakeholders can use. So instead of waiting until the entire car is completed, we decide our first iteration will be to give the stakeholder "a simple (blue) wheeled transportation device"…namely a skateboard that they can use for a little while (it's not a car, but it is something the stakeholder can use to get places).
    Animation 2:
    After the stakeholder has tried out the skateboard, we ask for feedback. They tell us the skateboard helped them to get around faster than walking, but they don't like the fact that it is so hard to maintain your balance on it. So, we add a handle to the skateboard to turn it into a scooter. The stakeholder then uses the scooter for a while. Stakeholder feedback says staying balanced on the scooter is much easier, but they don't have a place to put groceries when they go shopping, so can we do something about that?
    (Continued on next slide…)

    Facilitator slides: Explaining MVP

    Notes and Instructions
    Animation 3:
    Next, we build the stakeholder a bicycle and let them use it for a while before asking for feedback. The stakeholder tells us they love the bicycle, but they admit they get tired on long trips, so is there something we can do about that?
    Animation 4:
    So next we add a motor to the bicycle to turn it into a motorcycle, and again we give it to the stakeholder to use for a while. When we ask the stakeholder for feedback, they tell us that they love the motorcycle so much because they love the feeling of the wind in their hair, they've decided that they no longer want a 4-door sedan, but instead would prefer a blue 2-door convertible.
    Animation 5:
    And so, for our last iteration, we build the stakeholder what they actually wanted (a blue 2-door convertible) instead of what they asked for (a blue 4-door sedan), and we see that they are happier than they would have been if we had delivered the traditional way.

    INSIGHTS:

    • An MVP cannot be fully known at the beginning of a project (it is the "journey" of creating the MVP with stakeholders that defines what it looks like in the end).
    • Sometimes, stakeholders don't (or can't) know what they want until they see it.
    • There is no "straight path" to your MVP, you determine the path forward based on what you learned in the previous iterations.
    • This approach is part of the "power of Agile" and demonstrates why Agile can produce better outcomes and happier stakeholders.

    Understanding minimum viable product

    NOT Like This:

    This is a series of images. The top half of the image, shows building a car by starting with the wheels. The bottom Image shows the progression from skateboard, to scooter, to bike, to motorcycle, to car.

    It's Like This:

    Use iterations to maximize value delivery

    An image showing how to use iterations to maximize value delivery.

    Use iterations to reduce accumulated risk

    An image showing how to use iterations to reduce accumulated risk.

    Understanding MVP
    (always be ready to go live)

    A great and wise pharaoh hires two architects to build his memorial pyramids.

    An image shows two architects contribution to pyramid construction.

    Understanding MVP
    (always be ready to go live)

    Several years go by, and then…

    The pharaoh is on his death bed.

    Backlog Management Module

    Manage your backlog effectively

    Activities

    Backlog 3.1 Identify key insights and takeaways
    Backlog 3.2 Perform exit survey and capture results

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your key insights and takeaways.

    Backlog Exercise 3.1 Identify key insights and takeaways

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the Intro to Agile presentation?
      2. What if any takeaways do participants feel are needed as a result of the presentation?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:

    What key insights have you gained?

    What takeaways have you identified?

    • (e.g. better understanding of Agile mindset, principles, and practices)
    • (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Backlog Exercise 3.2 Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Agile Modules

    Prioritize Agile support with your top challenges

    Backlog Management

    Scrum Simulation

    Estimation

    Product Owner

    Product Roadmapping

    1: User stories and the art of decomposition

    2: Effective backlog management & refinement

    3: Identify insights and team feedback

    1: Scrum sprint planning and retrospective simulation

    2: Pass the balls – sprint velocity game

    1: Improve product backlog item estimation

    2: Agile estimation fundamentals

    3: Understand the wisdom of crowds

    4: Identify insights and team feedback

    1: Understand product management fundamentals

    2: The critical role of the product owner

    3: Manage effective product backlogs and roadmaps

    4: Identify insights and team feedback

    1: Identify your product roadmapping pains

    2: The six "tools" of product roadmapping

    3: Product roadmapping exercise

    Organizations often struggle with numerous pain points around Agile delivery.
    The Common Agile Challenges Survey results will help you identify and prioritize the organization's biggest (most cited) pain points. Treat these pain points like a backlog and address the biggest ones first.

    Agile modules provide supporting activities:
    Each module provides guidance and supporting activities related to a specific Agile challenge from your survey. These modules can be arranged to meet each organization's or team's needs while providing cohesive and consistent messaging. For additional supporting research, please visit the Agile / DevOps Resource Center.
    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Scrum Simulation Module

    Scrum sprint planning and retrospective simulation

    Activities

    1.1 Identify your scrum pains
    1.2 Review scrum simulation intro
    1.3 Create a mock backlog
    1.4 Review sprint 0
    1.5 Determine a budget and timeline
    1.6 Understand minimum viable product
    1.7 Plan your first sprint
    1.8 Do a sprint retrospective
    1.9 "What if" exercise (understanding what a fluid backlog really means)
    1.10 A sprint 1 example
    1.11 Simulate more sprints

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of Scrum (particularly backlog management and user story decomposition).

    Facilitator slides: Scrum Simulation Introduction

    Introduction Tab

    Talk to the nature of the Scrum team:

    • Collective ownership/responsibility for delivery.
    • The organization has given you great power. With great power comes great responsibility.
    • You may each be specialists in some way, but you need to be prepared to do anything the project requires (no one goes home until everyone can go home).
    • Product owner: Special role, empowered by the organization to act as a single, authoritative voice for stakeholders (again great power/responsibility), determines requirements and priorities, three ears (business/stakeholders/team), holds the vision for the project, answer questions from the team (or finds someone who can answer questions), must balance autonomy with stakeholder needs, is first among equals on the Scrum team, is laser-focused on getting the best possible outcome with the resources, money, and circumstances ← PO acts as the "pathfinder" for the project.
    • Talk about the criticality and qualities of the PO: well-respected, highly collaborative, wise decision maker, a "get it done" type (healthy bias toward immediacy), has a vision for product, understands stakeholders, can get stakeholders' attention when needed, is dedicated full-time to the project, can access help when needed, etc.
    • The rest of you are the delivery team (have avoided singling out an SM for this – not needed for the exercise – but SM is the servant leader/orchestra conductor for the delivery team. The facilitator should act as a pseudo-SM for this exercise).

    Speak about the "bank realizes that the precise scope of the first release can only be fully known at the end of the project" statement and what it means.

    Discuss exercise and everyone's roles (make sure everyone clear), make it as realistic as possible. Your level of participation will determine how much value you get.

    Discuss any questions the participants might have about the background section on the introduction tab. The exercise has been defined in a way that minimizes the scope and complexity of the work to be done by assuming there are existing web-capable services exposed to the bank's legacy system(s) and that the project is mostly about putting a deployable web front end in place.

    Speak about "definition of done": Why was it defined this way? What are the boundaries? What happens if we define it to be only up to unit testing?

    Facilitator slides: Scrum Simulation, Create a Mock Backlog

    Create a Mock Backlog Tab

    This exercise is intended to help participants understand the steps involved in creating an initial backlog and deciding on their MVP.

    Note: The output from this exercise will not be used in the remainder of the simulation (a backlog for the simulation already exists on tab Sprint 0) so don't overdo it on this exercise. Do enough to help the participants understand the basic steps involved (brainstorm features and functions for the app, group them into epics, and decide which will be in- and out-of-scope for MVP). Examples have been provided for all steps of this exercise and are shown in grey to indicate they should be replaced by the participants.

    Step 1: Have all participants brainstorm "features and functions" that they think should be available in the online banking app (stop once you have what feels like a "good enough" list to move on to the next step) – these do not need to be captured as user stories just yet.

    Step 2: Review the list of features and functions with participants and decide on several epics to capture groups of related features and functions (bill payments, etc.). Think of these as forming the high-level structure of your requirements. Now, organize all the features and functions from Step 1, into their appropriate epic (you can identify as many epics as you like, but try to keep them to a minimum).

    Step 3: Point out that on the Introduction tab, you were told the bank wants the first release to go live as soon as possible. So have participants go over the list of features and functions and identify those that they feel are most important (and should therefore go into the first release – that is, the MVP), and which they would leave for future releases. Help participants think critically and in a structured way about how to make these very hard decisions. Point out that the product owner is the ultimate decision maker here, but that the entire team should have input into the decision. Point out that all the features and functions that make up the MVP will be referred to as the "project backlog," and all the rest will be known as the "product backlog" (these are of course, just logical separations, there is only one physical backlog).

    Step 4: This step is optional and involves asking the participants to create user stories (e.g. "As a __, I want ___ so that ___") for all the epics and features and functions that make up their chosen MVP. This step is to get them used to creating user stories, because they will need to get used to doing this. Note that many who are new to Agile often have difficulty writing user stories and end up overdoing it (e.g. providing a long-winded list of things in the "I want ___" part of the user story for an epic) or struggling to come up with something for the "so that ____" part). Help them to get good at quickly capturing the gist of what should be in the user story (the details come later).

    Facilitator slides: Scrum Simulation, Budget and Timeline

    Project Budget and Timeline

    Total Number of Sprints = 305/20 = 15.25 → ROUND UP TO 16 (Why? You can't do a "partial sprint" – plus, give yourself a little breathing room.)

    Cost Per Sprint = 6 x $75 x 8 x 10 = $36,000

    Total Timeline = 16 * 2 = 32 Weeks

    Total Cost of First Release = $36,000 x 16 = $572,000

    Talk about the "commitment" a Scrum delivery team makes to the organization ("We can't tell you exactly what we will deliver, but based on what we know, if you give the team 32 weeks, we will deliver something like what is in the project backlog – subject to any changes our stakeholder tell us are needed"). Most importantly, the team commits to doing the most important backlog items first, so if we run out of time, the unfinished work will be the least valuable user stories. Lastly, to keep to the schedule/timeline, items may move in and out of the project backlog – this is part of the normal and important "horse trading" that takes place on health Agile projects.

    Speak to the fact that this approach allows you to provide a "deterministic" answer about how long a project will take and how much it will cost while keeping the project requirements flexible.

    Facilitator slides: Scrum Simulation, Sprint 0

    Sprint 0 Tab

    This is an unprioritized list, organized to make sense, and includes a user story (plus some stuff), and "good enough estimates" – How good?... Eh! (shoulder shrug)
    Point out the limited ("lazy") investment → Agile principle: simplicity, the art of maximizing the work not done.
    Point out that only way to really understand a requirement is to see a working example (requirements often change once the stakeholders see a working example – the "that's not what I meant" factor).

    Estimates are a balancing act (good enough that we understand the overall approximate size of this, and still acknowledges that more details will have to wait until we decide to put that requirement into a Sprint – remember, no one knows how long this project is going to take (or even what the final deliverable will look like) so don't over invest in estimates here.)

    Sprint velocity calculation is just a best guess → be prepared to find that your initial guess was off (but you will know this early rather than at the end of the project). This should lead to a healthy discussion about why the discrepancy is happening (sprint retrospectives can help here). Note: Sprint velocity doesn't assume working evenings and weekends!

    Speak to the importance of Sprint velocity being based on a "sustainable pace" by the delivery team. Calculations that implicitly expect sustained overtime in order to meet the delivery date must be avoided. Part of the power of Agile comes from this critical insight. Critical → Your project's execution will need to be adjusted to accommodate the actual sprint velocity of the team!

    Point out the "project backlog" and separation from the "product backlog" (and no sprint backlog yet!).

    Point out the function/benefits of the backlog:

    • A single holding place for all the work that needs to be done (so you don't forget/ignore anything).
    • Can calculate how much work is left to do.
    • A mechanism for prioritizing deliverables.
    • A list of placeholders for further discussion.
    • An evolving list that will grow and shrink over time.
    • A "living document" that must be maintained over the course of the project.

    Talk about large items in backlog (>20 pts) and how to deal with them (do we need to break them up now?).

    Give participants time to review the backlog: Questions/What would you be doing if this were real/We're going to collectively work through this backlog.
    Sprint 0 is your opportunity to: get organized as a team, do high level design, strategize on approach, think about test data, environments, etc. – it is the "Ready-Set" in "Ready-Set-Go."
    Think about doing a High/Med/Low value determination for each user story.

    Simulation Exercise 1.1 Identify your Scrum pains

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      • What specific challenges are you facing with your Scrum practices?
    2. Capture your findings in the table below:

    What are your specific Scrum challenges?

    • (e.g. We don't know how to decide on our minimum viable product (MVP), or what to start working on first)
    • (e.g. We don't have a product owner assigned to the project)
    • (e.g. Our daily standups often take 30-60 minutes to complete)
    • (e.g. We heard Scrum was supposed to reduce the number of meetings we have, but instead, meetings have increased)
    • (e.g. We don't know how to determine the budget for an Agile project)

    Output

    • Your specific Scrum related challenges

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.2 Review Scrum Simulation intro

    30 minutes

    1. Ask participants to read the Introduction tab in the Scrum Simulation Exercise(5 minutes)
    2. Discuss and answer any questions the participants may have about the introduction (5 minutes)
    3. Discuss the approach your org would use to deliver this using their traditional approach (5 minutes)

    This is an image of the Introduction tab in the Scrum Simulation Exercise

    How would your organization deliver this using their traditional approach?

    1. Capture all requirements in a document and get signoff from stakeholders
    2. Create a detailed design for the entire system
    3. Build and test the system
    4. Deploy it into production

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Simulation Exercise 1.3 Create a mock backlog

    30-60 minutes

    Step 1: Brainstorm "Features and Functions" that the group feels would be needed for this app

    Capture anything that you feel might be needed in the Online Banking Application:

    • See account balances
    • Pay a bill online
    • Set up payees for online bill payments
    • Make a deposit online
    • See a history of account transactions
    • Logon and logoff
    • Make an e-transfer
    • Schedule a bill payment for the future
    • Search for a transaction by payee/date/amount/etc.
    • Register for app
    • Reset password

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Create a mock initial backlog for the simulated project

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.3 Create a mock backlog

    30-60 minutes

    Step 2: Identify your epics

    1. Categorize your "Features and Functions" list into several epics for the application:

    Epics

    "Features and Functions" in This Epic

    Administration

    - Logon and logoff
    - Register for app
    - Reset password

    Accounts

    - See account balances
    - See a history of account transactions
    - Search for a transaction by payee/date/amount

    Bill payments

    - Set up payees for online bill payments
    - Pay a bill online
    - Schedule a bill payment for the future

    Deposits

    - Make a deposit online

    E-transfers

    - Make an e-transfer

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Create a mock initial backlog for the simulated project

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.3 Create a mock backlog

    30-60 minutes

    Step 3: Identify your MVP

    1. Decide which "Features and Functions" will be in your MVP and which will be delivered in future releases:

    YOUR MVP (Project Backlog)

    Epics

    "Features and Functions" in This Epic

    Administration

    - Logon and logoff
    - Register for app

    Accounts

    - See account balances
    - See a history of account transactions

    Bill payments

    - Set up payees for online bill payments
    - Pay a bill online

    FOR FUTURE RELEASES (Product Backlog)

    Epics

    In Scope

    Deposits- Make a deposit online
    Accounts- Search for a transaction by payee/date/amount/etc.
    Bill payments- Schedule a bill payment for the future

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Create a mock initial backlog for the simulated project

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.3 Create a mock backlog

    30-60 minutes

    Step 3: Identify your MVP

    1. Decide which "Features and Functions" will be in your MVP and which will be delivered in future releases:

    YOUR MVP EPICS

    Epics

    "Features and Functions" in This Epic

    Administration

    - Logon and logoff
    - Register for app

    Accounts

    - See account balances
    - See a history of account transactions

    Bill payments

    - Set up payees for online bill payments
    - Pay a bill online

    YOUR MVP USER STORIES

    Epics

    In Scope

    Logon and LogoffAs a user, I want to logon/logoff the app so I can do my banking securely
    Register for AppAs a user, I want to register to use the app so I can bank online
    See Account BalancesAs a user, I want to see my account balances so that I know my current financial status
    See a History of Account TransactionsAs a user, I want to see a history of my account transactions, so I am aware of where my money goes
    Set up Payees for Online Bill PaymentsAs a user, I want to set up payees so that I can easily pay my bills
    Pay a Bill OnlineAs a user, I want to pay bills online, so they get paid on time

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Create a mock initial backlog for the simulated project

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.4 Review
    Sprint 0

    The Online Banking Application of the spreadsheet for Sprint 0.

    Step 1: Set aside the Mock Backlog just created (you will be using the Backlog on Sprint 0 for remainder of exercise).
    Step 2: Introduce and walk through the Backlog on the Sprint 0 tab in the Scrum Simulation Exercise.
    Step 3: Discuss and answer any questions the participants may have about the Sprint 0 tab.
    Step 4: Capture any important issues or clarifications from this discussion in the table below.

    Important issues or clarifications from the Sprint 0 tab:

    • (e.g. What is the difference between the project backlog and the product backlog?)
    • (e.g. What do we do with user stories that are bigger than our sprint velocity?)
    • (e.g. Has the project backlog been prioritized?)
    • (e.g. How do we decide what to work on first?)

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Understand Sprint 0 for Scrum Simulation Exercise

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.4 Review
    Sprint 0

    30-60 minutes

    1. Using the information found on the Sprint 0 tab, determine the projected timeline and cost for this project's first release:

    GIVEN

    Total Story Points in Project Backlog (First Release): 307 Story Points
    Expected Sprint Velocity: 20 Story Points/Sprint
    Total Team Size (PO, SM and 4-person Delivery Team): 6 People
    Blended Hourly Rate Per Team Member (assume 8hr day): $75/Hour
    Sprint Duration: 2 Weeks

    DETERMINE

    Expected Number of Sprints to Complete Project Backlog:
    Cost Per Sprint ($):
    Total Expected Timeline (weeks):
    Total Cost of First Release:

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • How to determine expected cost and timeline for an Agile project

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    The Estimation Cone of Uncertainty

    The Estimation Cone of Uncertainty

    Simulation Exercise 1.6 Understanding minimum viable products (MVP)

    30 minutes

    1. Discuss your current understanding of MVP.

    How do you describe/define MVP?

    • (Discuss/capture your understanding of minimum viable product)

    Note: Refer to the facilitator slides for more guidance on how to deliver this exercise

    Output

    • Capture your current understanding of Minimum Viable Product

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Facilitator slides: Explaining MVP

    Notes and Instructions

    The primary intent of this exercise is to explain the complex notion of MVP (it is one of the most misunderstood and contentious issues in Agile delivery). The exercise is intended to explain it in a simple and digestible way that will fundamentally change participants' understanding of MVP.
    Note that the slide contains animations.

    Imagine that your stakeholder tells you they want a blue 4-door sedan (consider this our "MVP" at this point), and you decide to build it the traditional way. As you build it (tires, then frame, then body, then joint body with frame and install engine), the stakeholder doesn't have anything they can use, and so they are only happy (and able to get value) at the end when the entire car is finished (point out the stakeholder "faces" go from unhappy to happy in the end).

    Animation 1:
    When we use Agile methods, we don't want to wait until the end before we have something the stakeholders can use. So instead of waiting until the entire car is completed, we decide our first iteration will be to give the stakeholder "a simple (blue) wheeled transportation device"…namely a skateboard that they can use for a little while (it's not a car, but it is something the stakeholder can use to get places).

    Animation 2:
    After the stakeholder has tried out the skateboard, we ask for feedback. They tell us the skateboard helped them to get around faster than walking, but they don't like the fact that it is so hard to maintain your balance on it. So, we add a handle to the skateboard to turn it into a scooter. The stakeholder then uses the scooter for a while. stakeholder feedback says staying balanced on the scooter is much easier, but they don't have a place to put groceries when they go shopping, so can we do something about that?

    (Continued on next slide…)

    Facilitator slides: Explaining MVP

    Notes and Instructions

    Animation 3:
    So next we build the stakeholder a bicycle and let them use it for a while before asking for feedback. The stakeholder tells us they love the bicycle, but they admit they get tired on long trips, so is there something we can do about that?

    Animation 4:
    So next we add a motor to the bicycle to turn it into a motorcycle, and again we give it to the stakeholder to use for a while. When we ask the stakeholder for feedback, they tell us that they LOVE the motorcycle so much, and that because they love the feeling of the wind in their hair, they've decided that they no longer want a 4-door sedan, but instead would prefer a blue 2-door convertible.

    Animation 5:
    And so, for our last iteration, we build the stakeholder what they wanted (a blue 2-door convertible) instead of what they asked for (a blue 4-door sedan), and we see that they are happier than they would have been if we had delivered the traditional way.

    INSIGHTS:
    An MVP cannot be fully known at the beginning of a project (it is the "journey" of creating the MVP with stakeholders that defines what it looks like in the end).
    Sometimes, stakeholders don't (or can't) know what they want until they see it.
    There is no "straight path" to your MVP, you determine the path forward based on what you learned in the previous iterations.
    This approach is part of the "power of Agile" and demonstrates why Agile can produce better outcomes and happier stakeholders.

    Understanding minimum viable product

    NOT Like This:

    This is a series of images. The top half of the image, shows building a car by starting with the wheels. The bottom Image shows the progression from skateboard, to scooter, to bike, to motorcycle, to car.

    It's Like This:

    Use iterations to maximize value delivery

    An image showing how to use iterations to maximize value delivery

    Use iterations to reduce accumulated risk

    An image showing how to use iterations to reduce accumulated risk.

    Understanding MVP
    (always be ready to go live)

    A great and wise pharaoh hires two architects to build his memorial pyramids.

    An image shows two architects contribution to pyramid construction.

    Understanding MVP
    (always be ready to go live)

    Several years go by, and then…

    The pharaoh is on his death bed.

    Simulation Exercise 1.7 Plan your first sprint

    30-60 minutes

    Step 1: Divide participants into independent Scrum delivery teams (max 7-8 people per team) and assign a PO (5 minutes)
    Step 2: Instruct each team to work together to decide on their "MVP strategy" for delivering this project (10-15 minutes)
    Step 3: Have each team decide on which user stories they would put in their first sprint backlog (5-10 minutes)
    Step 4: Have each team report on their findings. (10 minutes)

    Describe your team's "MVP strategy" for this project (Explain why you chose this strategy):

    Identify your first sprint backlog (Explain how this aligns with your MVP strategy):

    What, if anything, did you find interesting, insightful or valuable by having completed this exercise:

    Output

    • Experience deciding on an MVP strategy and creating your first sprint backlog

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.8 Do a sprint retrospective

    30-60 minutes

    Step 1: Thinking about the work you did in Exercise 3.2.7, identify what worked well and what didn't
    Step 2: Create a list of "Start/Stop/Continue" items using the table below
    Step 3: Present your list and discuss with other teams

    1. Capture findings in the table below:

    Start:
    (What could you start doing that would make Sprint Planning work better?)

    Stop:
    (What didn't work well for the team, and so you should stop doing it?)

    Continue:
    (What worked well for the team, and so you should continue doing?)

    Output

    • Experience performing a sprint retrospective

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.9 "What if" exercise (understanding what a fluid backlog really means)

    30-60 minutes

    1. As a team, consider what you would do in each of the following scenarios (treat each one as an independent scenario rather than cumulative):

    Scenario:

    How would you deal with this:

    After playing with and testing the Sprint 1 deliverable, your stakeholders find several small bugs that need to be fixed, along with some minor changes they would like made to the system. The total amount of effort to address all of these is estimated to be 4 story points in total.

    (e.g. First and foremost, put these requests into the Project Backlog, then…)

    Despite your best efforts, your stakeholders tell you that your Sprint 1 deliverable missed the mark by a wide margin, and they have major changes they want to see made to it.

    Several stakeholders have come forward and stated that they feel strongly that the "DEPOSIT – Deposit a cheque by taking a photo" User Story should be part of the first release, and they would like to see it moved from the Product Backlog to the project backlog (Important Note: they don't want this to change the delivery date for the first release)

    Output

    • A better understanding of how to handle change using a fluid project backlog

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.10 A Sprint 1 example

    30-60 minutes

    1. Consider the following example of what your Sprint 1 deliverable could be:

    An example of what your Sprint 1 deliverable could be.

    Output

    • Better understanding of an MVP strategy

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.10 A Sprint 1 example

    30-60 minutes

    1. As a group, discuss this approach, including:
      1. The pros and cons of the approach.
      2. Is this a shippable increment?
      3. What more would you need to do to make it a shippable increment?
    2. Capture your findings in the table below:

    Discussion

    Output

    • Better understanding of an MVP strategy

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 1.11 Simulate more sprints

    30-60 minutes

    1. As a group, continue to simulate more sprints for the online banking app:
      1. Simulate the planning, execution, demo, and retro stages for additional sprints
      2. Stop when you have had enough
    2. Capture your learnings in the table below:

    Discussion and learnings

    Output

    • Better understanding of an MVP strategy

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Scrum Simulation Module

    Simulate effective scrum practices

    Activities

    2.1 Execute the ball passing sprints

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Model and understand behavioral blockers and patterns affecting Agile teams and organizational culture.

    Pass the balls – sprint velocity game

    Goal 1. Pass as many balls as possible (Story Points) through the system during each sprint.
    Goal 2. Improve your estimation and velocity after each retrospective.

    Backlog

    An image of Sprint, passing balls from one individual to another until you reach the completion point.

    Points Completed

    Rules:

    1. Two people cannot touch the ball at the same time.
    2. Only the first and last person can hold more than one ball at a time.
    3. Every person on the Delivery Team must touch the ball at least once per sprint.
    4. Each team must record its results during the retrospective.

    Scoring:

    1. One point for every ball that completes the system.
    2. Minus one point for every dropped ball.

    Epic 1: 3 sprints

    1. 1-minute Planning
    2. 2-minute Sprints
    3. 1-minute Retrospective

    Group Retrospective
    Epic 2: 3 sprints (repeat)

    1. 1-minute Planning
    2. 2-minute Sprints
    3. 1-minute Retrospective

    Simulation Exercise 1.11 Simulate more sprints

    30-60 minutes

    Goal 1: Pass as many balls (Story Points) through the system during each sprint.
    Goal 2: Improve your estimation and velocity after each retrospective.

    1. Epic 1: 3 sprints
      1. 1-minute Planning
      2. 2-minute Sprints
      3. 1-minute Retrospective
    2. Group Retrospective
    3. Epic 2: 3 sprints
      1. 1-minute Planning
      2. 2-minute Sprints
      3. 1-minute Retrospective
    4. Group Retrospective
    5. Optionally repeat for additional sprints with team configurations or scenarios

    Rules:

    1. Two people cannot touch the ball at the same time.
    2. Only the first and last person can hold more than one ball at a time.
    3. Every person on the delivery team must touch the ball at least once per sprint.
    4. Each team must record its results during the retrospective.

    Scoring:

    1. One point for every ball that completes the system.
    2. Minus one point for every dropped ball.

    Output

    • Understand basic estimation, sprint, and retrospective techniques.
    • Experience common Agile behavior challenges.

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Facilitator slides: Sprint velocity game

    Goal:

    Pass as many balls as possible through the system during each cycle.

    Game Setup

    • Divide into teams of 8-16 people. If you have a smaller group, form one team rather than two smaller teams to start. The idea is to cause chaos with too many people in the delivery flow. See alternate versions for adding additional Epics with smaller teams.
    • Read out the instructions and ensure teams understand each one. Note that no assistance will be given during the sprints.

    Use your phone's timer to create 2-minute cycles:

    • 1-minute sprint planning
    • 2-minute delivery sprint
    • 1-minute retrospective and results recording
    • Run 3-4 cycles, then stop for a facilitated discussion of their observations and challenges.
    • Begin epic 2 and run for 3-4 more cycles.

    Facilitator slides: Sprint velocity game

    • Game Cycles
      • Epic 1: 3 complete cycles
      • 1-minute Planning
      • 2-minute Sprints
      • 1-minute Sprint retrospective
    • Group Retrospective
      • Discuss each sprint, challenges, and changes made to optimize throughput.
    • Epic 2: 3 complete cycles
      • 1-minute Planning
      • 2-minute Sprints
      • 1-minute Sprint retrospective
    • Group Retrospective
      • Discuss each sprint, challenges, and changes made to optimize throughput.
    • Game Rules
      • Each ball must have airtime. No ball cannot touch two people at the same time.
      • No person can hold more than one ball at a time.
      • Ball must be passed by every person on a team.
      • You may not pass a ball to a person directly to the person on your left or right.
      • Each team must keep score and record their results during the Retrospective.
    • Scoring
      • 1 point for every ball that completes the system.
      • Minus 1 point for every dropped ball.

    Facilitator slides: Sprint velocity game

    Facilitator Tips

    • Create a feeling of competition to get the teams to rush and work against each other. The goal is to show how this culture must be broken in Agile and DevOps. Then challenge the teams against natural silos and not focus on enterprise goals.
    • Create false urgency to increase stress, errors, and breakdowns in communication.
    • Look for patterns of traditional delivery and top-down management that limit delivery. These will emerge naturally, and teams will fall back into familiar patterns under stress.
    • Look for key lessons you want to reinforce and bring out ball game examples to help teams relate to something that is easier to understand.

    Alternate Versions

    • Run Epic 1 as one team, then have them break into typical Agile teams of 4-9 people. Compare results.
    • Run Epics with different goals: How would their approach change?
      • Fastest delivery
      • Highest production
      • Lowest defect rate
    • Have teams assign a scrum master to coordinate delivery. A scrum master and product owner are part of the overall team, but not part of the delivery team. They would not need to pass balls during each sprint.
    • Increase sprint time. Discuss right sizing sprint to complete work.
    • Give each team different numbers of balls, but don't tell them. Alternately, start each team with half as many balls, then double for Epic 2. Discuss how the sprint backlog affected their throughput.

    Facilitator slides: Sprint velocity game

    Trends to Look For and Discuss

    • False constraints - patterns where teams unnecessarily limited themselves.
    • Larger teams could have divided into smaller working teams, passing the balls between working groups.
    • Instructions did not limit that "team" meant everyone in the group. They could have formed smaller groups to process more work. LEAN
    • Using the first sprint for planning only. More time to create a POC.
    • Teams will start communicating but will grow silent, especially in later sprints. Stress interactions over the process.
    • Borrowing best practices from other teams.
    • Using retrospectives to share ideas with other teams. Stress needs to align with the company's goals, not just the team's goals.
    • How did they treat dropped balls? Rejected as errors, started over (false constraint), or picked up and continued?

    Trends to Look For and Discuss

    • Did individuals dominate the planning and execution, or did everyone feel like an equal member of the team?
    • Did they consider assigning a scrum master? The scrum master and product owner are part of the overall team, but not part of the Delivery Team. They would not need to pass balls during each Sprint.
    • What impacted their expected number of balls completed? Did it help improve quality or was it a distraction?
    • What caused their improvement in velocity? Draw the connection between how teams must work together and the need for stability.
    • Discuss the overall goal and constraints. Did they understand what the desired outcome was? Where did they make assumptions? Add talking points:
      • What if the goal was overall completed balls?
      • What if it was zero defect? No dropped balls.
      • What if it was the fastest delivery? Each ball through the system in the shortest time? Were they timing each ball?

    Scrum Simulation Module

    Simulate effective scrum practices

    Activities

    3.1 Identify key insights and takeaways

    3.2 Perform exit survey and capture results

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your key insights and takeaways

    Simulation Exercise 3.1
    Identify key insights and takeaways

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the Intro to Agile presentation?
      2. What if any takeaways do participants feel are needed as a result of the presentation?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:

    What key insights have you gained?

    What takeaways have you identified?

    • (e.g. better understanding of Agile mindset, principles, and practices)
    • (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Simulation Exercise 3.2
    Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Agile Modules

    Prioritize Agile support with your top challenges

    Backlog Management

    Scrum Simulation

    Estimation

    Product Owner

    Product Roadmapping

    1: User stories and the art of decomposition

    2: Effective backlog management & refinement

    3: Identify insights and team feedback

    1: Scrum sprint planning and retrospective simulation

    2: Pass the balls – sprint velocity game

    1: Improve product backlog item estimation

    2: Agile estimation fundamentals

    3: Understand the wisdom of crowds

    4: Identify insights and team feedback

    1: Understand product management fundamentals

    2: The critical role of the product owner

    3: Manage effective product backlogs and roadmaps

    4: Identify insights and team feedback

    1: Identify your product roadmapping pains

    2: The six "tools" of product roadmapping

    3: Product roadmapping exercise

    Organizations often struggle with numerous pain points around Agile delivery.
    The Common Agile Challenges Survey results will help you identify and prioritize the organization's biggest (most cited) pain points. Treat these pain points like a backlog and address the biggest ones first.

    Agile modules provide supporting activities:

    Each module provides guidance and supporting activities related to a specific Agile Challenge from your survey. These modules can be arranged to meet each organization's or team's needs while providing cohesive and consistent messaging. For additional supporting research, please visit the Agile / DevOps Resource Center.

    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Estimation Module

    Improve product backlog item estimation

    Activities

    1.1 Identify your estimation pains

    1.2 (Optional) Why do we estimate?

    1.3 How do you estimate now?

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of Agile estimation practices and how to apply them.

    Establish consistent Agile estimation fundamentals

    an image of a hierarchy answering the question What is an estimate.

    Know the truth about estimates and their potential pitfalls.

    Then, understand how Agile estimation works to avoid these pitfalls.

    Estimation Exercise 1.1 Identify your estimation pains

    30-60 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What specific challenges are you facing with your estimation practices today
      2. Capture your findings in the table below:

    What are your specific Estimation challenges?

    • (e.g. We don't estimate consistently)
    • (e.g. Our estimates are usually off by a large margin)
    • (e.g. We're not sure what approach to use when estimating)

    Output

    • Your specific estimation related challenges

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 1.2 (Optional) Why do we estimate?

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. Why do we do estimates?
      2. What value/merit do estimates have?
    2. Capture your findings in the table below:

    Why would/should you do estimates?

    • (e.g. Our stakeholders need to know how long it will take to deliver a given feature/function)

    Output

    • Better understanding of the need for estimates

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 1.2 (Optional) Why do we estimate?

    30 minutes

    1. Estimation has its merits
    2. Here are some sample reasons for estimates:
      • "Estimates allow us to predict when a sprint goal will be met, and therefore when a substantial increment of value will be delivered."
      • "Our estimates help our stakeholders plan ahead. They are part of the value we provide."
      • "Estimates help us to de-risk scope of uncertain size and complexity."
      • "Estimated work can be traded in and out of scope for other work of similar size. Without estimates, you can't trade."
      • "The very process of estimation adds value. When we estimate we discuss requirements in more detail and gain a better understanding of what is needed."
      • "Demonstrates IT's commitment to delivering valuable products and changes."
      • "Supports business ambitions with customers and stakeholders."
      • "Helps to build a sustainable value-delivery cadence."

    Source: DZone, 2013.

    Output

    • Better understanding of the need for estimates

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 1.3 How do you estimate now?

    30 minutes

    1. As a group, speak about now you currently estimate in your organization.
    2. Capture your findings in the table below:

    Why would/should you do estimates?

    • (e.g. We don't do estimates)
    • (e.g. We ask the person assigned to each task in the project plan to estimate how long it will take)

    Output

    • Your current estimation approach

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Module

    Improve product backlog item estimation

    Activities

    2.1 (Optional) Estimate a real PBI

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of Agile estimation practices and how to apply them.

    Don't expect your estimates to be accurate!

    The average rough order of magnitude estimates for software are off by is up to 400%.
    Source: Boehm, 1981

    Estimate inaccuracy has many serious repercussions on the project and organization

    66%

    Average cost overrun(1)

    33%

    Average schedule overrun (1)

    17%

    Average benefits shortfall)1)

    (1) % of software projects with given issue

    Source: McKinsey & Company, 2012

    The Estimation Cone of Uncertainty

    The Estimation Cone of Uncertainty

    What is Agile estimation?

    There is no single Agile estimation technique. When selecting an approach, adopt an Agile estimation technique that works for your organization, and don't be afraid to adapt it to your circumstances. Remember: all estimates are wrong, so use them with care and skepticism.

    • Understands and accepts the limitations of any estimation process.
    • Leverages good practices to counteract these limitations (e.g. wisdom of crowds, quality-first thinking).
    • Doesn't over-invest in individual estimate accuracy (but sees their value "in aggregate").
    • Approach can change from project to project or team to team and evolves/matures over the project lifespan.
    • Uses the estimation process as an effective tool to:
      • Make commitments about what can be accomplished in a sprint (to establish capacity).
      • Convey a measure of progress and rough expected completion dates to stakeholders (including management).

    Info-Tech Insight

    All estimates are wrong, but some can be useful (leverage the "wisdom of crowds" to improve your estimation practices).

    There are many Agile estimation techniques to choose from…

    Consensus-Building Techniques
    Planning Poker

    Most popular by far (stick with one of these unless there is a good reason to consider others)

    This approach uses the Delphi method, where a group collectively estimates the size of a PBI, or user stories, with cards numbered by story points. See our Estimate Software Delivery With Confidence blueprint.

    T-Shirt Sizing

    This approach involves collaboratively estimating PBIs against a non-numerical system (e.g. small, medium, large). See DZone and C# Corner for more information.

    Dot Voting

    This approach involves giving participants a set number of dot stickers or marks and voting on the PBIs (and options) to deliver. See Dotmocracy and Wikipedia for more information.

    Bucket System

    This approach categorizes PBIs by placing them into defined buckets, which can then be further broken down through dividing and conquering. See Agile Advice and Crisp's Blog for more information.

    Affinity Mapping

    This approach involves the individual sizing and sorting of PBIs, and then the order of these PBIs are collaboratively edited. The grouping is then associated with numerical estimates or buckets if desired. See Getting Agile for more information.

    Ordering Method

    This approach involves randomly ordering items on a scale ranging from low to high. Each member will take turns moving an item one spot lower or higher where it seems appropriate. See Apiumhub, Sheidaei Blog (variant), and SitePoint (Relative Mass Valuation) for more information.

    Ensure your teams have the right information

    Estimate accuracy and consistency improve when it is clear what you are estimating (definition of ready) and what it means to complete the PBI (definition of done).
    Be sure to establish and enforce your definition of ready/done throughout the project.

    Ready

    Done
    • The value of the story to the user is indicated.
    • The acceptance criteria for the story have been clearly described.
    • Person who will accept the user story is identified.
    • The team knows how to demo the story…
    • Design complete, code compiles, static code analysis has been performed and passed.
    • Peer reviewed with coding standards passed.
    • Unit test and smoke test are done/functional (preferably automated).
    • Passes functionality testing including security testing…

    What are story points?

    Many organizations use story point sizing to estimate their PBIs
    (e.g. epics, features, user stories, and tasks)

    • A story point is a (unitless) measure of the relative size, complexity, risk, and uncertainty, of a PBI.
    • Story points do not correspond to the exact number of hours it will take to complete the PBI.
    • When using story points, think about them in terms of their size relative to one another.
    • The delivery team's sprint velocity and capacity should also be tracked in story points.

    How do you assign a point value to a user story? There is no easy answer outside of leveraging the experience of the team. Sizes are based on relative comparisons to other PBIs or previously developed items. Example: "This user story is 3 points because it is expected to take 3 times more effort than that 1-point user story."Therefore, the measurement of a story point is only defined through the team's experience, as the team matures.

    Can you equate a point to a unit of time? First and foremost, for the purposes of backlog prioritization, you don't need to know the time, just its size relative to other PBIs. For sprint planning, release planning, or any scenario where timing is a factor, you will need to have a reasonably accurate sprint capacity determined. Again, this comes down to experience.

    "Planning poker" estimation technique

    Leverage the wisdom of crowds to improve your estimates

    an image of the user story points and the Fibonacci sequence

    Planning poker: This approach uses the Delphi method, where a group collectively estimates the size of a PBI or user story, using cards with story points on them.

    Materials: Each participant has deck of cards, containing the numbers of the Fibonacci sequence.

    Typical Participants: Product owner, scrum master (usually acts as facilitator), delivery team.

    Steps:

    1. The facilitator will select a user story.
    2. The product owner answers any questions about the user story from the group.
    3. The group makes their first round of estimates, where each participant individually selects a card without showing it to anyone, and then all selections are revealed at once.
    4. If there is consensus, the facilitator records the estimate and moves onto step 1 for another user story.
    5. If there are discrepancies, the participants should state their case for their selection (especially high or low outliers) and engage in constructive debate.
    6. The group makes an additional round of estimates, where step 3-6 are completed until there is a reasonable consensus.
    7. If the consensus is the user story is too large to fit into a sprint or too poorly defined, then the user story should be decomposed or rewritten.

    Estimation Exercise 2.1 (Optional) Estimate a real PBI

    30-60 minutes

    Step 1: As a group, select a real epic, feature, or user story from one of your project backlogs which needs to be estimated:

    PBI to be Estimated:

    As a ____ I want _____ so that ______

    Step 2: Select one person in your group to act as the product owner and discuss/question the details of the selected PBI to improve your collective understanding of the requirement (the PO will do their best to explain the PBI and answer any questions).
    Step 3: Make your first round of estimates using either T-shirt sizing or the Fibonacci sequence. Be sure to agree on the boundaries for these estimates (e.g. "extra-small" (XS) is any work that can be completed in less than an hour, while "extra-large" (XL) is anything that would take a single person a full sprint to deliver – a similar approach could be used for Fibonacci where a "1" is less than an hour's work, and "21" might be a single person for a full sprint). Don't share your answer until everyone has had a chance to decide on their Estimate value for the PBI.
    Step 4: Have everyone share their chosen estimate value and briefly explain their reasoning for the estimate. If most estimate values are the same/similar, allow the group to decide whether they have reached a "collective agreement" on the estimate. If not, repeat step 3 now that everyone has had a chance to explain their initial Estimate.
    Step 5: Capture the "collective" estimate for the PBI here:

    Our collective estimate for this PBI:

    e.g. 8 story points

    Output

    • A real PBI from your project backlog which has estimated using planning poker

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Module

    Improve product backlog item estimation

    Activities

    3.1 Guess the number of jelly beans (Round 1) (15 minutes)
    3.2 Compare the average of your guesses (15 minutes)
    3.3 Guess the number of gumballs (Round 2) (15 minutes)
    3.4 Compare your guesses against the actual number

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • A better understanding of why Agile estimation and reconciliation provides reliable estimates for planning.

    Facilitator Slides: Agile Estimation (Wisdom of Crowds Exercise – Rounds 1 and 2)

    Notes and Instructions

    The exercise is intended to mimic the way Planning Poker is performed in Agile Estimation. Use the exercise to demonstrate the power of the Wisdom of Crowds and how, in circumstances where the exact answer to a question is not known, asking several people for their opinion often produces more accurate results than most/any individual opinion.

    Some participants will tend to "shout out an answer" right away, so be sure to tell participants not to share their answers until everyone has had an opportunity to register their guess (this is particularly important in Round 1, where we are trying to get unvarnished guesses from the participants).

    In Round 1:

    • Be sure to emphasize that participants are guessing the total number of jelly beans in the jar (sometimes people think it is just the number visible)
    • Once all guesses are gathered and you've calculated the error for them (and the average guess), review the results with participants (Note: the actual number of jelly beans in the jar is 1600 (it is "greyed out" on the bottom line of the table – you can make it visible by turning off the grey highlight on that cell in the table)
    • Most of the time, the average guess will be closer to the actual than most (if not all) individual guesses (but be prepared for the fact that this doesn't always happen – this is especially true when the number of participants is small)
    • When discussing the results, ask participants to share the "method" they used to make their guess (particularly those who were closest to the actual). This part of the exercise can help them to make more accurate guesses in Round 2

    In Round 2:

    • Note that this time, participants are guessing the total number of visible gumballs in the image (both whole and partial gumballs are counted)
    • Once all guesses are gathered and you've calculated the error for them (and the average guess), review the results with participants (Note: the actual number of visible gumballs is 1600 (it is "greyed out" on the bottom line of the table – you can make it visible by turning off the grey highlight on that cell in the table)
    • Most of the time, the average guess will be closer to the actual in Round 2 than it was in Round 1
    • Talk to participants about the outcomes and how the results varied from Round 1 to Round 2, along with any interesting insights they may have gained from the exercise

    Estimation Exercise 3.1 Guess the number of jelly beans (Round 1)

    15 minutes

    1. Option 1: Microsoft Forms
      1. Create your own local survey by copying the template using the link below.
      2. Add the local Survey link to the exercise instructions or send the link to the participants.
      3. Give the participants 2-3 minutes to complete their guesses.
      4. Collect the consolidated Survey responses and calculate the results on the next slide.
      5. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst or Workshop Specialist can set up the survey for you.
    2. Option 2: Embedded Excel table
      1. On the results slide, double-click the table to open the embedded Excel worksheet.
      2. Record each participant's guess in the table.
    3. Alternatively, this survey can be done with sticky notes, a pen, paper, and a calculator to determine the outcomes.

    Download Survey Template:

    Info-Tech Wisdom of the Crowd 1 (Jelly Bean Guess

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 3.1 Guess the number of jelly beans (Round 1)

    15 minutes

    1. Guess the total number of jelly beans in the entire container (not just the ones you can see).
    2. Be sure not to share your guess with anyone else.
    3. It doesn't matter how you settle on your guess ("gut feel" is fine, so is being "scientific" about it, as well as everything in between).
    4. Again, please don't share your guess (or even how you settled on your guess) with anyone else (this exercise relies on independent guesses).

    See slide notes for instructions.

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 3.2 Compare the average of your guesses

    15 minutes

    A blank table for you to compare the average of your guesses at the number of Jellybeans in the Jar.

    See slide notes for instructions.

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Guess the number of gumballs

    • Option 1: Microsoft Forms
      • Create your own local survey by copying the template using the link below.
      • Add the local Survey link to the exercise instructions or send the link to the participants.
      • Give the participants 2-3 minutes to complete their guesses.
      • Collect the consolidated Survey responses and calculate the results on the next slide.
      • NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst or Workshop Specialist can set up the survey for you.
    • Option 2: Embedded Excel table
      • On the results slide, double-click the table to open the embedded Excel worksheet.
      • Record each participant's guess in the table.
    • Alternatively, this survey can be done with sticky notes, a pen, paper, and a calculator to determine the outcomes.

    Download Survey Template:

    Info-Tech Wisdom of the Crowd 2 (Gumball Guess)

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • PM's, PO's and SM's
    • Delivery Managers
    • Delivery Teams
    • Business Stakeholders
    • Senior Leaders
    • Other Interested Parties

    Estimation Exercise 3.3 Guess the number of gumballs (Round 2)

    15 minutes

    1. Guess the total number of gumballs visible in the photo shown on the right.
    2. Again, please don't share your guess with anyone.

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • PM's, PO's and SM's
    • Delivery Managers
    • Delivery Teams
    • Business Stakeholders
    • Senior Leaders
    • Other Interested Parties

    Estimation Exercise 3.2 Compare the average of your guesses

    15 minutes

    A blank table for you to compare the average of your guesses at the number of Jellybeans in the Jar.

    See slide notes for instructions.

    Output

    • An appreciation for the power of the wisdom of crowds

    Participants

    • PM's, PO's and SM's
    • Delivery Managers
    • Delivery Teams
    • Business Stakeholders
    • Senior Leaders
    • Other Interested Parties

    Estimation Module

    Improve product backlog item estimation

    Activities

    4.1 Identify key insights and takeaways
    4.2 Perform exit survey and capture results

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your key insights and takeaways.

    Estimation Exercise 4.2
    Identify key insights and takeaways

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the Intro to Agile presentation?
      2. What if any takeaways do participants feel are needed as a result of the presentation?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:

    What key insights have you gained?

    What takeaways have you identified?

    • (e.g. better understanding of Agile mindset, principles, and practices)
    • (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Estimation Exercise 4.2
    Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Agile Modules

    Prioritize Agile support with your top challenges

    Backlog Management

    Scrum Simulation

    Estimation

    Product Owner

    Product Roadmapping

    1: User stories and the art of decomposition

    2: Effective backlog management & refinement

    3: Identify insights and team feedback

    1: Scrum sprint planning and retrospective simulation

    2: Pass the balls – sprint velocity game

    1: Improve product backlog item estimation

    2: Agile estimation fundamentals

    3: Understand the wisdom of crowds

    4: Identify insights and team feedback

    1: Understand product management fundamentals

    2: The critical role of the product owner

    3: Manage effective product backlogs and roadmaps

    4: Identify insights and team feedback

    1: Identify your product roadmapping pains

    2: The six "tools" of product roadmapping

    3: Product roadmapping exercise

    Organizations often struggle with numerous pain points around Agile delivery.
    The Common Agile Challenges Survey results will help you identify and prioritize the organization's biggest (most cited) pain points. Treat these pain points like a backlog and address the biggest ones first.

    Agile modules provide supporting activities:

    Each module provides guidance and supporting activities related to a specific Agile Challenge from your survey. These modules can be arranged to meet each organization's or team's needs while providing cohesive and consistent messaging. For additional supporting research, please visit the Agile / DevOps Resource Center.

    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Product Owner Module

    Establish an effective product owner role

    Activities

    1.1 Identify your product owner pains
    1.2 What is a "product"? Who are your "consumers"?
    1.3 Define your role terminology

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand product management fundamentals.
    • Define your product management roles and terms.

    Product owners ensure we delivery the right changes, for the right people, at the right time.

    The importance of assigning an effective and empowered product owner to your Agile projects cannot be overstated.

    What is a product?

    A tangible solution, tool, or service (physical or digital), which enables the long-term and evolving delivery of value to customers, and stakeholders based on business and user requirements.

    Info-Tech Insight

    A proper definition of a product recognizes three key facts.

    1. A clear recognition that products are long-term endeavors that don't end after the project finishes.
    2. Products are not just 'apps', but can be software or services that drive value.
    3. There is more than one stakeholder group that derives value from the product or service.

    Estimation Exercise 4.2
    Perform an exit survey

    30-60 minutes

    1. As a group, discuss and capture your thoughts on:
      • What specific challenges are you facing with your product owner practices today?
    2. Capture your findings in the table below:

    What are your specific Product Owner challenges?

    • (e.g. We don't have product owners)
    • (e.g. Our product owners have "day jobs" as well, so they don't have enough time to devote to the project)
    • (e.g. Our product owners are unsure about the role and its associated responsibilities)

    Output

    • Your specific product owner challenges

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Product Owner Exercise 1.2 What is a "product"? Who are your "consumers"?

    30-60 minutes

    1. Discussion:
      1. How do you define a product, service, or application?
      2. Who are the consumers that receive value from the product?

    Input

    • Organizational knowledge
    • Internal terms and definitions

    Output

    • Our definition of products and services
    • Our definition of product and service consumers/customers

    Products and services share the same foundation and best practices

    The term "product" is used for consistency but would apply to services as well.

    Product=Service

    "Product" and "Service" are terms that each organization needs to define to fit its culture and customers (internal and external). The most important aspect is consistent use and understanding of:

    • External products
    • Internal products
    • External services
    • Internal services
    • Products as a service (PaaS)
    • Productizing services (SaaS)

    Recognize the different product owner perspectives

    • Business
      • Customer facing, revenue generating
    • Operations
      • Keep the lights on processes
    • Technical
      • IT systems and tools

    "A product owner in its most beneficial form acts like an Entrepreneur, like a 'mini-CEO'. The product owner is someone who really 'owns' the product."

    – – Robbin Schuurman,
    "Tips for Starting Technical Product Managers"

    Info-Tech Best Practice

    Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

    Implement Info-Tech's product owner capability model

    An image of Info-Tech’s product owner capability model

    Unfortunately, most product owners operate with an incomplete knowledge of the skills and capabilities needed to perform the role. Common gaps include focusing only on product backlogs, acting as a proxy for product decisions, and ignoring the need for key performance indicators (KPIs) and analytics in both planning and value realization.

    Scale products into families to improve alignment

    Operationally align product delivery to enterprise goals

    A hierarchy showing how to break enterprise goals and strategy down into product families.

    The Info-Tech difference:

    Start by piloting product families to determine which approaches work best for your organization.

    Create a common definition of what a product is and identify products in your inventory.

    Use scaling patterns to build operationally aligned product families.

    Develop a roadmap strategy to align families and products to enterprise goals and priorities.

    Use products and families to evaluate the delivery and organizational design improvements.

    Deliver Digital Products at Scale via Enterprise Product Families

    Select the right models for scaling product management

    • Pyramid
      • Logical hierarchy of products rolling into a single service area.
      • Lower levels of the pyramid focus on more discrete services.
      • Example: Human resources mapping down to supporting applications.
    • Service Grouping
      • Organization of related services into service family.
      • Direct hierarchy does not necessarily exist within the family.
      • Example: End user support and ticketing.
    • Technical Grouping
      • Logical grouping of IT infrastructure, platforms, or applications.
      • Provides full lifecycle management when hierarchies do not exist.
      • Example: Workflow and collaboration tools.
    • Market Alignment
      • Grouping of products by customer segments or market strategy.
      • Aligns product to end users and consumers.
      • Example: Customer banking products and services.
    • Organizational Alignment
      • Used at higher levels of the organization where products are aligned under divisions.
      • Separation of product management from organizational structure no longer distinct.

    Match your product management role definitions to your product family levels

    Product Ownership exists at the different operational tiers or levels in your product hierarchy. This does not imply or require a management relationship.

    Product Portfolio
    Groups of product families within an overall value stream or capability grouping.
    Product Portfolio Manager

    Product Family
    A collection of related products. Products can be grouped along architectural, functional, operational, or experiential patterns.
    Product Family Manager

    Product
    Single product composed of one or more applications and services.
    Product Owner

    Info-Tech Insight

    The primary role conflict occurs when the product owner is a proxy for stakeholders or responsible for the delivery team. The product owner owns the product backlog. The delivery team owns the sprint backlog and delivery.

    Examine the differences between product managers and product owners

    Product management terminology is inconsistent, creating confusion in organizations introducing these roles. Understand the roles, then define terms that work best for you.

    A Table comparing the different roles of product managers to those of product owners.

    Define who manages key milestone

    Key milestones must be proactively managed. If a project manager is not available, those responsibilities need to be managed by the Product Owner or Scrum Master. Start with responsibility mapping to decide which role will be responsible.

    An image of a table with the following column headings: Example Milestones; Project Manager; Product Owner; Scrum Master*

    Product Owner Exercise 1.3 Define your role terminology

    30-60 minutes

    1. Using consistent terms is important for any organizational change and evergreen process. Capture your preferred terms to help align teams and expectations.
    Term

    Definition

    Product Owner

    • Owns and manages the product or service providing continuous delivery of value.
    • Owns the product roadmap and backlog for the product or service.
    • Works with stakeholders, end users, the delivery team, and market research to identify the product features and their estimated return on investment when implemented.
    • Responsible for refining and reprioritizing the product backlog ensuring items are "Ready" for the sprint backlog.
    • Defines KPIs to measure the value and impact of each PBI to help refine the backlog and guide the roadmap.
    • Responsible for refining and reprioritizing the sprint backlog that identifies which features will be delivered in the next sprint based on business importance.
    • Works with the product owner, stakeholders, end users, and SMEs to help define PBIs to ensure they are "Ready" for the Sprint backlog.

    Product Manager

    • Owns and manages a product or service family consisting of multiple products or services.
    • Owns the product family roadmap. Note: Product families do not have a backlog, only products do.
    • Works with stakeholders, end users, product owners, enterprise architecture, and market research to identify the product capabilities needed to accomplish goals.
    • Validates the product PBIs delivered realized the expected value and capability. Feedback is used to refine the product family roadmap and guide product owners.

    Output

    • Product management role definitions

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Product Owner Module

    Establish an effective product owner role

    Activities

    2.1 Identify enablers and blockers

    2.2 (Optional) Dissect this definition of the product owner role

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify cultural enablers and blockers for product owners.
    • Develop a deeper understanding of the product owner role.

    The importance of establishing an effective product owner role

    The critical importance of establishing an effective product owner role (PO) for your Agile projects cannot be overstated.

    Many new-to-Agile organizations do not fully appreciate the critical role played by the PO in Scrum, nor the fundamental changes the organization will need to make in support of the PO role. Both mistakes will reduce an organization's chances of successfully adopting Agile and achieving its promised benefits.

    The PO role is critical to the proper prioritization of requirements and efficient decision-making during the project.

    The PO role helps the organization to avoid "analysis paralysis" challenges often experienced in large command-and-control-style organizations.

    A poorly chosen or disengaged product owner will almost certainly stifle your Agile project.

    Note that for many organizations, "product owner" is not a formally recognized role, which can create HR issues. Some organizational education on Agile may be needed (especially if your organization is unionized).

    Info-Tech Insight

    Failing to establish effective product owners in your organization can be a "species-killing event" for your Agile transformation.

    The three A's of a product owner

    To ensure the effectiveness of a product owner, your organization should select one that meets the three A's:

    Available: Assign a PO that can focus full-time on the project. Make sure your PO can dedicate the time needed to fulfill this critical role.
    Appropriate: It's best for the PO to have strong subject matter expertise (so-called "super users" are often selected to be POs) as well as strong communication, collaboration, facilitation, and arbitration skills. A good PO will understand how to negotiate the best outcomes for the project, considering all project constraints.
    Authoritative: The PO must be empowered by your organization to speak authoritatively about priorities and goals and be able to answer questions from the project team quickly and efficiently. The PO must know when decisions can be made immediately and when they must be made in collaboration with other stakeholders – choosing a PO that is well-known and respected by stakeholders will help to make this more efficient.

    Info-Tech Insight

    It's critical to assign a PO that meets the three A's:

    • Available
    • Appropriate
    • Authoritative

    The three ears of a product owner*

    An effective product owner listens to (and effectively balances) the needs and constraints of three different groups:

    Organizational needs/constraints represent what is most important to the organization overall, and typically revolve around things like cost, schedule, return on investment, time to market, risk mitigation, conforming to policies and regulations, etc.

    Stakeholder needs/constraints represent what is most important to those who will be using the system and typically revolve around the delivery of value, ease of use, better outcomes, making their jobs easier and more efficient, getting what they ask for, etc.

    Delivery Team needs/constraints represent what is most important to those who are tasked with delivering the project and cover a broad range that includes tools, skills, capabilities, technology limitations, capacity limits, adequate testing, architectural considerations, sustainable workload, clear direction and requirements, opportunities to innovate, getting sufficient input and feedback, support for clearing roadblocks, dependencies on other teams, etc.

    Info-Tech Insight

    An effective PO will expertly balance the needs of:

    • The organization
    • Project stakeholders
    • The delivery team

    * For more, see Understanding Scrum: Why do Product Owners Have Three Ears

    A product owner doesn't act alone

    Although the PO plays a unique and central role in the success of an Agile project, it doesn't mean they "act alone."

    The PO is ultimately responsible for managing and maintaining an effective backlog over the project lifecycle, but many people contribute to maintaining this backlog (on large projects, BA's are often the primary contributors to the backlog).

    The PO role also relies heavily on stakeholders (to help define and elaborate user stories, provide input and feedback, answer questions, participate in sprint demos, participate in testing of sprint deliverables, etc.).

    The PO role also relies heavily on the delivery team. Some backlog management and story elaboration is done by delivery team members instead of the PO (think: elaborating user story details, creating acceptance criteria, writing test plans for user stories, etc.).

    The PO both contributes to these efforts and leads/oversees the efforts of others. The exact mix of "doing" and "leading" can be different on a case-by-case basis and is part of establishing the delivery team's norms.

    Given the importance of the role, care must be taken to not overburden the product owner, especially on large projects.

    Info-Tech Insight

    While being ultimately responsible for the product backlog, a PO often relies on others to aid in backlog management and maintenance.

    This is particularly true on large projects.

    The use of a proxy PO

    Sometimes, a proxy product owner is needed.

    It is always best to assign a product owner "from the business," who will bring subject matter expertise and have established relationships with stakeholders.

    When a PO from the business does not have enough time to fulfill the needs of the role completely (e.g. can only be a part-time PO, because they have a day job), assigning a proxy product owner can help to compensate for this.

    The proxy PO acts on behalf of the PO in order to reduce the PO's workload or to otherwise support them.

    Project participants (e.g. delivery team, stakeholders) should treat the PO and proxy PO as roughly equivalent.

    Project managers (PMs) and business analysts (BAs) are often good candidates for the proxy PO role.

    NOTE: It's highly advisable for the PO to attend all/most sprint demos in order to observe progress for themselves, and to identify any misalignment with expectations as early as possible (remember that the PO still has ultimate responsibility for the project outcomes).

    Info-Tech Insight

    Although not ideal, assigning a proxy PO can help to compensate for a PO who doesn't meet all three A's of Product Ownership.

    It is up to the PO and proxy to decide how they will work together (e.g. establish their norms).

    The use of a proxy PO

    The PO and proxy must work together closely and in a highly coordinated way.

    The PO and proxy must:

    • Work closely at the start of the project to agree on the overall approach they will follow, as well as any needs and constraints for the project.
    • Communicate frequently and effectively throughout the project, to ensure progress is being made and to address any challenges.
    • Have a "meeting of the minds" about how the different "parts" of the PO role will be divided between them (including when the proxy must defer to the PO on matters).
    • Focus on ensuring that all the responsibilities of the PO role are fulfilled effectively by the pair (how this is accomplished is up to the two of them to decide).
    • Ensure all project participants clearly understand the POs' and proxies' relative responsibilities to minimize confusion and mistakes.

    The use of multiple POs

    Sometimes, having multiple product owners makes sense.

    It is always best to assign a single product owner to a project. However, under certain circumstances, it can make sense to use multiple POs.

    For example, when implementing a large ERP system with many distinct modules (e.g. Finance, HR) it can be difficult to find a single PO who has sufficient subject matter expertise across all modules.

    When assigning Multiple POs to a project, be sure to identify a "Lead PO" (who is given ultimate responsibility for the entire project) and have the remaining POs act like Proxy POs.

    NOTE: Not surprisingly, it's highly advisable for the Lead PO to attend as many Sprint Demos as possible to observe progress for themselves, and to identify any misalignment with expectations as early as possible (remember that the Lead PO has ultimate responsibility for the project outcomes).

    Info-Tech Best Practice

    Although not ideal, assigning multiple POs to a project sometimes makes sense.

    When needed, be sure to identify a "Lead PO" and have the other PO's act like Proxies.

    Product Owner Exercise 2.1 Identify enablers and blockers

    30-60 minutes

    1. Brainstorm and discuss the key enablers that can help promote and ease your implementation of Product Ownership.
    2. Brainstorm and discuss the key blockers (or risks) that may interrupt or derail your efforts.
    3. Brainstorm mitigation activities for each blocker.
    Enablers Blockers Mitigation
    High business engagement and buy-in Significant time is required to implement and train resources Limit the scope for pilot project to allow time to learn
    Organizational acceptance for change Geographically distributed resources Temporarily collocate all resources and acquire virtual communication technology
    Existing tools can be customized for BRM Difficulty injecting customers in demos Educate customer groups on the importance of attendance and 'what's in it for them'

    Output

    • List of enablers and blockers to establishing product owners

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Establish an effective product owner role

    • The nature of a PO role can be somewhat foreign to many organizations, so candidates for the role will benefit from training along with coaching/mentoring support when starting out.
    • The PO must be able to make decisions quickly around project priorities, goals, and requirements.
    • A PO who is simply a conduit to a slow-moving steering committee will stifle an Agile project.
    • Establish clear boundaries and rules regarding which project decisions can be made directly by the PO and which must be escalated to stakeholders. Lean toward approaches that support the quickest decision-making (e.g. give the PO as much freedom as they need to be effective).
    • An effective PO has a good instinct for what is "good enough for now."
    • The organization can support the PO by focusing attention on goals and accomplishments rather than pushing processes and documentation.
    • Understand the difference between a project sponsor and a PO (the PO role is much more involved in the details, with a higher workload).
    • Agree on and clearly define the roles and responsibilities of PO, PM, dev manager, SM, etc. at the start of the project for clarity and efficiency.

    Characteristics to look for when selecting a product owner

    Here are some "ideal characteristics" for your POs (the more of these that are true for a given PO, the better):

    • Knows how to get things done in your organization
    • Has strong working relationships with project stakeholders (has established trust with them and is well respected by stakeholders as well as others)
    • Comes from the stakeholder community and is invested in the success of the project (ideally, will be an end user of the system)
    • Has proven communication, facilitation, mediation, and negotiation skills
    • Can effectively balance multiple competing priorities and constraints
    • Sees the big picture and strives to achieve the best outcomes possible (grounded in realistic expectations)
    • Works with a sense of urgency and welcomes ongoing feedback and collaboration with stakeholders
    • Understands how to act as an effective "funnel and filter" for stakeholder requests
    • Acts as an informal (but inspirational) leader whom others will follow
    • Has a strong sense of what is "good enough for now"
    • Protects the delivery team from distractions and keeps them focused on goals
    • Thinks strategically and incrementally

    Product Owner Exercise 2.2 (Optional) Dissect this definition of the product owner role

    30-60 minutes

    1. Take a minute or two to review the bullet points below, which describe the product owner's role.
    2. As a group, discuss the "message" for each bullet point in the description, and then identify which aspects would be "easy" and "hard" to achieve in your organization.
      • The product owner is a project team member who has been empowered by both the organization and stakeholders to act on their behalf and to guide the project directly with a single voice (supported by appropriate consultations with the organization and stakeholders).
      • The product owner must be someone with a good understanding of the project deliverable (they are often considered to be a subject matter expert in an area related to the project deliverable) and ideally is both well-known and respected by both the organization and stakeholders.
      • During the project, requirements clarification, prioritization, and scope changes are ultimately decided by the product owner, who must perform the important balancing act required by the project to adequately reflect the needs and constraints of the organization, its stakeholders, and the project team.
      • The product owner role can only be successful in an organization that has established a trusting and supportive culture. Great trust must be placed in the product owner to adequately balance competing needs in a way that leads to good outcomes for the organization. This trust must come with some authority to make important project decisions, and the organization must also support the product owner in addressing risks and roadblocks outside the control of the project team.
      • The product owner is first among equals when it comes to ultimate ownership of success for the project (along with the project delivery team itself). Because of this, any project of any significance will require the full-time effort of the product owner (don't shortchange yourself by under-investing in a willing, able, and available product owner)

    Output

    • Better understanding of the product owner role.

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Product Owner Exercise 2.2 (Optional) Dissect this definition of the product owner role

    Which aspects of the product owner are "easy" in your organization?

    Which aspects of the product owner are "hard" in your organization?

    Product Owner Module

    Establish an effective product owner role

    Activities

    3.1 Build a starting checklist of quality filters

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand the levels in a product backlog and how to create quality filters for PBIs moving through the backlog.
    • Define your product roadmap approach for key audiences.

    Product Owner Step 3: Managing effective product backlogs and roadmaps

    The primary role of the product owner is to manage the backlog effectively.

    When managed properly, the product backlog is a powerful project management tool that directly contributes to project success.

    The product owner's primary responsibility is to ensure this backlog is managed effectively.

    A backlog stores and organizes PBIs at various stages of readiness

    A well-formed backlog can be thought of as a DEEP backlog:

    • Detailed Appropriately: Product backlog items (PBIs) are broken down and refined as necessary.
    • Emergent: The backlog grows and evolves over time as PBIs are added and removed.
    • Estimated: The effort a PBI requires is estimated at each tier.
    • Prioritized: The PBIs value and priority are determined at each tier.

    (Perforce, 2018)

    An image showing the Ideas; Qualified; Ready; funnel leading to the sprint approach.

    Backlog tiers facilitate product planning steps

    An image of the product planning steps facilitated by Backlog Tiers

    Each activity is a variation of measuring value and estimating effort to validate and prioritize a PBI.

    A PBI meets our definition of done and passes through to the next backlog tier when it meets the appropriate criteria. Quality filters should exist between each tier.

    Backlog Exercise 2.1 Build a starting checklist of quality filters

    60 minutes

    1. Quality filters provide a checklist to ensure each Product Backlog Item (PBI) meets our definition of Done and is ready to move to the next backlog group (status).
    2. Create a checklist of basic descriptors that must be completed between each backlog level.
    3. If you completed this exercise in a different Module, review and update it here.
    4. Use this information to start your product strategy playbook in Deliver on Your Digital Product Vision.

    An image of the backlog tiers, identifying where product backlog and sprint backlog are

    Output

    • List of enablers and blockers to establishing product owners

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Outline the criteria to proceed to the next tier via quality filters

    Expand the concepts of defining "ready" and "done" to include the other stages of a PBIs journey through product planning.

    An image showing the approach you will use to Outline the criteria to proceed to the next tier via quality filters

    Info-Tech Insight: A quality filter ensures quality is met and teams are armed with the right information to work more efficiently and improve throughput.

    Define product value by aligning backlog delivery with roadmap goals

    In each product plan, the backlogs show what you will deliver.

    Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

    Product roadmaps guide delivery and communicate your strategy

    In Deliver on Your Digital Product Vision, we demonstrate how the product roadmap is core to value realization. The product roadmap is your communicated path, and as a product owner, you use it to align teams and changes to your defined goals while aligning your product to enterprise goals and strategy.

    This is an image Adapted from: Pichler, What Is Product Management?

    Adapted from: Pichler, "What Is Product Management?"

    Info-Tech Insight

    The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.

    Product delivery realizes value for your product family

    While planning and analysis are done at the family level, work and delivery are done at the individual product level.

    An example of performing planning and analysis at the family level.

    Leverage the product family roadmap for alignment

    It's more than a set of colorful boxes. It's the map to align everyone to where you are going.

    • Your product family roadmap:
      • Lays out a strategy for your product family.
      • Is a statement of intent for your family of products.
      • Communicates direction for the entire product family and product teams.
      • Directly connects to the organization's goals.
    • However, it is not:
      • Representative of a hard commitment.
      • A simple combination of your current product roadmaps.

    Your ideal roadmap approach is a spectrum, not a choice!

    Match your roadmap and backlog to the needs of the product.

    Tactical vs strategic roadmaps.

    Product Managers do not have to choose between being tactical or strategic.
    – Aha!, 2015

    Multiple roadmap views can communicate differently yet tell the same truth

    Audience

    Business/
    IT Leaders

    Users/Customers

    Delivery Teams

    Roadmap

    View

    Portfolio

    Product Family

    Technology

    Objectives

    To provide a snapshot
    of the portfolio and
    priority products

    To visualize and validate product strategy

    To coordinate broad technology and architecture decisions

    Artifacts

    Line items or sections of the roadmap are made up of individual products, and an artifact represents a disposition at its highest level.

    Artifacts are generally grouped by product teams and consist of strategic goals and the features that realize
    those goals.

    Artifacts are grouped by
    the teams who deliver
    that work and consist of technical capabilities that support the broader delivery of value for the product family.

    Product Owner Exercise 3.1 Build a starting checklist of quality filters

    60 minutes

    1. Views provide roadmap information to different audiences in the format and level of detail that is fit to their purpose.
    2. Consider the three primary audiences for roadmap alignment.
    3. Define the roles or people who the view best fits.
    4. Define the level of detail or artifacts shared in the view for each audience.
    5. Use this information to start your product strategy playbook in Deliver on Your Digital Product Vision.

    Business/
    IT Leaders

    Users/Customers

    Delivery Teams

    Audience:

    Audience:

    Audience:

    Level of Detail/Artifacts:

    Level of Detail/Artifacts:

    Level of Detail/Artifacts:

    Output

    • List of enablers and blockers to establishing product owners

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Connecting your product family roadmaps to product roadmaps

    Your product and product family roadmaps should be connected at an artifact level that is common between both. Typically, this is done with capabilities, but it can be done at a more granular level if an understanding of capabilities isn't available.

    A comparison between product family roadmaps and product roadmaps.

    Use product roadmaps to align cross-team dependencies

    Regardless of how other teams operate, teams need to align to common milestones.

    An image showing how you may Use product roadmaps to align cross-team dependencies

    Product Owner Module

    Establish an effective product owner role

    Activities

    4.1 Identify key insights and takeaways

    4.2 Perform exit survey and capture results

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Identify your key insights and takeaways.

    Product Owner Exercise 4.1
    Identify key insights and takeaways

    30 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the Intro to Agile presentation?
      2. What if any takeaways do participants feel are needed as a result of the presentation?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:
    What key insights have you gained? What takeaways have you identified?
    (e.g. better understanding of Agile mindset, principles, and practices) (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Product Owner Exercise 4.2
    Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Agile Modules

    Prioritize Agile support with your top challenges

    Backlog Management

    Scrum Simulation

    Estimation

    Product Owner

    Product Roadmapping

    1: User stories and the art of decomposition

    2: Effective backlog management & refinement

    3: Identify insights and team feedback

    1: Scrum sprint planning and retrospective simulation

    2: Pass the balls – sprint velocity game

    1: Improve product backlog item estimation

    2: Agile estimation fundamentals

    3: Understand the wisdom of crowds

    4: Identify insights and team feedback

    1: Understand product management fundamentals

    2: The critical role of the product owner

    3: Manage effective product backlogs and roadmaps

    4: Identify insights and team feedback

    1: Identify your product roadmapping pains

    2: The six "tools" of product roadmapping

    3: Product roadmapping exercise

    Organizations often struggle with numerous pain points around Agile delivery.
    The Common Agile Challenges Survey results will help you identify and prioritize the organization's biggest (most cited) pain points. Treat these pain points like a backlog and address the biggest ones first.

    Agile modules provide supporting activities:

    Each module provides guidance and supporting activities related to a specific Agile challenge from your survey. These modules can be arranged to meet each organization's or team's needs while providing cohesive and consistent messaging. For additional supporting research, please visit the Agile / DevOps Resource Center.

    This phase involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Product Roadmapping

    Create effective product roadmaps

    Activities

    Roadmapping 1.1 Identify your product roadmapping pains
    Roadmapping 1.2 The six "tools" of product roadmapping
    Roadmapping 1.3 Product roadmapping exercise

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand product management fundamentals
    • Understand the six "tools" of roadmapping and how to use them

    Roadmapping Exercise 1.1: Tell us what product management means to you and how it differs from a project orientation

    10-15 minutes

    1. Share your current understanding of product management.
    What is product management, and how does it differ from a project orientation?

    Output

    • Your current understanding of product management and its benefits

    Participants

    • PMs, Pos, and SMs
    • Delivery managers
    • Delivery teams
    • Business stakeholders
    • Senior leaders
    • Other interested parties

    Definition of terms

    Project

    "A temporary endeavor undertaken to create a unique product, service, or result. The temporary nature of projects indicates a beginning and an end to the project work or a phase of the project work. Projects can stand alone or be part of a program or portfolio."

    – PMBOK, PMI

    Product

    "A tangible solution, tool, or service (physical or digital) that enables the long-term and evolving delivery of value to customers and stakeholders based on business and user requirements."
    Deliver on Your Digital Product Vision,
    Info-Tech Research Group

    Info-Tech Insight

    Any proper definition of product recognizes that they are long-term endeavors that don't end after the project finishes. Because of this, products need well thought out roadmaps.

    Deliver Digital Products at Scale via Enterprise Product Families

    Match your product management role definitions to your product family levels

    Product ownership exists at the different operational tiers or levels in your product hierarchy. This does not imply or require a management relationship.

    Product Portfolio
    Groups of product families within an overall value stream or capability grouping.
    Product Portfolio Manager

    Product Family
    A collection of related products. Products can be grouped along architectural, functional, operational, or experiential patterns.
    Product Family Manager

    Product
    Single product composed of one or more applications and services.
    Product Owner

    Info-Tech Insight

    The primary role conflict occurs when the product owner is a proxy for stakeholders or responsible for the delivery team. The product owner owns the product backlog. The delivery team owns the sprint backlog and delivery.

    Roadmapping Exercise 1.2 (Optional): Define "product" in your context*

    15-30 minutes

    1. Discuss what "product" means in your organization.
    2. Create a common, enterprise definition for "product."

    For example,

    • An application, platform, or application family.
    • Discrete items that deliver value to a user/customer.

    Capture your organization's definition of product:

    * For more on Product Management see Deliver on Your Digital Product Vision

    Output

    • Your enterprise/ organizational definition of products and services.

    Participants

    • PMs, Pos, and SMs
    • Delivery managers
    • Delivery teams
    • Business stakeholders
    • Senior leaders
    • Other interested parties

    Product Roadmapping

    Create effective product roadmaps

    Activities

    The six "tools" of product roadmapping

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand product management fundamentals
    • Understand the six "tools" of roadmapping and how to use them

    The six "tools" of product roadmapping

    the 6 tools of product roadmapping: Vision; Goals; Strategy; Roadmap; Backlog; Release Plan.

    Product Roadmapping

    Create effective product roadmaps

    Activities

    Roadmapping 3.1 Product roadmapping exercise
    Roadmapping 3.2 Identify key insights and takeaways
    Roadmapping 3.3 Perform an exit survey

    This step involves the following participants:

    • Product owners, product managers, and scrum masters
    • Delivery managers and senior leaders
    • Stakeholders and delivery teams

    Outcomes of this step

    • Understand product management fundamentals
    • Understand the six "tools" of roadmapping and how to use them

    Roadmapping Exercise 1.2 (Optional): Define "product" in your context*

    30 minutes

    1. As a team, read through the exercise back story below:

    The city of Binbetter is a picturesque place that is sadly in decline because local industry jobs are slowly relocating elsewhere. So, the local government has decided to do something to reinvigorate the city. Binbetter City Council has set aside money and a parcel of land they would like to develop into a venue that will attract visitors and generate revenue for the city.

    Your team was hired to develop the site, and you have already spent time with city representatives to create a vision, goals and strategy for building out this venue (captured on the following slides). The city doesn't want to wait until the entire venue is completed before it opens to visitors, and so you have been instructed to build it incrementally in order to bring in much needed revenue as soon as possible.

    Using the vision, goals, and strategy you have created, your team will need to plan out the build (i.e. create a roadmap and release plan for which parts of the venue to build and in which order). You can assume that visitors will come to the venue after your "Release 1", even while the rest is still under construction. Select one member of your team to be designated as the product owner. The entire team will work together to consider options and agree on a roadmap/release plan, but the product owner will be the ultimate decision-maker.

    * Adapted from Rautiainen et al, Toward Agile Product and Portfolio Management, 2015

    Output

    • Practical understanding of how to apply the six tools of product roadmapping.

    Participants

    • PMs, Pos, and SMs
    • Delivery managers
    • Delivery teams
    • Business stakeholders
    • Senior leaders
    • Other interested parties

    Roadmapping Exercise 3.1: Continued

    1. As a team, review vision, goal, and strategy:
      • Is this a "good" vision statement, and if so, why?
      • Does it live up to its definition of being: "notional and inspirational, while also calling out key guidance and constraints"?
      • Does it help you to rule in/out options for the Product?
      • e.g. Would a parking lot fit the vision?
      • What about a bunch of condominiums?
      • What about a theme park?

    Vision, Goals, and Strategy

    Product Vision: Create an architecturally significant venue that will attract both locals and tourists while also generating revenue for the city

    Roadmapping Exercise 3.1: Continued

    1. As a team, review vision, goal, and strategy:

    Vision, Goals, and Strategy

    Product Vision: Create an architecturally significant venue that will attract both locals and tourists while also generating revenue for the city

    An image of a Château-style Hotel (left) and a Gothic-style Cathedral (right)

    Goals: The venue will include a Château-style Hotel, Gothic-style Cathedral, and a Monument dedicated to the city's founder, Ivy Binbetter.

    Strategy: Develop the venue incrementally, focusing on the highest value elements first (prioritizing both usages by visitors and revenue generation).

    Roadmapping Exercise 3.1: Continued

    1. As a team, review the following exercise rules:
    • Your construction team has told you that they can divide the structures into 17 "equal" components (see below)
    • Each component will require about the same amount of time and resources to complete
    • You can ask the team to build these components in any order and temporary roofs can be built for components that are not at the top of a "stack" (e.g. you can build C3 without having to build C4 and C5 at the same time)
    • However, you cannot build the tops of any buildings first (e.g. don't build M3 until M2 and M1 are in place)

    An image of the chateau hotel and the Gothic Cathedral from the previous slide, broken down into 7 parts each

    Roadmapping Exercise 3.1: Continued

    1. As a team, review vision, goal, and strategy:
      • The city has asked you to decide on your "Release 1 MVP" and has limited you to selecting between 4 and 8 components for this MVP (fewer components = earlier opening date).
      • As a team, work together to decide which components will be in your MVP (remember, the PO makes the ultimate decision).
      • Drag your (4-8) selected MVP components over from the right and assemble them below (and explain your reasoning for your MVP selections):

    Release 1 (MVP)

    Vision, Goals, and Strategy

    Product Vision: Create an architecturally significant venue that will attract both locals and tourists while also generating revenue for the city

    Goals: The venue will include a Château-style Hotel, Gothic-style Cathedral, and a Monument dedicated to the city's founder, Ivy Binbetter.

    Strategy: Develop the venue incrementally, focusing on the highest value elements first (prioritizing both usages by visitors and revenue generation).

    An image of the chateau hotel and the Gothic Cathedral from the previous slide, broken down into 7 parts each

    Roadmapping Exercise 3.1: Continued
    (magnified venue)

    An image of the chateau hotel and the Gothic Cathedral from the previous slide, broken down into 7 parts each

    Roadmapping Exercise 3.1: Continued

    1. As a team, decide the rest of your roadmap:
      • The city has asked you to decide on the remainder of your roadmap
      • They have limited you to selecting between 2 and 4 components for each additional release (drag your selected component into each release below):
    Release 2 Release 3 Release 4 Release 5

    Vision, Goals, and Strategy

    Product Vision: Create an architecturally significant venue that will attract both locals and tourists while also generating revenue for the city

    Goals: The venue will include a Château-style Hotel, Gothic-style Cathedral, and a Monument dedicated to the city's founder, Ivy Binbetter.

    Strategy: Develop the venue incrementally, focusing on the highest value elements first (prioritizing both usages by visitors and revenue generation).

    An image of the chateau hotel and the Gothic Cathedral from the previous slide, broken down into 7 parts each

    Roadmapping Exercise 3.1: Continued

    Roadmap, Release Plan and Backlog

    an example roadmap plan; INCREASING: Priority; Requirements detail; Estimate accuracy; Level of commitment.

    Vision, Goals, and Strategy

    Product Vision: Create an architecturally significant venue that will attract both locals and tourists while also generating revenue for the city

    Goals: The venue will include a Château-style Hotel, Gothic-style Cathedral, and a Monument dedicated to the city's founder, Ivy Binbetter.

    Strategy: Develop the venue incrementally, focusing on the highest value elements first (prioritizing both usages by visitors and revenue generation).

    An image of the chateau hotel and the Gothic Cathedral from the previous slide, broken down into 7 parts each

    Roadmapping Exercise 3.2:
    Identify key insights and takeaways

    15 minutes

    1. As a group, discuss and capture your thoughts on:
      1. What key insights have participants gained from the product roadmapping module?
      2. What if any takeaways do participants feel are needed as a result of the module?
      3. What changes need to be made in the organization to support/enhance Agile adoption?
    2. Capture your findings in the table below:
    What key insights have you gained?What takeaways have you identified?
    • (e.g. better understanding of Agile mindset, principles, and practices)
    • (e.g. how you can improve/spread Agile practices in the organization)

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Roadmapping Exercise 3.3
    Perform an exit survey

    30 minutes

    1. Wrap up this section by addressing any remaining questions participants still have.
    2. Create your local exit survey by copying the template using the link below. Then copy and distribute your local survey link.
    3. Collect the consolidated survey results in preparation for your next steps.
    4. NOTE: Using this survey template requires having access to Microsoft Forms. If you cannot access Microsoft Forms, an Info-Tech analyst can send the survey for you. Alternatively, this survey can be done with sticky notes and a pen and paper to calculate the outcomes.

    Download Survey Template:

    Develop Your Agile Approach Exit Survey Template

    Output

    • A better understanding of Agile principles and practices
    • Action items that will help solidify Agile practices in the organization

    Participants

    • Product owners, product managers, and scrum masters
    • Delivery managers
    • Delivery teams
    • Stakeholders
    • Senior leaders

    Appendix

    Additional research to start your journey

    Related Info-Tech Research

    Mentoring for Agile Teams

    • Get practical help and guidance on your Agile transformation journey.

    Implement DevOps Practices That Work

    • Streamline business value delivery through the strategic adoption of DevOps practices.

    Deliver on Your Digital Product Vision

    • Build a product vision your organization can take from strategy through execution.

    Deliver Digital Products at Scale

    • Deliver value at the scale of your organization through defining enterprise product families.

    Bibliography

    "Agile Estimation Practice." DZone.com, 13 May 2013. Web.
    "Announcing DORA 2021 Accelerate State of DevOps Report." Google Cloud Blog. Accessed 8 Nov. 2022.
    "Are Your IT Strategy and Business Strategy Aligned?" 5Q Partners, 8 Jan. 2015. Accessed Oct. 2016.
    A, Karen. "20 Mental Models for Product Managers." Medium, Product Management Insider, 2 Aug. 2018 . Web.
    ADAMS, PAUL. "Product Teams: How to Build & Structure Product Teams for Growth." Inside Intercom, 30 Oct. 2019. Web.
    Agile Alliance. "Product Owner." Agile Alliance. n.d. Web.
    Ambysoft. "2018 IT Project Success Rates Survey Results." Ambysoft. 2018. Web.
    Banfield, Richard, et al. "On-Demand Webinar: Strategies for Scaling Your (Growing) Enterprise Product Team." Pluralsight, 31 Jan. 2018. Web.
    Bloch, Michael, Sven Blumberg, and Jurgen Laartz. "Delivering Large-Scale IT Projects on Time, on Budget, and on Value." McKinsey & Company, October 2012.
    Blueprint. "10 Ways Requirements Can Sabotage Your Projects Right From the Start." Blueprint. 2012. Web.
    Boehm, Barry W. Software Engineering Economics. New Jersey: Prentice Hall, 1981.
    Breddels, Dajo, and Paul Kuijten. "Product Owner Value Game." Agile2015 Conference. 2015. Web.
    Cagan, Martin. "Behind Every Great Product." Silicon Valley Product Group. 2005. Web.
    "Chaos Report 2015." The Standish Group, 2015. Accessed 29 July 2022.
    Cohn, Mike. Succeeding With Agile: Software Development Using Scrum. Addison-Wesley. 2010. Web.
    Connellan, Thomas K. Inside the Magic Kingdom, Bard Press, 1997. Print.
    Dyba, Tore, and Torgeir Dingsøyr. "Empirical Studies of Agile Software Development: A Systematic Review." Elsevier, ScienceDirect. 24 Jan. 2008. Web.
    "How do you define a product?" Scrum.org. 4 Apr 2017, Web
    EDUCAUSE. "Aligning IT Funding Models to the Pace of Technology Change." EDUCAUSE. 14 Dec. 2015. Web.
    Eick, Stephen. "Does Code Decay? Assessing the Evidence from Change Management Data." IEEE Transactions on Software Engineering, vol. 27, no. 1, Jan. 2001, pp. 1-12. Web.
    "Enablers." Scaled Agile. n.d. Web.
    "Epic." Scaled Agile. n.d. Web.
    Eringa, Ron. "Evolution of the Product Owner." RonEringa.com. 12 June 2016. Web.
    Fernandes, Thaisa. "Spotify Squad Framework - Part I." Medium.com. 6 Mar. 2017. Web.
    Fowler, Martin. "Application Boundary." MartinFowler.com. 11 Sept. 2003. Web. 20 Nov. 2017.
    Galen, Robert. "Measuring Technical Product Managership – What Does 'Good' Look Like ...." RGalen Consulting. 5 Aug. 2015. Web.
    Hackshall, Robin. "Product Backlog Refinement." Scrum Alliance. 9 Oct. 2014. Web. Feb. 2019.
    Halisky, Merland, and Luke Lackrone. "The Product Owner's Universe." Agile Alliance, Agile2016. 2016. Web.
    Kamer, Jurriaan. "How to Build Your Own 'Spotify Model'." Medium.com. 9 Feb. 2018. Web.
    Karlsson, Johan. "Backlog Grooming: Must-Know Tips for High-Value Products." Perforce. 18 May 2018. Web. Feb. 2019.
    Lindstrom, Lowell. "7 Skills You Need to Be a Great Product Owner." Scrum Alliance. n.d. Web.
    Lawrence, Richard, and Peter Green. "The Humanizing Work Guide to Splitting User Stories." Humanizing Work, 22 Oct. 2020. Web.
    Leffingwell, Dean. "SAFe 5.0." Scaled Agile Inc. 2021. Web. Feb. 2021.
    Lucero, Mario. "Product Backlog – Deep Model." Agilelucero. 8 Oct. 2014. Web.
    Lukassen, Chris. "The Five Belts Of The Product Owner." Xebia.com. 20 Sept. 2016. Web.
    Management 3.0. "Delegation Poker Product Image." Management 3.0. n.d. Web.
    McCloskey, Heather. "Scaling Product Management: Secrets to Defeating Common Challenges." Scaling Product Management: Secrets to Defeating Common Challenges, ProductPlan, 12 July 2019 . Web.
    McCloskey, Heather. "When and How to Scale Your Product Team." UserVoice Blog, UserVoice, 21 Feb. 2017 . Web.
    Medium.com. "Exploring Key Elements of Spotify's Agile Scaling Model." Medium.com. 23 July 2018. Web.
    Mironov, Rich. "Scaling Up Product Manager/Owner Teams: - Rich Mironov's Product Bytes." Rich Mironov's Product Bytes, Mironov Consulting, 12 Apr. 2014 . Web.
    "Most Agile Transformations Will Fail." Vitality Chicago Inc., 24 Jan. 2019.
    Overeem, Barry. "A Product Owner Self-Assessment." Barry Overeem. 6 Mar. 2017. Web.
    Overeem, Barry. "Retrospective: Using the Team Radar." Barry Overeem. 27 Feb. 2017. Web.
    "PI Planning." Scaled Agile. n.d. Web.
    "PI Planning."SAFe. 2020.
    Pichler, Roman. "How to Scale the Scrum Product Owner." Roman Pichler, 28 June 2016 . Web.
    Pichler, Roman. "Product Management Framework." Pichler Consulting Limited. 2014. Web.
    Pichler, Roman. "Sprint Planning Tips for Technical Product Managers." LinkedIn. 4 Sept. 2018. Web.
    Pichler, Roman. "What Is Product Management?" Pichler Consulting Limited. 26 Nov. 2014. Web.
    Project Management Institute. A Guide to the Project Management Body of Knowledge (PMBOK Guide). 7th ed., Project Management Institute, 2021.
    Radigan, Dan. "Putting the 'Flow' Back in Workflow With WIP Limits." Atlassian. n.d. Web.
    Royce, Dr. Winston W. "Managing the Development of Large Software Systems." Scf.usc.edu. 1970. Web.
    Schuurman, Robbin. "10 Tips for Technical Product Managers on Agile Product Management." Scrum.org. 28 Nov. 2017. Web.
    Schuurman, Robbin. "10 Tips for Technical Product Managers on (Business) Value." Scrum.org. 30 Nov. 2017. Web.
    Schuurman, Robbin. "10 Tips for Technical Product Managers on Product Backlog Management." Scrum.org. 5 Dec. 2017. Web.
    Schuurman, Robbin. "10 Tips for Technical Product Managers on the Product Vision." Scrum.org. 29 Nov. 2017. Web.
    Schuurman, Robbin. "Tips for Starting Technical Product Managers." Scrum.org. 27 Nov. 2017. Web.
    Sharma, Rohit. "Scaling Product Teams the Structured Way." Monetary Musings, Monetary Musings, 28 Nov. 2016 . Web.
    STEINER, ANNE. "Start to Scale Your Product Management: Multiple Teams Working on Single Product." Cprime, Cprime, 6 Aug. 2019 . Web.
    Shirazi, Reza. "Betsy Stockdale of Seilevel: Product Managers Are Not Afraid To Be Wrong." Austin VOP #50. 2 Oct. 2018. Web.
    Standish Group, The. "The Standish Group 2015 Chaos Report." The Standish Group. 2015. Web.
    Theus, Andre. "When Should You Scale the Product Management Team?" When Should You Scale the Product Management Team?, ProductPlan, 7 May 2019 . Web.
    Todaro, Dave. "Splitting Epics and User Stories." Ascendle. n.d. Web. Feb. 2019.
    Tolonen, Arto. "Scaling Product Management in a Single Product Company." Smartly.io - Digital Advertising Made Easy, Effective, and Enjoyable, Smartly.io, 26 Apr. 2018 . Web.
    Ulrich, Catherine. "The 6 Types of Product Managers. Which One Do You Need?" Medium.com. 19 Dec. 2017. Web.
    Vähäniitty, J. et al. "Chapter 7: Agile Product Management" in Towards Agile Product and Portfolio Management. Aalto University Software Process Research Group, 2010.
    VersionOne. "12th Annual State of Agile Report." VersionOne. 9 April 2018. Web.
    Verwijs, Christiaan. "Retrospective: Do The Team Radar." Medium.com. 10 Feb. 2017. Web.
    "Why Agile Fails Because of Corporate Culture - DZone Agile." Dzone.Com. Accessed 31 Aug. 2021.

    page 1 of the appendix
    page 2 of the appendix
    page 3 of the appendix
    page 4 of the appendix

    Cultural advantages of Agile

    Collaboration

    Team members leverage all their experience working towards a common goal.

    Iterations

    Cycles provide opportunities for more product feedback.

    Prioritization

    The most important needs are addressed in the current iteration.

    Continual Improvement

    Self-managing teams continually improve their approach for next iteration.

    A backlog stores and organizes PBIs at various stages of readiness

    A well-formed backlog can be thought of as a DEEP backlog:

    • Detailed Appropriately: Product backlog items (PBIs) are broken down and refined as necessary.
    • Emergent: The backlog grows and evolves over time as PBIs are added and removed.
    • Estimated: The effort a PBI requires is estimated at each tier.
    • Prioritized: The PBIs value and priority are determined at each tier.

    (Perforce, 2018)

    Info-Tech Best Practice

    Don't fully elaborate all of your PBIs at the beginning of the project instead, make sure they are elaborated "just in time." (Keep no more than 2 or 3 sprints worth of user stories in the Ready state.)

    An image showing the Ideas; Qualified; Ready; funnel leading to the sprint aproach.

    Scrum versus Kanban: Key differences

    page 6 of the appendix

    Scrum versus Kanban: When to use each

    Scrum: Delivering related or grouped changes in fixed time intervals.

    • Coordinating the development or release of related items
    • Maturing a product or service
    • Interdependencies between work items

    Kanban: Delivering independent items as soon as each is ready.

    • Work items from ticketing or individual requests
    • Completing independent changes
    • Releasing changes as soon as possible

    Develop an adaptive governance process

    page 7 of the appendix

    Five key principles for building an adaptive governance framework

    Delegate and Empower

    Decision making must be delegated down within the organization, and all resources must be empowered and supported to make effective decisions.

    Define Outcomes

    Outcomes and goals must be clearly articulated and understood across the organization to ensure decisions are in line and stay within reasonable boundaries.

    Make Risk informed decisions

    Integrated risk information must be available with sufficient data to support decision making and design approaches at all levels of the organization.

    Embed / Automate

    Governance standards and activities need to be embedded in processes and practices. Optimal governance reduces its manual footprint while remaining viable. This also allows for more dynamic adaptation.

    Establish standards and behavior

    Standards and policies need to be defined as the foundation for embedding governance practices organizationally. These guardrails will create boundaries to reinforce delegated decision making.

    Maturing governance is a journey

    Organizations should look to progress in their governance stages. Ad-Hoc, and controlled governance tends to be slow, expensive, and a poor fit for modern practices.

    The goal as you progress in your stages is to delegate governance and empower teams to make optimal decisions in real-time, knowing that they are aligned with the understood best interests of the organization.

    Automate governance for optimal velocity, while mitigating risks and driving value.

    This puts your organization in the best position to be adaptive and able to react effectively to volatility and uncertainty.

    page 8 of the appendix

    Business value is a key component to driving better decision making

    Better Decisions

    • Team Engagement
    • Frequent Delivery
    • Stakeholder Input
    • Market Analysis
    • Articulating Business Value
    • Focus on Business Needs

    Facilitation Planning Tool

    • Double-click the embedded Excel workbook to select and plan your exercises and timing.
    • Place or remove the "X" in the "Add to Agenda" column to add it to the workshop agenda and duration estimate.
    • Verify the exercise and step timing estimates from the blueprint provided on the "Detailed Workshop Planner" in columns C-F and adjust based on your facilitation and intended audience.

    an image of the Facilitation Planning Tool

    Appendix:
    SDLC transformation steps

    Waterfall SDLC: Valuable product delivered at the end of an extended project lifecycle, frequently in years

    Page 1 of the SDLC Appendix.

    • Business separated from delivery of technology it needs, only one third of product is actually valuable (Info-Tech, N=40,000).
    • In Waterfall, a team of experts in specific disciplines hand off different aspects of the lifecycle.
    • Document signoffs are required to ensure integration between silos (Business, Dev, and Ops) and individuals.
    • A separate change request process lays over the entire lifecycle to prevent changes from disrupting delivery.
    • Tools are deployed to support a specific role (e.g. BA) and seldom integrated (usually requirements <-> test).

    Wagile/Agifall/WaterScrumFall SDLC: Valuable product delivered in multiple releases

    Page 2 of the SDLC Appendix.

    • Business is more closely integrated by a business product owner accountable for day-to-day delivery of value for users.
    • The team collaborates and develops cross-functional skills as they define, design, build, and test code over time.
    • Signoffs are reduced but documentation is still focused on satisfying project delivery and operations policy requirements.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Tools start to be integrated to streamline delivery (usually requirements and Agile work management tools).

    Agile SDLC: Valuable product delivered iteratively; frequency depends on Ops' capacity

    Page 3 of the SDLC Appendix.

    • Business users are closely integrated through regularly scheduled demos (e.g. every two weeks).
    • Team is fully cross-functional and collaboratesto plan, define, design, build, and test the code supported by specialists.
    • Documentation is focused on future development and operations needs.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Explore automation for application development (e.g. automated regression testing).

    Agile with DevOps SDLC: High frequency iterative delivery of valuable product (e.g. every two weeks)

    Page 4 of the SDLC Appendix.

    • Business users are closely integrated through regularly scheduled demos.
    • Dev and ops teams collaborate to plan, define, design, build, test, and deploy code supported by automation.
    • Documentation is focused on supporting users, future changes, and operational support.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Build, test, deploy is fully automated (service desk is still separated).

    DevOps SDLC: Continuous integration and delivery

    Page 5 of the SDLC Appendix.

    • Business users are closely integrated through regularly scheduled demos.
    • Fully integrated DevOps team collaborates to plan, define, design, build, test, deploy, and maintain code.
    • Documentation Is focused on future development and use adoption.
    • Change is built into the process to allow the team to respond to change dynamically.
    • Fully integrated development and operations toolchain.

    Fully integrated product SDLC: Agile + DevOps + continuous delivery of valuable product on demand

    Page 6 of the SDLC Appendix.

    • Business users are fully integrated with the teams through dedicated business product owner.
    • Cross-functional teams collaborate across the business and technical life of the product.
    • Documentation supports internal and external needs (business, users, Ops).
    • Change is built into the process to allow the team to respond to change dynamically.
    • Fully integrated toolchain (including service desk).

    Document Business Goals and Capabilities for Your IT Strategy

    • Buy Link or Shortcode: {j2store}77|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • As a strategic driver, IT needs to work with the business. Yet, traditionally IT has not worked hand-in-hand with the business. IT does not know what information it needs from the business to execute on its initiatives.
    • A faster time to new investment decisions mean that IT needs a repeatable and efficient process to understand what the business needs.
    • CIOs must execute strategic initiatives to create an IT function that can support the business. Most CIOs fail because of low business support.

    Our Advice

    Critical Insight

    • Understanding the business context is a must for all strategic IT initiatives. At its core, each strategic IT project requires answers to a specific set of questions regarding the business.
    • An effective CIO understands which part of the business context applies to which strategic IT project and, in turn, what questions to ask to uncover those insights.

    Impact and Result

    • Uncover what IT knows and needs to know about the business context. This is a necessary first step to begin each of Info-Tech’s strategic IT initiatives, which any CIO should complete.
    • Conduct efficient and repeatable business context discovery activities to uncover business context gaps.
    • Document the business context you have uncovered and streamline the process for executing on Info-Tech’s strategic CIO blueprints.

    Document Business Goals and Capabilities for Your IT Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should define the business context, review Info-Tech’s methodology, and understand how we can support you in completing key CIO strategic initiatives.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and document the business needs of the organization

    Define the business context needed to complete strategic IT initiatives.

    • Document Business Goals and Capabilities for Your IT Strategy – Storyboard
    • Business Context Discovery Tool
    • Business Context Discovery Record Template
    • PESTLE Analysis Template
    • Strategy Alignment Map Template
    [infographic]

    Workshop: Document Business Goals and Capabilities for Your IT Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify the Missing Business Context (pre-work)

    The Purpose

    Conduct analysis and facilitate discussions to uncover business needs for IT.

    Key Benefits Achieved

    A baseline understanding of what business needs mean for IT

    Activities

    1.1 Define the strategic CIO initiatives our organization will pursue.

    1.2 Complete the Business Context Discovery Tool.

    1.3 Schedule relevant interviews.

    1.4 Select relevant Info-Tech diagnostics to conduct.

    Outputs

    Business context scope

    Completed Business Context Discovery Tool

    Completed Info-Tech diagnostics

    2 Uncover and Document the Missing Context

    The Purpose

    Analyze the outputs from step 1 and uncover the business context gaps.

    Key Benefits Achieved

    A thorough understanding of business needs and why IT should pursue certain initiatives

    Activities

    2.1 Conduct group or one-on-one interviews to identify the missing pieces of the business context.

    Outputs

    Documentation of answers to business context gaps

    3 Uncover and Document the Missing Context

    The Purpose

    Analyze the outputs from step 1 and uncover the business context gaps.

    Key Benefits Achieved

    A thorough understanding of business needs and why IT should pursue certain initiatives

    Activities

    3.1 Conduct group or one-on-one interviews to identify the missing pieces of the business context.

    Outputs

    Documentation of answers to business context gaps

    4 Review Business Context and Next Steps

    The Purpose

    Review findings and implications for IT’s strategic initiative.

    Key Benefits Achieved

    A thorough understanding of business needs and how IT’s strategic initiatives addresses those needs

    Activities

    4.1 Review documented business context with IT team.

    4.2 Discuss next steps for strategic CIO initiative execution.

    Outputs

    Finalized version of the business context

    Build Your IT Cost Optimization Roadmap

    • Buy Link or Shortcode: {j2store}72|cart{/j2store}
    • member rating overall impact (scale of 10): 8.9/10 Overall Impact
    • member rating average dollars saved: $57,297 Average $ Saved
    • member rating average days saved: 7 Average Days Saved
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management

    Cost optimization is misunderstood and inadequately tackled. IT departments face:

    • Top-down budget cuts within a narrow time frame
    • Absence of adequate governance: financial, project, data, etc.
    • Long-standing bureaucratic practices slowing down progress
    • Short-term thinking

    Our Advice

    Critical Insight

    Cost optimization is not just about reducing costs. In fact, you should aim to achieve three objectives:

    • Reduce your unwarranted IT spending.
    • Optimize your cost-to-value.
    • Sustain your cost optimization.

    Impact and Result

    • Follow Info-Tech’s approach to develop a 12-month cost optimization roadmap.
    • Develop an IT cost optimization strategy based on your specific circumstances and timeline.
    • Info-Tech’s methodology helps you maintain sustainable cost optimization across IT by focusing on four levers: assets, vendors, project portfolio, and workforce.

    Build Your IT Cost Optimization Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. IT Cost Optimization Roadmap Deck – A step-by-step methodology to achieve sustainable cost optimization and effectively communicate your strategy to stakeholders.

    This blueprint will help you understand your IT cost optimization mandate, identify your journey, assess your IT spend across four levers, develop your IT cost optimization roadmap, and craft a related communication strategy.

    • Build Your IT Cost Optimization Roadmap – Phases 1-4

    2. IT Cost Optimization Workbook – A structured tool to help you document your IT cost optimization goals and outline related initiatives to develop an effective 12-month roadmap.

    This tool guides an IT department in planning and prioritization activities to build an effective IT cost optimization strategy. The outputs include visual charts and a 12-month roadmap to showcase the implementation timelines and potential cost savings.

    • IT Cost Optimization Workbook

    3. IT Cost Optimization Roadmap Samples and Templates – A proactive journey template to help you communicate your IT cost optimization strategy to stakeholders in a clear, concise, and compelling manner.

    This presentation template uses sample data from "Acme Corp" to demonstrate an IT cost optimization strategy following a proactive journey. Use this template to document your final IT cost optimization strategy outputs, including the adopted journey, IT cost optimization goals, related key initiatives, potential cost savings, timelines, and 12-month roadmap.

    • IT Cost Optimization Roadmap Samples and Templates

    Infographic

    Workshop: Build Your IT Cost Optimization Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Your Mandate & Objectives

    The Purpose

    Determine your organization’s current context and its cost optimization objectives, IT’s corresponding cost optimization journey, and goals.

    Key Benefits Achieved

    A business-aligned set of specific IT cost optimization goals.

    Activities

    1.1 Understand your organization’s cost optimization objectives and how this impacts IT.

    1.2 Review potential cost optimization target areas based on your ITFM Benchmarking Report.

    1.3 Identify factors constraining cost optimization options.

    1.4 Set concrete IT cost optimization goals.

    1.5 Identify inputs required for decision making.

    Outputs

    IT cost optimization journey and guiding principles for making corresponding decisions

    2 Outline Initiatives for Vendors & Assets

    The Purpose

    Create a longlist of potential cost optimization initiatives focused on two cost optimization levers: assets and vendors.

    Key Benefits Achieved

    A comprehensive list of potential asset- and vendor-focused initiatives including cost savings estimates.

    Activities

    2.1 Identify a longlist of possible initiatives around asset lifecycle management, investment deferral, repurposing, etc., and vendor contract renegotiation, cancelation, etc.

    2.2 Estimate the cost savings of cost optimization initiatives.

    Outputs

    Longlist of potential vendor management and asset optimization IT cost optimization initiatives

    3 Outline Initiatives for Projects & Workforce

    The Purpose

    Create a longlist of potential cost optimization initiatives focused on two cost optimization levers: project portfolio and workforce.

    Key Benefits Achieved

    A comprehensive list of potential initiatives focused on project portfolio and workforce including cost savings estimates.

    Activities

    3.1 Identify a longlist of possible initiatives around project priorities, project backlog reduction, project intake restructuring, etc., and workforce productivity, skills, redeployment, etc.

    3.2 Estimate the cost savings of cost optimization initiatives.

    Outputs

    Longlist of possible cost optimization initiatives and their potential cost savings for project portfolio and workforce levers.

    4 Build an IT Cost Optimization Roadmap

    The Purpose

    Develop a visual IT cost optimization roadmap.

    Key Benefits Achieved

    A prioritized, business-aligned IT cost optimization roadmap

    Activities

    4.1 Assess feasibility of each initiative (effort and risk profile) given cost optimization goals.

    4.2 Prioritize cost optimization initiatives to create a final shortlist.

    4.3 Fine-tune key information about your final cost optimization initiatives and develop a cost optimization roadmap for proposal.

    Outputs

    Prioritized list of key cost optimization initiatives, descriptions, estimated impact, and roadmap.

    5 Communicate & Execute

    The Purpose

    Develop a communication plan and executive presentation.

    Key Benefits Achieved

    A boardroom-ready set of communication materials for gaining buy-in and support for your IT cost optimization roadmap.

    Activities

    5.1 Outline components of a communication plan, including approvers, stakeholders, and governance and management mechanisms to be used.

    5.2 Create an executive presentation.

    5.3 Set up review time for workshop deliverables and post-workshop activities.

    Outputs

    IT cost optimization communication plan and presentation strategy.

    IT Cost Optimization Executive Presentation

    Further reading

    Build Your IT Cost Optimization Roadmap

    Improve cost-to-value in a sustainable manner.

    Analyst Perspective

    Optimize your cost sustainably.

    Whether the industry is in an economic downturn, or your business is facing headwinds in the market, pressure to reduce spending across organizations is inevitable. When it comes to the IT organization, it is often handled as a onetime event. Cost optimization is an industry standard term, but it usually translates into cost cutting. How do you manage this challenge given the day-to-day demands placed on IT? Do you apply cost reduction equally across the IT landscape, or do you apply reductions using a targeted approach? How do you balance the business demands regarding innovation with keeping the lights on? What is the best path forward?

    While the situation isn't unique, all too often the IT organization response is too shortsighted.

    By using the Info-Tech methodology and tools, you will be able to develop an IT cost optimization roadmap based on your specific circumstances and timeline.

    A well-thought-out strategy should help you achieve three objectives:

    1. Reduce your unwarranted IT spending.
    2. Optimize your cost-to-value.
    3. Sustain your cost optimization.

    This blueprint will guide you to understand your mandate, identify your cost optimization journey (reactive, proactive, or strategic), and assess your IT spend across four levers (assets, vendors, project portfolio, and workforce).

    Finally, keep in mind that cost optimization is not a project to be completed, but an ongoing process to be exercised.

    Bilal Alberto Saab, Research Director, IT Financial Management

    Bilal Alberto Saab
    Research Director, IT Financial Management
    Info-Tech Research Group

    Executive Summary

    Cost optimization is misunderstood and inadequately tackled Common obstacles Follow Info-Tech's approach to develop a 12-month cost optimization roadmap
    • Top-down budget cut within a narrow time frame.
    • Absence of adequate governance: financial, project, data, etc.
    • Long-standing bureaucratic practices slowing down progress.
    • Short-term thinking.
    • Lack of alignment and collaboration among stakeholders: communication and relationships.
    • Absence of a clear plan and adequate process.
    • Lack of knowledge, expertise, and skill set.
    • Inadequate funding and no financial transparency.
    • Poor change management practices.

    Develop an IT cost optimization strategy based on your specific circumstances and timeline.

    Info-Tech's methodology helps you maintain sustainable cost optimization across IT by focusing on four levers:

    1. Assets
    2. Vendors
    3. Project Portfolio
    4. Workforce

    Info-Tech Insight
    Cost optimization is not just about reducing costs. In fact, you should aim to achieve three objectives: (1) reduce your unwarranted IT spending, (2) optimize your cost-to-value, and (3) sustain your cost optimization.

    Your challenge

    IT leaders are often asked to cut costs.

    • Cost management is a long-term challenge. Businesses and IT departments look to have a flexible cost structure focused on maximizing business value while maintaining the ability to adapt to market pressure. However, businesses must also be able to respond to unexpected events.
    • In times of economic downturn, many CEOs and CFOs shift their thinking from growth to value protection. This can force a round of cost cutting across all departments focused on short-term, immediate, and measurable objectives.
    • Many IT departments are then faced with the challenge of meeting cost cutting targets. No one knows exactly how markets will behave, but the effects of rising inflation and increasing interest rates, for example, can manifest very quickly.

    When crisis hits, does IT's hard-won gains around being seen as a partner to the business suddenly disappear and IT becomes just a cost center all over again?

    In times of economic slowdown or downturn, the key challenge of IT leaders is to optimize costs without jeopardizing their strategic and innovative contribution.

    Common obstacles

    The 90% of the budget you keep is more important than the 10% of the budget you cut.

    • While the business responds to fluctuating economic conditions, IT must ensure that its budget remains fully aligned with business strategy and expected business value.
    • However, in the face of sudden pressures, a common tendency is to make quick decisions without fully considering their long-term implications.
    • Avoid costly mistakes with a proactive and strategic mindset. Put in place a well-communicated cost optimization strategy rather than hastily cutting back the biggest line items in your budget.

    How can IT optimize costs to achieve a corporate impact, but not cut so deep that the organization can't take advantage of opportunities to recover and thrive?

    Know how you will strategically optimize IT costs before you are forced to cut cost aggressively in a reactive fashion.

    What is cost optimization?

    It's not just about cutting costs

    • While cost optimization may involve cutting costs, it is more about making smart spend and investment decisions.
    • At its core, cost optimization is a strategic decision-making process that sets out to minimize waste and get the most value for money.
    • Cost optimization encompasses near-term, mid-term, and long-term objectives, all of which are related and build upon one another. It is an accumulative practice, not a onetime exercise.
    • A sound cost optimization practice is inherently flexible, sustainable, and consequence-oriented with the positive goal of generating net benefit for the organization over time.

    Change your mindset ...

    An Info-Tech survey of IT staff reveals that while most agree that cost optimization is an important IT process, nearly 20% fewer of them agree that it's being managed well.

    Chart of cost optimization

    Info-Tech IT Management & Governance Diagnostic, 2022.

    A starting point for cost optimization improvement is adjusting your frame of mind. Know that it's not just about making difficult cuts - in reality, it's a creative pursuit that's about thriving in all circumstances, not just surviving.

    Slow revenue growth expectations generate urgency

    Many IT organizations will be directed to trim costs during turbulent times.

    • Cost optimization implies continuous cost management, which entails long-term strategic initiatives (i.e. organizations and their IT departments seek flexible cost structures and practices focused on maximizing business value while maintaining the ability to adapt to changes in the broader economic environment). However, organizations must also be able to respond to unexpected events.
    • During times of turmoil – poor economic outlook expected to negatively impact an organization's bottom line – CEOs and CFOs think more about survival than growth, driving cost cutting across all departments to create short-term, immediate, and measurable financial benefits.
    • In such situations, many IT departments will be hard-pressed to meet cost cutting targets at short notice. If not planned correctly, with a tunnel vision focus instead of a strategic one, you can end up hurting yourself in the not-so-distant future.

    Build Your IT Cost Optimization Roadmap

    Insight summary

    Sustain an optimal cost-to-value ratio across four levers:

    1. Assets
    2. Vendors
    3. Project Portfolio
    4. Workforce

    Cost optimization is not just about reducing costs

    In fact, you should aim to achieve three objectives:
    (1) reduce your unwarranted IT spending, (2) optimize your cost-to-value, and (3) sustain your cost optimization.

    Reduce unwarranted IT spending

    Stop the bleeding or go for quick wins
    Start by reducing waste and bad spending habits while clearly communicating your intentions to your stakeholders – get buy-in.

    Optimize cost-to-value

    Value means tradeoffs
    Pursue value but know that it will lead you to make tradeoffs between cost, performance, and risk.

    Sustain cost optimization

    Think about tomorrow: reduce, reuse, recalibrate, and repeat
    Standardize and automate your cost optimization processes around a proper governance framework. Cost optimization is not a onetime exercise.

    Info-Tech's methodology for building your IT cost optimization roadmap

    Phase 1: Understand Your Mandate & Objectives

    Know where you stand and where you're going.

    Understand your cost optimization mandate within the context of your organization's situation and direction.

    Phase 2: Outline Your Initiatives

    Evaluate many, pick a few.

    Think of all possible cost optimization initiatives across the four optimization levers (Assets, Vendors, Project Portfolio, and Workforce), but only keep the ones that best help you fulfill your goals.

    Phase 3: Develop Your Roadmap

    Keep one eye on today and the other on tomorrow.

    Prioritize cost optimization initiatives that would help you achieve your near-term objectives first, but don't forget about the medium and long term.

    Phase 4: Communicate and Execute

    Communicate and collaborate - you are not a one-person show.

    Reach out to other business units where necessary. Your success relies on getting buy-in from various stakeholders, especially when cost optimization initiatives impact them in one way or another.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    IT Cost Optimization Roadmap Samples and Templates
    Templates including an abbreviated executive presentation and a final communication presentation based on a 12-month cost optimization roadmap.

    IT Cost Optimization Workbook
    A workbook generating a 12-month cost optimization roadmap.

    Measure the value of this blueprint

    Maintain an optimal IT cost-to-organization revenue ratio.

    This blueprint will guide you to set cost optimization goals across one to three main objectives, depending on your identified journey (reactive, proactive, or strategic):

    • Reduce unwarranted IT spending.
    • Optimize cost-to value.
    • Sustain cost optimization.

    In phase 1 of this blueprint, we will help you establish your goals to satisfy your organization's needs.

    In phase 3, we will help you develop a game plan and a roadmap for achieving those metrics.

    Once you implement your 12-month roadmap, start tracking the metrics below over the next fiscal year (FY) to assess the effectiveness of undertaken measures.

    Cost Optimization Objective Key Success Metric
    Reduce unwarranted IT spending Decrease IT cost in identified key areas
    Optimize cost-to-value Decrease IT cost per IT employee
    Sustain cost optimization Decrease IT cost-to-organization revenue

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.
    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4
    Call #1:
    • Identify cost optimization scope requirements, objectives, and your specific challenges.
    • Review and assess cost optimization goals and objectives.
    Call #2:

    Review potential cost optimization initiatives for assets and vendors levers.

    Call #3:

    Assess cost optimization initiatives' cost and feasibility - for assets and vendors levers.

    Call #4:

    Review potential cost optimization initiatives for project portfolio and workforce levers.

    Call #5:

    Assess cost optimization initiatives' cost and feasibility - for project portfolio and workforce levers.

    Call #6:
    • Identify final decision criteria for cost optimization prioritization.
    • Review prioritized cost optimization initiatives and roadmap outputs.
    Call #7:
    • Review the Cost Optimization Communication Plan and IT Cost Optimization Executive Presentation.
    • Discuss next steps.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI will include multiple calls over the course of one to two months.

    IT cost analysis and optimization workshop overview

    Session 1 Session 2 Session 3 Session 4 Session 5
    Activities Understand Your Mandate and Objectives Outline Initiatives for Assets and Vendors Outline Initiatives for Projects and Workforce Develop an IT Cost Optimization Roadmap Communicate and Execute
    1.1 Understand your organization's cost optimization objectives and how this impacts IT.
    1.2 Review potential cost optimization target areas based on your IT financial management benchmarking report.
    1.3 Identify factors constraining cost optimization options.
    1.4 Set concrete IT cost optimization goals.
    1.5 Identify inputs required for decision making.
    2.1 Identify a longlist of possible initiatives around:
    1. Asset lifecycle management, investment deferral, repurposing, etc.
    2. Vendor contract renegotiation, cancelation, etc.
    2.2 Estimate the cost savings of cost optimization initiatives.
    3.1 Identify a longlist of possible initiatives around:
    1. Project priorities, project backlog reduction, project intake restructuring, etc.
    2. Workforce productivity, skills, redeployment, etc.
    3.2 Estimate the cost savings of cost optimization initiatives.
    4.1 Assess the feasibility of each initiative (effort and risk profile) given cost optimization goals.
    4.2 Prioritize cost optimization initiatives to create a final shortlist.
    4.3 Fine-tune key information about your final cost optimization initiatives and develop a cost optimization roadmap for proposal.
    5.1 Outline components of a communication plan, including approvers, stakeholders, and governance and management mechanisms to be used.
    5.2 Create an executive presentation.
    5.3 Set up review time for workshop deliverables and post-workshop activities.
    Output
    • IT cost optimization journey and guiding principles for making corresponding decisions.
    • Long list of possible cost optimization initiatives and their potential cost savings for assets and vendors levers.
    • Long list of possible cost optimization initiatives and their potential cost savings for project portfolio and workforce levers.
    • Prioritized list of key cost optimization initiatives, descriptions, estimated impact, and roadmap.
    • IT cost optimization communication plan and presentation strategy.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Phase 1

    Understand Your Mandate and Objectives

    Phase 1
    Understand Your Mandate and Objectives

    Phase 2
    Outline Your Cost Optimization Initiatives

    Phase 3
    Develop Your IT Cost Optimization Roadmap

    Phase 4
    Communicate and Execute

    This phase will walk you through the following activities:

    • Business context and cost optimization journey
    • Cost constraints and parameters
    • Cost optimization goals

    This phase involves the following participants:

    • CIO/IT director
    • IT finance lead

    1.1 Gain consensus on the business context and IT cost optimization journey

    60 minutes

    • Using the questions on slide 20, conduct a brief journey assessment to ensure consensus on the direction you are planning to take.
    • Document your findings in the provided template.
    Input Output
    • Understanding business objectives and identifying your IT mandate
    • Determining the cost optimization journey: reactive, proactive, or strategic
    Materials Participants
    • Whiteboard or flip charts
    • Journey assessment template
    • CIO/IT director
    • IT finance lead

    See the next three slides for guidelines and the journey assessment questions and template.

    Distinguishing between three journeys

    By considering business objectives without forgoing your IT mandate.

    Journey Reactive Proactive Strategic
    Description
    • Business objectives are closely tied to cost reduction, forcing cost cutting across IT.
    • Typically occurs during turbulent economic times, when slow revenue growth is expected.
    • Business objectives do not include clear cost optimization initiatives but mandates IT to be fiscally conservative.
    • Typically occurs when economic turbulence is on the horizon and the organization's revenue is stable - executives only have a fiscal discipline guidance.
    • Business objectives do not include clear cost optimization initiatives.
    • Typically occurs when the overall economy is in good shape and the organization is in positive revenue growth territory.
    Main Focus
    • Quick-to-execute measures with few dependencies and concrete impact in response to business urgency and/or executive directive.
    • Enabling the organization to respond to different types and magnitudes of business change in a more planned and controlled manner.
    • Establishing an efficient, agile, sustainable, and strategically aligned cost optimization practice across all stages of the business cycle, regardless of business conditions.

    Questions to help determine your journey

    Business Objectives Business Strategy
    • What are the current business objectives?
    • Are there any stated cost-related objectives? If yes, what cost-related objectives have been stated by organizational leadership, such as cuts, areas of investment, and any targets for both?
    • Does the organization have a business strategy in place?
    • Was the business strategy reviewed or revised recently?
    • What's the business strategy focus for the next 12 months?
    • Are there any cost optimization implications within the current business strategy?
    IT Objectives IT Strategy and Mandate
    • What are your current IT objectives?
    • Are your IT objectives aligned to business objectives?
    • Do you have any IT cost-related objectives? If yes, what are your current IT cost-related objectives?
    • Are your IT cost-related objectives aligned to business objectives?
    • Do you have an IT strategy in place?
    • Is your IT strategy aligned to your organization's business strategy?
    • Do you have a cost optimization mandate? If yes, what is your cost optimization mandate?
    • What's the fiscal guidance and direction in IT?
    Journey
    Agreed-upon journey: reactive, proactive, or strategic.

    Template & Example

    Journey assessment

    Business Objectives Business Strategy
    • The founder's mission around quality persists despite ownership/leadership changes. Reliability and dependability are really important to everyone.
    • Increase visibility and interconnectivity across the supply chain.
    • Increase market share: younger markets and emerging foreign markets.
    • Economic outlook expected to negatively affect the bottom line - will need to trim and protect the core.
    • Grow Gizmo product sales by 10%.
    • Lower production cost of Gizmo product by 5%.
    IT Objectives IT Strategy and Mandate
    • IT/OT convergence, process automation, and modernization are major opportunities to better position the business for the future and introduce more agility into operations and reduce production cost.
    • Very mature and stable production processes with 100% uptime is a priority.
    • Lower IT cost related to Gizmo product.
    • There's no clear cost optimization mandate, but a fiscally conservative budget is recommended.
    Journey
    Agreed-upon journey: proactive.

    1.2 Review internal and external benchmarking reports

    60-90 minutes

    1. Review the IT spend and staffing results, summarized in your Info-Tech IT Spend & Staffing Benchmarking report.
    2. Identify areas where your IT spend is disproportionately high or low in comparison with your industry peers.
    3. Review and document any causes or rationales for high or low spend in each area identified. Do not be specific about any actual optimization targets or actions at this stage - simply make notes.
    4. Start a list of potential cost optimization initiatives to be further analyzed and investigated for feasibility at a later stage (see next slides for guidance, example, and template).
    InputOutput
    • IT Spend & Staffing Benchmarking report
    • A list of potential cost optimization focus areas
    MaterialsParticipants
    • Whiteboard or flip charts
    • Potential cost optimization initiatives list template
    • CIO/IT director
    • IT finance lead

    Info-Tech's approach

    Our IT cost model maps your IT spending and staffing according to four key views, putting IT spend in language that stakeholders across the organization can relate to.

    IT cost model maps

    Template & Example

    Potential cost optimization initiatives list

    Brainstorm and list potential cost optimization initiatives at a macro level.

    Potential Initiative Source Source Contact Notes
    Reduce application maintenance cost Internal Benchmarking Report CIO Based on current year report
    Rationalize software applications Info-Tech IT Benchmarking Report CIO Based on current year report
    Migrate key business applications to the cloud Latest iteration of the IT strategy CIO New IT strategy will be in development concurrent with cost optimization strategy development
    Align job roles to the current IT structure IT org. chart and salaries HR, CIO Based on information of the current year and will likely change in a few months (beginning of a new year)
    Renegotiate the top five vendor contracts up for renewal this year List of IT vendors Procurement office, CIO, IT infrastructure director, IT applications director, IT services manager Based on a list consolidated last week

    Want help with your IT spend transparency and benchmarking efforts?

    Let us fast-track your IT spend journey.

    The path to IT financial management maturity starts with knowing exactly where your money is going. To streamline this effort, Info-Tech offers an IT Spend & Staffing Benchmarking service that provides full transparency into where your money is going without any heavy lifting on your part.

    This unique service features:

    • A client-proven approach to meet your IT spend transparency goals.
    • Spend and staff mapping that reveals business consumption of IT.
    • Industry benchmarking to compare your spending and staffing to that of your peers.
    • Results in a fraction of the time with much less effort than going it alone.
    • Expert review of results and ongoing discussions with Info-Tech analysts.

    If you'd like Info-Tech to pave the way to IT spend transparency, contact your account manager for more information - we're happy to talk anytime.

    1.3 Identify your overarching constraints

    30 minutes

    1. Assess where spend change opportunities are currently limited or nonexistent due to organization edict or policy, industry regulatory requirements, or active contracts. Ask yourself:
      1. Where do IT spend bottlenecks exist and what are they?
      2. What IT spend objectives and practices are absolutely mandatory and nonnegotiable from both a business and an IT perspective?
      3. Are there areas where spend change is possible but would be very difficult to execute due to the stakeholders involved, governance processes, time frames, or another constraining factor?
    2. Identify where reduction or elimination of an IT service would negatively affect required service levels and business continuity or recovery.
    3. List constraints as negotiable or nonnegotiable on the template provided.
    4. Remove areas of focus from your cost optimization scope that land outside achievable parameters, and flag those that are difficult but still possible.
    InputOutput
    • Situational awareness and current state understanding
    • List of negotiable constraints to act on
    • Delimiting the cost optimization scope
    MaterialsParticipants
    • Whiteboard or flip charts
    • Constraints assessment template
    • CIO/IT director
    • IT finance lead

    See the next slides for additional guidance and a constraints assessment template.

    Acknowledge your limitations

    By recognizing your constraints, which will lead you to define your cost optimization scope.

    Constraints Organizational Legal/Regulatory Other
    What An organizational constraint is any work condition that hinders an employee's performance - be it physical, emotional, or otherwise. A legal or regulatory constraint is any law, rule, standard, or regulation - be it industry specific or otherwise - limiting the ability of any stakeholder to get the most out of a certain activity, initiative, or project. Other types of constraints affecting business units.
    Who Collaborate with your IT leaders and business partners to identify all major constraints that would affect cost optimization initiatives.
    How Discussions and information sessions to distinguish between negotiable and nonnegotiable constraints that would thwart cost optimization efforts:
    • Legal/regulatory requirements and related initiatives (past, ongoing, and planned/expected).
      Example: projects cannot be delayed, processes are difficult to simplify, etc.
    • Operational governance - organization policies, processes, methodologies, structure, etc.
      Example: adopting a waterfall model for development instead of an agile one.
    • Financial and accounting practices.
      Example: capital expenditure and operational expenditure classification.
    Challenge Degree to which you can influence certain outcomes within a set time frame:
    • Prioritize negotiating constraints where you can influence the outcome or maximize cost optimization benefits.

    We define a constraint as a restriction controlling the behavior of any of your stakeholders, hence preventing a desired outcome.

    In our context, constraints will determine your playing field: the boundaries of your cost optimization scope.

    Distinguish between constraints

    Negotiable vs. nonnegotiable to delimit your cost optimization scope.

    Distinguish between constraints

    Template & Example

    Constraints assessment

    List high-level limitations that hinder your cost optimization options.

    Nonnegotiable constraints
    Organizational Legal/Regulatory IT/Other
    Prioritization of sales/customer service activities SEC compliance/reporting mandates Production unit incident response service levels
    [Constraint] [Constraint] [Constraint]
    [Constraint] [Constraint] [Constraint]
    [Constraint] [Constraint] [Constraint]
    Negotiable constraints
    Organizational Legal/Regulatory IT/Other
    Core business operations process design Vendor contracts up for near-term renewal Current capital project commitments
    [Constraint] [Constraint] [Constraint]
    [Constraint] [Constraint] [Constraint]
    [Constraint] [Constraint] [Constraint]

    1.4 Establish overarching cost optimization goals

    60-90 minutes

    1. Establish specific IT cost optimization goals. Depending on your journey, step 1.1. You will have one to three overarching cost optimization goals, as follows:
      1. Reactive: Cost-cutting goal to reduce unwarranted IT spending.
      2. Proactive: Cost-to-value optimization goal.
      3. Strategic: Cost optimization sustainability goal.
      Consider amounts and time frames, as well as likely/suitable approaches you plan to employ to achieve these goals.
    2. Document your final cost optimization goals in the IT Cost Optimization Workbook.
    3. Revisit your goals after outlining your initiatives (phase 2) to ensure feasibility depending on your journey.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Situational awareness and current state understanding
    • Defined goals for IT cost optimization
    MaterialsParticipants
    • Whiteboard or flip charts
    • Set Cost Optimization Goals tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead

    Template & Example

    Document your overarching goals

    Excel Workbook: IT Cost Optimization – Set Optimization Goals Worksheet

    Refer to the example and guidelines below on how to document your goals based on your journey:

    Table of Overarching Goals

    Column ID Input Type Guidelines
    B Dropdown Select the appropriate journey: Reactive, Proactive, or Strategic.
    C Dropdown Select the appropriate cost optimization objective: Reduce Unwarranted IT Spending, Optimize Cost-to-Value, Sustain Cost Optimization.
    D Formula Automatic calculation, no entry required. Reduce Unwarranted IT Spending goal is the first priority, followed by Optimize Cost-to-Value, and Sustain Cost Optimization goals, respectively.
    E Text Enter the overarching goal related to each objective.

    Complete the following fields for each goal depending on your journey in the Excel Workbook as per guidelines:

    1. Navigate to the Set Cost Optimization Goals tab.
    2. Identify your journey and objective for each goal.
    3. Document your goal(s).

    Download the IT Cost Optimization Workbook

    Template & Example

    Break down your goals per quarter

    Excel Workbook: IT Cost Optimization - Set Cost Optimization Goals Worksheet

    Refer to the example and guidelines below on how to break down your goals per quarter and track your progress:

    Table break down your goals per quarter

    Column ID Input Type Guidelines
    F, G, H, I Text Enter the target per quarter: It could be a percentage, dollar amount, or description of the breakdown, depending on the cost optimization goal and objective.

    Complete the following fields for each goal depending on your journey in the Excel Workbook as per guidelines:

    1. Navigate to the Set Cost Optimization Goals tab.
    2. Determine your target per quarter for every goal.
    3. Document your targets.

    Download the IT Cost Optimization Workbook

    1.5 Identify inputs required for decision making

    60-90 minutes

    1. Each of the optimization levers (assets, vendors, project portfolio, and workforce) will require specific and unique sources of information which you will need to collect before moving forward. Examples of important sources of information include:
      1. Latest iteration of the IT strategy.
      2. List of IT assets (hardware, software).
      3. List of IT services or IT service catalog.
      4. List of current and planned IT projects and their resourcing allocations.
      5. List of largest vendor contracts and their key details, such as their expiration/renewal date.
      6. IT department organizational chart and salaries (by role).
    2. Review and analyze each of the documents.
    3. Continue to list potential cost optimization initiatives (step 1.2) to be further analyzed and investigated for feasibility at a later stage.
    InputOutput
    • IT strategy
    • Lists of IT assets, services, and projects
    • Top vendor contracts
    • IT org. chart and salaries
    • Macrolevel list of potential cost optimization initiatives
    MaterialsParticipants
    • Potential cost optimization initiatives list template (slide 24)
    • CIO/IT director
    • IT finance lead

    Prepare all pertinent sources of information

    And start drafting your cost optimization laundry list.

    Documents Benchmarking IT Strategy Other Information Sources
    What
    • Review:
      • Your IT spend trend across several years (ideally three to five years): internal benchmarking report.
      • Your IT spend compared to industry peers: external benchmarking report.
    • Analyze your internal and external benchmarking reports across the four views: service, expense, business, and innovation.
    • Review your business aligned IT strategy to identify cost optimization related initiatives.
    • At a later stage, exploit your IT strategy to prioritize cost optimization initiatives as needed.
    • Review your IT organization chart and salaries to determine whether the IT organization structure is optimal, job descriptions are mapped to the desired structure, employee skillsets and salary scale are adequate and aligned to the job description, etc.
    • Compile and examine lists of assets, vendors, projects, and services.
    • Prepare any other information sources you deem meaningful.
    Who Collaborate with your IT leaders and business partners to:
    • Prepare the necessary reports, documents, and required sources of information.
    • Identify potential cost optimization initiatives around areas of improvement.
    How Discussions and information sessions to analyze and deep dive on raw findings.
    Challenge Time to compile and analyze reports without affecting day-to-day operations:
    • Outsource some activities such as external benchmarking to organizations like Info-Tech.
    • Get consulting support on specific reports or tasks through workshops, calls, etc.

    Phase 2

    Outline Your Cost Optimization Initiatives

    Phase 1
    Understand Your Mandate and Objectives

    Phase 2
    Outline Your Cost Optimization Initiatives

    Phase 3
    Develop Your IT Cost Optimization Roadmap

    Phase 4
    Communicate and Execute

    This phase will walk you through the following activities:

    • IT cost optimization initiatives
    • IT cost optimization workbook

    This phase involves the following participants:

    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • IT vendor management lead
    • PMO lead
    • IT talent management representative
    • Other IT management

    Outline your cost optimization initiatives

    Across Info-Tech's four levers.

    Levers ASSETS VENDORS PROJECT PORTFOLI WORKFORCE
    What
    • Maintain trustworthy data to optimize cost, reduce risk, and improve services in line with business priorities and requirements:
      • Optimize cost: reallocate unused hardware and software, end unneeded service agreements, and manage renewals and audits.
      • Reduce risk: provide comprehensive asset data for security controls development and incident management - manage equipment disposal.
      • Improve IT service: support incident, problem, request, and change management with ITAM data.
    • Examine your vendor contracts and vendor management practices to optimize your expected value from every IT provider you deal with.
    • Treat vendor management as a proactive, cross-functional practice aiming to create value by improving communication, relationships, processes, performance, and ultimately reducing cost.
    • Reassess your project portfolio to maximize total value in line with business objectives and strategy.
    • Reduce resource waste with a strategic approach to project portfolio management:
      • Ensure that approved projects can be completed by aligning intake with real project capacity.
      • Minimize over-allocation of resources by allocating based on the proportion of project vs. non-project work.
      • Forecast future resource requirements by maintaining accurate resource capacity data.
    • Review your strategic workforce plan to identify cost optimization opportunities.
    • Determine capability gaps to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.
    • Link workforce planning with strategic planning to ensure that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.
    Who Collaborate with your IT leaders and business partners to:
    • Prepare the necessary reports, documents, and required sources of information.
    • Determine cost optimization initiatives across the four levers.
    How You will decide on the best course of action depending on your journey.

    Most common cost optimization challenges

    Across Info-Tech's four levers.

    Levers ASSETS VENDORS PROJECT PORTFOLI WORKFORCE
    Challenge
    • Incomplete or inaccurate data, poor processes, inadequate tools, and lack of support across the organization is leading to bad decision making while damaging value.
    • Spending on IT providers is increasing while vendor contract expected value - results, output, performance, solutions, or outcomes - is not realized.
    • Poor planning, conflicting priorities, and resource scarcity is affecting project outcomes, resulting in suboptimal value.
    • Talent shortages, lack of prioritization, and experience in managing an IT workforce is leading to higher costs and a loss in value.
    Solution
    • Develop a sustainable IT asset management (ITAM) strategy aligned with your business priorities.
    • Establish a vendor management initiative (VMI) with a solid foundation to fit your organization's culture, environment, and goals.
    • Create a coherent strategy to maximize the total value that projects deliver as a portfolio, rather than a collection of individual projects.
    • Develop a strategic workforce plan (SWP) to ensure you have the right people in place at the right time.
    Related Info-Tech Research Develop an IT Asset Management Strategy Jump-start Your Vendor Management Initiative Develop a Project Portfolio Management Strategy Build a Strategic IT Workforce Plan

    2.1 Determine your cost optimization initiatives

    8 hours

    Now that you have identified your journey and understood your constraints:

    1. Review your list of potential cost optimization initiatives and document viable ones in the IT Cost Optimization Workbook.
    2. Think of potential cost optimization initiatives within the four levers: assets, vendors, project portfolio, and workforce. The following slides will help you in this endeavor.

    Download the IT Cost Optimization Workbook

    Input Output
    • Potential cost optimization initiatives list
    • Outline Initiatives in the IT Cost Optimization Workbook
    Materials Participants
    • Whiteboard or flip charts
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Other IT management - depending on the optimization lever (Assets, Vendors, Project Portfolio, or Workforce)

    Plan your cost optimization initiatives

    Your initiatives will differ depending on your journey

    In terms of aggressiveness and objectives.

    Plan cost optimization initiatives

    Cost optimization initiatives pertaining to a reactive journey are characterized by aggressive cost reduction.

    On the other hand, cost optimization initiatives within a strategic journey can vary in aggressiveness across objectives.

    2.1.1 Identify asset optimization initiatives

    2 hours

    1. Review the IT asset management strategy if available. Compile a list of all hardware, software, and facility asset costs for delivery of IT services.
    2. Analyze hardware and software assets for opportunities to consolidate, reduce, eliminate, and/or enhance functionality/automation. Look for:
      1. Redundancy or duplication of functionality not necessary for disaster recovery or business continuity purposes.
      2. Low or no-use software.
      3. Homegrown or legacy systems with high maintenance/support burdens.
      4. Multiple, old, or unsupported versions of current-use software.
      5. Opportunities to delay hardware/software refreshes or upgrades.
      6. Cloud/outsourced options.
      7. Instances of unsanctioned shadow IT.
    3. Reassess your in-house asset management processes to see where efficiency and effectiveness could be improved overall.
    4. Document cost optimization initiatives that could be driven by asset optimization objectives in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • IT asset management strategy
    • List of current assets including hardware, software, and facilities
    • Outline Initiatives driven by asset optimization objectives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Whiteboard or flip charts
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • Other IT management

    Example

    Asset optimization

    Some examples to get you started

    Journey Reactive, Proactive, or Strategic Proactive or Strategic Strategic
    Initiatives
    • Validate the license cost of performance optimization.
    • Review the utilization of software/hardware before renewal or purchase of additional hardware or software.
    • Assess new license cost against projects to determine possibility of differing or canceling software.
    • Postpone the purchases of hardware.
    • Extend the life of hardware.
    • Consolidate and reconfigure hardware.
    • Return damaged/malfunctioning hardware under warranty.
    • Consolidate and reconfigure software.
    • Optimize software/hardware functionality.
    • Implement hardware/software standard or policy.
    • Develop an infrastructure management outsourcing strategy.
    • Optimize cloud management: review utilization, licensing, cost, etc.
    • Develop a sustainable IT asset management (ITAM) strategy aligned with your business priorities.
    • Minimize shadow IT by creating a policy and improving the service request process.
    • Develop or assess a cloud strategy for a certain service.
    No initiatives for the reactive journey. No initiatives for the reactive or proactive journeys.
    Objective Reduce Unwarranted IT Spending Optimize Cost-to-Value Sustain Cost Optimization

    Template & Example

    List your objectives and initiatives

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to input your asset optimization initiatives and related objectives:

    List your objectives and initiatives

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required. The ID will update once there's an input in column E.
    C Dropdown Select an optimization lever: Assets, Vendors, Project Portfolio, or Workforce.
    D Dropdown Select an initiative focus from the dropdown list - this will help you think of initiatives.
    E Text Enter your initiative.
    F Text Write a brief description per initiative, providing a cost optimization rationale.
    G Dropdown Select the cost type per initiative: OpEx (operating expenditure) or CapEx (capital expenditure).
    H Dropdown Select 1 of 3 objectives for each initiative: Reduce Unwarranted IT Spending, Optimize Cost-to-Value, or Sustain Cost Optimization.

    List your initiatives in the provided Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Enter all your initiatives driven by the asset optimization lever.
    3. Determine the cost optimization objective per initiative.

    2.1.2 Identify vendor optimization initiatives

    2 hours

    1. Revisit the IT vendor classification if available. Identify all existing vendor contracts up for renewal within the current fiscal year and create an inventory.
    2. Examine your vendor contracts to optimize your expected value from every IT provider you deal with. For each contract:
      1. Identify the business purpose/drivers.
      2. Identify the expiration/renewal date to determine time frames for action.
      3. Determine if there is an opportunity to rightsize, cancel, renegotiate costs/service levels, or postpone renewal/purchase.
      4. Identify integrations and interdependencies with other hardware and software systems to understand scope and impact of potential changes.
    3. Reassess your in-house vendor management processes to see where efficiency and effectiveness could be improved overall.
    4. Document cost optimization initiatives that could be driven by vendor optimization objectives in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Vendor classification
    • Vendors contracts
    • Outline Initiatives driven by vendor optimization objectives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Whiteboard or flip charts
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT vendor management lead
    • Other IT management

    Example

    Vendor optimization

    Some examples to get you started.

    Journey Reactive, Proactive, or Strategic Proactive or Strategic Strategic
    Initiatives
    • Renegotiate and rightsize a vendor contract:
      • Cancel vendor/service/type application contract.
      • Renegotiate vendor/service/type contract.
      • Cancel vendor/service/type licenses.
      • Rationalize number of vendor/service/type licenses.
    • Consolidate vendors/resellers with similar services, products and features.
    • Implement a vendor management initiative to maximize value and minimize risk.
    • Consolidate contracts to take advantage of spending power and volume.
    • Set up custom vendor performance metrics.
    • Establish ongoing monitoring of vendor risk (financial, security, etc.).
    No initiatives for the reactive journey. No initiatives for the reactive or proactive journeys.
    Objective Reduce Unwarranted IT Spending Optimize Cost-to-Value Sustain Cost Optimization

    Template & Example

    List your objectives and initiatives

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to input your vendor optimization initiatives and related objectives:

    List your objectives and initiatives

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required. The ID will update once there's an input in column E.
    C Dropdown Select an optimization lever: Assets, Vendors, Project Portfolio, or Workforce.
    D Dropdown Select an initiative focus from the dropdown list - this will help you think of initiatives.
    E Text Enter your initiative.
    F Text Write a brief description per initiative, providing a cost optimization rationale.
    G Dropdown Select the cost type per initiative: OpEx (operating expenditure) or CapEx (capital expenditure).
    H Dropdown Select 1 of 3 objectives for each initiative: Reduce Unwarranted IT Spending, Optimize Cost-to-Value, or Sustain Cost Optimization.

    List your initiatives in the provided Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Enter all your initiatives driven by the vendor optimization lever.
    3. Determine the cost optimization objective per initiative.

    2.1.3 Identify project portfolio optimization initiatives

    2 hours

    1. Review the IT Project Portfolio Strategy if available, and the list of both in-flight and planned projects.
    2. Reassess your project portfolio to maximize total value in line with business objectives and strategy. For each current and pending project on the list, identify a cost optimization initiative, including:
      1. Revisiting, confirming, and documenting actual project rationale with the business in relation to strategic goals.
      2. Rescoping existing projects that are underway.
      3. Accelerating planned or existing projects that enable business cost savings or competitive advantage and revenue growth.
      4. Canceling or postponing projects that are underway or haven't started.
      5. Identifying net-new projects that enhance business capabilities or save business costs.
    3. Reassess your in-house project management and project portfolio management processes to see where efficiency and effectiveness could be improved overall.
    4. Document cost optimization initiatives that could be driven by project portfolio optimization objectives in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    Input Output
    • Project Portfolio Management Strategy
    • List of current and pending projects
    • Outline Initiatives driven by project portfolio optimization objectives in the IT Cost Optimization Workbook
    Materials Participants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • PMO lead
    • Other IT management

    Example

    Project portfolio optimization

    Some examples to get you started.

    Journey Reactive, Proactive, or Strategic Proactive or Strategic Strategic
    Initiatives
    • Cancel projects with no executive sponsor.
    • Cancel projects with unacceptable timelines.
    • Postpone projects where there is a more urgent need for related resources.
    • Rescope projects where a more effective business case has been identified.
    • Freeze projects where scope and resourcing are uncertain.
    • Accelerate projects that enable business cost savings or a competitive advantage with revenue growth.
    • Combine projects that are better managed by realigning project managers and coordinators.
    • Break projects into phases to front-load realized value.
    • Outsource projects with commoditized skillset requirements.
    • Reassess the technology requirements when multiple vendors are involved.
    • Reexamine project rationale with the business in relation to strategic goals.
    • Identify net-new projects that offer improved value in relation to current economics.
    • Reassess the strategic drivers for project spending in the face of shifting priorities.
    • Implement a project portfolio governance function.
    • Introduce a benefits realization discipline in relation to the benefits forecasted during project approval.
    No initiatives for the reactive journey. No initiatives for the reactive or proactive journeys.
    Objective Reduce Unwarranted IT Spending Optimize Cost-to-Value Sustain Cost Optimization

    Template & Example

    List your objectives and initiatives

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to input your project portfolio optimization initiatives and related objectives:

    List your objectives and initiatives

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required. The ID will update once there's an input in column E.
    C Dropdown Select an optimization lever: Assets, Vendors, Project Portfolio, or Workforce.
    D Dropdown Select an initiative focus from the dropdown list - this will help you think of initiatives.
    E Text Enter your initiative.
    F Text Write a brief description per initiative, providing a cost optimization rationale.
    G Dropdown Select the cost type per initiative: OpEx (operating expenditure) or CapEx (capital expenditure).
    H Dropdown Select 1 of 3 objectives for each initiative: Reduce Unwarranted IT Spending, Optimize Cost-to-Value, or Sustain Cost Optimization.

    List your initiatives in the provided Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Enter all your initiatives driven by the project portfolio optimization lever.
    3. Determine the cost optimization objective per initiative.

    2.1.4 Identify workforce optimization initiatives

    2 hours

    1. Review the IT department's strategic workforce plan (SWP) if available, organizational chart, and salaries by role. Do not review IT staffing in terms of named individuals who occupy a given role - focus on functions, roles, and job descriptions.
    2. Determine capability gaps:
      1. Rectify efficiency, effectiveness, and other performance issues.
      2. Train IT staff to enhance or improve skills and effectiveness.
      3. Add roles, skills, or headcount to improve effectiveness.
      4. Integrate teams to improve collaboration and reduce redundancies or break out new ones to increase focus/specialization.
      5. Redesign job roles and responsibilities.
      6. Redeploy/reassign staff to other teams.
      7. Conduct layoff (as a last resort, starting by assessing contractual employees).
    3. Document cost optimization initiatives that could be driven by workforce optimization objectives in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Strategic workforce plan (SWP)
    • Organizational charts
    • Staff lists
    • Outline Initiatives driven by workforce optimization objectives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Talent management representative
    • Other IT management

    Example

    Workforce optimization

    Some examples to get you started.

    Journey Reactive, Proactive, or Strategic Proactive or Strategic Strategic
    Initiatives
    • Defer vacancy, position, or role.
    • Freeze all overnight and unessential IT staff travel.
    • Outsource project/function to free internal resources.
    • Postpone nonessential IT staff training as per training plans.
    • Suspend IT team discretionary spend.
    • Streamline workforce related to department/service (develop the process).
    • Relocate role or function from division or group to division or group.
    • Adjust framework and level assignments.
    • Promote and train employees for a certain objective.
    • Implement a strategic workforce plan (SWP) to ensure you have the right people in place, at the right time.
    • Set up a workforce performance monitoring framework or process to optimize staffing capabilities aligned with business value.
    No initiatives for the reactive journey. No initiatives for the reactive or proactive journeys.
    Objective Reduce Unwarranted IT Spending Optimize Cost-to-Value Sustain Cost Optimization

    Template & Example

    List your objectives and initiatives

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to input your workforce optimization initiatives and related objectives:

    List your objectives and initiatives

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required. The ID will update once there's an input in column E.
    C Dropdown Select an optimization lever: Assets, Vendors, Project Portfolio, or Workforce.
    D Dropdown Select an initiative focus from the dropdown list - this will help you think of initiatives.
    E Text Enter your initiative.
    F Text Write a brief description per initiative, providing a cost optimization rationale.
    G Dropdown Select the cost type per initiative: OpEx (operating expenditure) or CapEx (capital expenditure).
    H Dropdown Select 1 of 3 objectives for each initiative: Reduce Unwarranted IT Spending, Optimize Cost-to-Value, or Sustain Cost Optimization.

    List your initiatives in the provided Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Enter all your initiatives driven by the workforce optimization lever.
    3. Determine the cost optimization objective per initiative.

    2.2 Estimate the cost savings of cost optimization initiatives

    8 hours

    Now that you have identified your initiatives:

    1. Review your cost optimization initiatives per lever (Assets, Vendors, Project Portfolio, and Workforce).
    2. Determine whether the implementation cost of each of your initiatives is included as part of your budget.
    3. Estimate your cost savings.
    4. Document your assessment in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Potential cost optimization initiatives list
    • Outline Initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Whiteboard or flip charts
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Other IT management - depending on the optimization lever (Assets, Vendors, Project Portfolio, or Workforce)

    2.2.1 Estimate the costs impacting your asset optimization initiatives

    2 hours

    1. Review each asset optimization initiative to estimate cost implications.
    2. Consider implementation cost in terms of your budget, and document it in the IT Cost Optimization Workbook (see next slides). Is the implementation cost of the underlying initiative considered in your current budget? If not, move to the next initiative. You will assess the flagged initiative independently at a later stage if deemed necessary.
    3. Estimate the current cost related to the initiative (including implementation cost), and document it in the IT Cost Optimization Workbook (see next slides). This will be the first of two inputs needed to calculate the initiative's potential cost savings.
    4. Estimate the expected cost, post initiative execution, of the underlying initiative, and document it in the IT Cost Optimization Workbook (see next slides). This will be the second and last input needed to calculate the initiative's potential cost savings.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Asset optimization initiatives
    • Cost and budget information
    • Cost estimates of asset optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • Other IT management

    Template & Example

    Estimate your cost

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete cost estimates for each asset optimization initiative:

    Estimate your cost

    Column ID Input Type Guidelines
    I Dropdown Select if the implementation cost is considered within your budget or not. If not, the initiative will be flagged to be reviewed, and no further entry is required; move to the next initiative. Implementation cost represents your cost for planning, executing, and monitoring the related initiative.
    J, K Whole Number Input a dollar amount. Current cost represents the yearly cost including implementing the initiative, while the expected cost represents the yearly cost after implementing the initiative.
    L Formula Automatic calculation, no entry required. The difference between current cost and expected cost.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine if the implementation cost is considered within the budget.
    3. If yes, estimate the current cost, and expected cost of the underlying initiative.

    2.2.2 Estimate the costs impacting your vendor optimization initiatives

    2 hours

    1. Review each vendor optimization initiative to estimate cost implications.
    2. Consider implementation cost in terms of your budget, and document it in the IT Cost Optimization Workbook (see next slides). Is the implementation cost of the underlying initiative considered in your current budget? If not, move to the next initiative. You will assess the flagged initiative independently at a later stage if deemed necessary.
    3. Estimate the current cost related to the initiative (including implementation cost), and document it in the IT Cost Optimization Workbook (see next slides). This will be the first of two inputs needed to calculate the initiative's potential cost savings.
    4. Estimate the expected cost, post initiative execution, of the underlying initiative, and document it in the IT Cost Optimization Workbook (see next slides). This will be the second and last input needed to calculate the initiative's potential cost savings.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Vendor optimization initiatives
    • Cost and budget information
    • Cost estimates of vendor optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT vendor management lead
    • Other IT management

    Template & Example

    Estimate your cost

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete cost estimates for each vendor optimization initiative:

    Estimate your cost

    Column ID Input Type Guidelines
    I Dropdown Select if the implementation cost is considered within your budget or not. If not, the initiative will be flagged to be reviewed, and no further entry is required; move to the next initiative. Implementation cost represents your cost for planning, executing, and monitoring the related initiative.
    J, K Whole Number Input a dollar amount. Current cost represents the yearly cost including implementing the initiative, while the expected cost represents the yearly cost after implementing the initiative.
    L Formula Automatic calculation, no entry required. The difference between current cost and expected cost.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine if the implementation cost is considered within the budget.
    3. If yes, estimate the current cost, and expected cost of the underlying initiative.

    2.2.3 Estimate the costs impacting your project portfolio optimization initiatives

    2 hours

    1. Review each project portfolio optimization initiative to estimate cost implications.
    2. Consider implementation cost in terms of your budget, and document it in the IT Cost Optimization Workbook (see next slides). Is the implementation cost of the underlying initiative considered in your current budget? If not, move to the next initiative. You will assess the flagged initiative independently at a later stage if deemed necessary.
    3. Estimate the current cost related to the initiative (including implementation cost), and document it in the IT Cost Optimization Workbook (see next slides). This will be the first of two inputs needed to calculate the initiative's potential cost savings.
    4. Estimate the expected cost, post initiative execution, of the underlying initiative, and document it in the IT Cost Optimization Workbook (see next slides). This will be the second and last input needed to calculate the initiative's potential cost savings.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Project portfolio optimization initiatives
    • Cost and budget information
    • Cost estimates of project portfolio optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • PMO lead
    • Other IT management

    Template & Example

    Estimate your cost

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete cost estimates for each project portfolio optimization initiative:

    Estimate your cost

    Column ID Input Type Guidelines
    I Dropdown Select if the implementation cost is considered within your budget or not. If not, the initiative will be flagged to be reviewed, and no further entry is required; move to the next initiative. Implementation cost represents your cost for planning, executing, and monitoring the related initiative.
    J, K Whole Number Input a dollar amount. Current cost represents the yearly cost including implementing the initiative, while the expected cost represents the yearly cost after implementing the initiative.
    L Formula Automatic calculation, no entry required. The difference between current cost and expected cost.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine if the implementation cost is considered within the budget.
    3. If yes, estimate the current cost, and expected cost of the underlying initiative.

    2.2.4 Estimate the costs impacting your workforce optimization initiatives

    2 hours

    1. Review each workforce optimization initiative to estimate cost implications.
    2. Consider implementation cost in terms of your budget, and document it in the IT Cost Optimization Workbook (see next slides). Is the implementation cost of the underlying initiative considered in your current budget? If not, move to the next initiative. You will assess the flagged initiative independently at a later stage if deemed necessary.
    3. Estimate the current cost related to the initiative (including implementation cost), and document it in the IT Cost Optimization Workbook (see next slides). This will be the first of two inputs needed to calculate the initiative's potential cost savings.
    4. Estimate the expected cost, post initiative execution, of the underlying initiative, and document it in the IT Cost Optimization Workbook (see next slides). This will be the second and last input needed to calculate the initiative's potential cost savings.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Workforce optimization initiatives
    • Cost and budget information
    • Cost estimates of workforce optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Talent management representative
    • Other IT management

    Template & Example

    Estimate your cost

    Excel Workbook: IT Cost Optimization –i Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete cost estimates for each workforce optimization initiative:

    Estimate your cost

    Column ID Input Type Guidelines
    I Dropdown Select if the implementation cost is considered within your budget or not. If not, the initiative will be flagged to be reviewed, and no further entry is required; move to the next initiative. Implementation cost represents your cost for planning, executing, and monitoring the related initiative.
    J, K Whole Number Input a dollar amount. Current cost represents the yearly cost including implementing the initiative, while the expected cost represents the yearly cost after implementing the initiative.
    L Formula Automatic calculation, no entry required. The difference between current cost and expected cost.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine if the implementation cost is considered within the budget.
    3. If yes, estimate the current cost, and expected cost of the underlying initiative.

    Phase 3

    Develop Your IT Cost Optimization Roadmap

    Phase 1
    Understand Your Mandate and Objectives

    Phase 2
    Outline Your Cost Optimization Initiatives

    Phase 3
    Develop Your IT Cost Optimization Roadmap

    Phase 4
    Communicate and Execute

    This phase will walk you through the following activities:

    • IT cost optimization workbook
    • IT cost optimization roadmap

    This phase involves the following participants:

    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • IT vendor management lead
    • PMO lead
    • IT talent management representative
    • Other IT management

    Develop your prioritized and aligned cost optimization roadmap

    The process of developing your roadmap is where you set final cost optimization priorities, conduct a final rationalization to decide what's in and what's out, and document your proposed plan of action.

    First, take a moment to consider if you missed anything. Too often, only the cost cutting elements of the cost optimization equation get attention. Remember that cost optimization also includes making smart investments. Sometimes adding and expanding is better for the business than removing or contracting.

    • Do your proposed initiatives help position the organization to recover quickly if you're dealing with a downturn or recession scenario?
    • Have you fully considered growth or innovation opportunities that will help optimize costs in the long run?

    Feasibility
    Eliminate initiatives from the longlist of potential initiatives that cannot be achieved given the cost optimization goals you determined at the beginning of this exercise.

    Priority
    Rank order the remaining initiatives according to their ability to contribute to goal attainment and dependency relationships with external constraints and one another.

    Action Plan
    Create an overarching visual roadmap that shows how you intend to achieve your cost optimization goals over the short, medium, and long-term.

    3.1 Assess the feasibility of your cost optimization initiatives

    4 hours

    Now that you have identified your initiatives across the four levers and understood the business impacts:

    1. Review each of your cost optimization initiatives and estimate the feasibility in terms of:
      1. Effort required to implement.
      2. Risk: Likelihood of failure and impact on performance.
      3. Approval rights: Within the IT or finance's accountability/domain or not.
    2. Document your assessment in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Cost optimization initiatives
    • Feasibility estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Variables tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Other IT management - depending on the optimization lever (Assets, Vendors, Project Portfolio, or Workforce)

    3.1.1 Estimate the feasibility of your asset optimization initiatives

    1 hour

    1. Review each asset optimization initiative to estimate feasibility implications.
    2. Start by defining the effort required variables. Think in terms of how many dedicated full-time employees you would need to implement the initiative. Document your definition for each of the three variables (High, Medium, or Low) in the IT Cost Optimization Workbook (see next slides). Then, estimate the effort required to implement the related initiative. Consider complexity, scope, and resource availability, before you document it in the IT Cost Optimization Workbook (see next slides).
    3. Define your likelihood of failure variables. Think in terms of probability of failure or percent chance the underlying initiative will not succeed. Document your definition for each of the three variables (High, Medium, or Low) in the IT Cost Optimization Workbook (see next slides). Then, estimate the likelihood of failure to implement the related initiative, and document it in the IT Cost Optimization Workbook (see next slides).
    4. Consider the initiative's impact on performance. Would implementing the initiative hinder IT or business performance? If you are on a reactive journey, would it impede business recovery in any way, shape, or form? Document the impact (Positive Impact, No Impact, or Negative Impact) in the IT Cost Optimization Workbook (see next slides).
    5. Determine who is responsible for approving the initiative. Does it fall within your jurisdiction, responsibility, or accountability? If not, it would mean that it might be more difficult to implement the initiative. Document approval rights (within accountability or not within accountability) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    Input Output
    • Asset optimization initiatives
    • Feasibility estimates of asset optimization initiatives in the IT Cost Optimization Workbook
    Materials Participants
    • Define Variables tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • Other IT management

    Template & Example

    Define your feasibility variables

    Excel Workbook: IT Cost Optimization – Define Variables Worksheet

    Refer to the example and guidelines below on how to define your feasibility variables for standardization purposes. You can adopt a different definition per optimization lever (Assets, Vendors, Project Portfolio, and Workforce), or maintain the same one across initiatives, depending on what makes sense for your organization:

    Define your feasibility variables

    Column ID Input Type Guidelines
    B, G Formula Automatic calculation, no entry required. The ID will populate automatically.
    C, H Text No entry required. Three variables identified: High, Medium, Low.
    D, E Whole Number Review and input the range of each effort required variable, based on the number of dedicated full-time employees needed to implement an initiative, as it works best for your organization.
    I, J Whole Number Review and input the range of each likelihood of failure variable, based on the probability of failure of an initiative, as it works best for your organization. This example should work for most organizations.

    Define your feasibility variables in the Excel Workbook as per guidelines:

    1. Navigate to the Define Variables tab.
    2. Review and enter the range of each effort required and likelihood of failure variable as you see fit for your organization.

    Template & Example

    Estimate your feasibility

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete feasibility estimates for each asset optimization initiative:

    Estimate your feasibility

    Column ID Input Type Guidelines
    M Dropdown Select the effort required estimate based on your defined variables. Effort required represents the number of dedicated employees needed to plan, execute, and monitor the underlying initiative, based on the level of maturity and readiness; consider complexity, scope, and resource availability.
    N Dropdown Select the likelihood of failure estimate based on your defined variables. Likelihood of failure represents the probability of failure of the underlying initiative.
    O Dropdown Select the impact on performance estimate related to the implementation of the underlying initiative. Consider the impact on IT and on business (including business recovery if on a reactive journey).
    P Dropdown Select the appropriate approval right related to the underlying initiative. Determine if the initiative's approval falls within your accountability or not.
    Q Text Write a brief description per initiative, providing an impact rationale and identifying the approver where possible.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate effort required to implement the underlying initiative.
    3. Identify the risk of each initiative: likelihood of failure and impact on performance.
    4. Choose the adequate approval right classification for each initiative.

    3.1.2 Estimate the feasibility of your vendor optimization initiatives

    1 hour

    1. Review each vendor optimization initiative to estimate feasibility implications, along with previously defined variables (see slides 64 and 65).
    2. Consider the initiative's impact on performance. Would implementing the initiative hinder IT or business performance? If you are on a reactive journey, would it impede business recovery in any way, shape, or form? Document the impact (Positive Impact, No Impact, or Negative Impact) in the IT Cost Optimization Workbook (see next slides).
    3. Determine who is responsible for approving the initiative. Does it fall within your jurisdiction, responsibility, or accountability? If not, it would mean that it might be more difficult to implement the initiative. Document approval rights (within accountability or not within accountability) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Vendor optimization initiatives
    • Feasibility estimates of vendor optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Variables tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT vendor management lead
    • Other IT management

    Template & Example

    Estimate your feasibility

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete feasibility estimates for each vendor optimization initiative:

    Estimate your feasibility

    Column ID Input Type Guidelines
    M Dropdown Select the effort required estimate based on your defined variables. Effort required represents the number of dedicated employees needed to plan, execute, and monitor the underlying initiative, based on the level of maturity and readiness; consider complexity, scope, and resource availability.
    N Dropdown Select the likelihood of failure estimate based on your defined variables. Likelihood of failure represents the probability of failure of the underlying initiative.
    O Dropdown Select the impact on performance estimate related to the implementation of the underlying initiative. Consider the impact on IT and on business (including business recovery if on a reactive journey).
    P Dropdown Select the appropriate approval right related to the underlying initiative. Determine if the initiative's approval falls within your accountability or not.
    Q Text Write a brief description per initiative, providing an impact rationale and identifying the approver where possible.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate effort required to implement the underlying initiative.
    3. Identify the risk of each initiative: likelihood of failure and impact on performance.
    4. Choose the adequate approval right classification for each initiative.

    3.1.3 Estimate the feasibility of your project portfolio optimization initiatives

    1 hour

    1. Review each project portfolio optimization initiative to estimate feasibility implications, along with previously defined variables (see slides 64 and 65).
    2. Consider the initiative's impact on performance. Would implementing the initiative hinder IT or business performance? If you are on a reactive journey, would it impede business recovery in any way, shape, or form? Document the impact (Positive Impact, No Impact, or Negative Impact) in the IT Cost Optimization Workbook (see next slides).
    3. Determine who is responsible for approving the initiative. Does it fall within your jurisdiction, responsibility, or accountability? If not, it would mean that it might be more difficult to implement the initiative. Document approval rights (within accountability or not within accountability) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Project portfolio optimization initiatives
    • Feasibility estimates of vendor optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Variables tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • PMO lead
    • Other IT management

    Template & Example

    Estimate your feasibility

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete feasibility estimates for each project portfolio optimization initiative:

    Estimate your feasibility

    Column ID Input Type Guidelines
    M Dropdown Select the effort required estimate based on your defined variables. Effort required represents the number of dedicated employees needed to plan, execute, and monitor the underlying initiative, based on the level of maturity and readiness; consider complexity, scope, and resource availability.
    N Dropdown Select the likelihood of failure estimate based on your defined variables. Likelihood of failure represents the probability of failure of the underlying initiative.
    O Dropdown Select the impact on performance estimate related to the implementation of the underlying initiative. Consider the impact on IT and on business (including business recovery if on a reactive journey).
    P Dropdown Select the appropriate approval right related to the underlying initiative. Determine if the initiative's approval falls within your accountability or not.
    Q Text Write a brief description per initiative, providing an impact rationale and identifying the approver where possible.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate effort required to implement the underlying initiative.
    3. Identify the risk of each initiative: likelihood of failure and impact on performance.
    4. Choose the adequate approval right classification for each initiative.

    3.1.4 Estimate the feasibility of your workforce optimization initiatives

    1 hour

    1. Review each workforce optimization initiative to estimate feasibility implications, along with previously defined variables (see slides 64 and 65).
    2. Consider the initiative's impact on performance. Would implementing the initiative hinder IT or business performance? If you are on a reactive journey, would it impede business recovery in any way, shape, or form? Document the impact (Positive Impact, No Impact, or Negative Impact) in the IT Cost Optimization Workbook (see next slides).
    3. Determine who is responsible for approving the initiative. Does it fall within your jurisdiction, responsibility, or accountability? If not, it would mean that it might be more difficult to implement the initiative. Document approval rights (within accountability or not within accountability) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Workforce optimization initiatives
    • Feasibility estimates of workforce optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Variables tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Talent management representative
    • Other IT management

    Template & Example

    Estimate your feasibility

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete feasibility estimates for each workforce optimization initiative:

    Estimate your feasibility

    Column ID Input Type Guidelines
    M Dropdown Select the effort required estimate based on your defined variables. Effort required represents the number of dedicated employees needed to plan, execute, and monitor the underlying initiative, based on the level of maturity and readiness; consider complexity, scope, and resource availability.
    N Dropdown Select the likelihood of failure estimate based on your defined variables. Likelihood of failure represents the probability of failure of the underlying initiative.
    O Dropdown Select the impact on performance estimate related to the implementation of the underlying initiative. Consider the impact on IT and on business (including business recovery if on a reactive journey).
    P Dropdown Select the appropriate approval right related to the underlying initiative. Determine if the initiative's approval falls within your accountability or not.
    Q Text Write a brief description per initiative, providing an impact rationale and identifying the approver where possible.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate effort required to implement the underlying initiative.
    3. Identify the risk of each initiative: likelihood of failure and impact on performance.
    4. Choose the adequate approval right classification for each initiative.

    3.2 Prioritize cost optimization initiatives to create a final shortlist

    4 hours

    Now that you have your cost and feasibility for each cost optimization initiative:

    1. Review each of your cost optimization initiatives and estimate the time and priority by considering:
      1. Preliminary priority assessment based on your cost and feasibility input.
      2. Time frame: start and end date of each initiative.
      3. Current budget cycle: time remaining in the current budget cycle and potential cost savings in this fiscal year.
    2. Determine the final priority of the initiative and decide whether you want to include it in your 12-month roadmap.
    3. Document your assessment in the IT Cost Optimization Workbook.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Cost optimization initiatives
    • Time and priority estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Priority Threshold tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Other IT management - depending on the optimization lever (Assets, Vendors, Project Portfolio, or Workforce)

    3.2.1 Prioritize your asset optimization initiatives

    1 hour

    1. Review each asset optimization initiative to set the priority.
    2. Validate your cost and feasibility estimates and consider the automated evaluation, in the IT Cost Optimization Workbook, providing you with a preliminary priority based on your cost and feasibility estimates (see next slides).
    3. Revisit your overarching goals (step 1.4) as you will assess the time it will take you to complete your initiatives and prioritize accordingly.
    4. Determine your start and end date for each initiative based on your journey, objectives, and overarching goals. Consider the urgency of each initiative. Document the quarter and year for your start and end dates in the IT Cost Optimization Workbook (see next slides).
    5. Identify the time remaining in your current budget cycle after the completion of each initiative to get a cost savings estimate for the current fiscal year. Document the number of remaining quarters (0, 1, 2, 3, or 4) in the IT Cost Optimization Workbook (see next slides).
    6. Decide on the priority of each initiative (High, Medium, or Low), and document it in the IT Cost Optimization Workbook (see next slides).
    7. Revisit the priority decision after prioritizing all your initiatives and determine which ones to include in your 12-month roadmap; consider the number of initiatives you can tackle at the same time within a 12-month period. Document your final decision (Yes or No) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Asset optimization initiatives
    • Time and priority estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Priority Threshold tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT asset manager
    • IT infrastructure manager
    • Other IT management

    Template & Example

    Understand your priority assessment

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how the preliminary priority assessment is assigned, for each asset optimization initiative, noting that columns Q to X are hidden automatic calculations and should not be touched:

    Understand your priority assessment

    Column ID Input Type Guidelines
    R Formula Hidden automatic calculation, no entry required. Rank of estimate cost savings (per year) in ascending order (higher cost savings implies a higher rank).
    S Formula Hidden automatic calculation, no entry required. Cost Savings Score on a scale of 1 to 3, where the top third in Cost Savings Rank are assigned a score of 1, the bottom third a score of 3, and in between a score of 2, noting that negative cost savings would imply a -1 score.
    T Formula Hidden automatic calculation, no entry required. Cost Score adds 1 to the Cost Savings Score if the underlying initiative is within the budget.
    U, V, W Formula Hidden automatic calculation, no entry required. A score on a scale of 1 to 3 based on input of columns M, N, and O, where Low or Positive Impact is assigned a score of 3, Medium or No Impact a score of 2, and High or Negative Impact a score of 1.
    X Formula Hidden automatic calculation, no entry required. The rounding of the average of columns U, V, and W, adding 1 to the result if the initiative's approval falls within your accountability (column P).
    Y Formula Hidden automatic calculation, no entry required. The sum of columns T and X, adding 3 for Reduce Unwarranted IT Spending, and 1 to Optimize Cost-to-value (column H).
    Z Formula Hidden automatic calculation, no entry required. Preliminary priority assessment based on the Define Priority Threshold worksheet (hidden, see next slide).

    Review the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Validate cost and feasibility estimates (columns I to P previously filled - steps 2.2 and 3.1) driving the Priority Score and Preliminary Priority Assessment.

    Template & Example

    Priority threshold rationale

    Excel Workbook: IT Cost Optimization – Define Priority Threshold Worksheet

    Refer to the screenshot of the Define Priority Threshold worksheet below to understand the rationale behind the priority score and priority level:

    Priority threshold rationale

    Template & Example

    Estimate your timeline

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete timeline estimates for each asset optimization initiative:

    Estimate your timeline

    Column ID Input Type Guidelines
    AA, AC Dropdown Select the quarter(s) in which you plan to begin and complete your initiative.
    AB, AD Dropdown Select the year(s) in which you plan to begin and complete your initiative.
    AE Dropdown Select the number of remaining quarters, in the current fiscal year, after you complete the initiative (0 to 4); based on columns AA to AD.
    AF Formula Automatic calculation, no entry required. Estimate of cost savings in the current fiscal year, based on the remaining quarters after implementation. The entry in column AE is divided by 4, and the result is multiplied by the related estimated cost savings per year (entry in column L).
    AG Dropdown Select if cost savings after the implementation of the underlying initiative will be permanent or temporary.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate quarter and year to start and complete the initiative.
    3. Identify the time remaining in your current budget cycle after the completion of the initiative.

    Template & Example

    Make your final decisions

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to assign the final priority for each asset optimization initiative, and include it in your 12-month roadmap:

    Make your final decisions

    Column ID Row ID Input Type Guidelines
    AH - Dropdown Select your final priority decision after reviewing the preliminary priority assessment (column Z) and timeline estimates (columns AA to AG).
    AI - Dropdown Select whether you want to include the initiative in your 12-month roadmap (Yes or No).
    AK, AL 5 Formula Automatic calculation, no entry required. The total number of initiatives you decided to include in your 12-month roadmap; based on column AI when Yes is selected.
    AK, AL 6 Formula Automatic calculation, no entry required. Total estimated cost savings per year after the initiative's completion; based on column L when included in the 12-month roadmap (column AI when Yes is selected)
    AK, AL 7 Formula Automatic calculation, no entry required. Total estimated cost savings in the current fiscal year; based on column AF when included in the 12-month roadmap (column AI when Yes is selected)
    • Estimated cost savings per year refer to cost savings fully realized by the end of the upcoming fiscal year, following the initiatives' implementation.
    • Estimated cost savings in the current budget cycle, refer to cost savings partially realized in the current fiscal year, after the initiatives' implementation.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the final priority of the initiative.
    3. Decide whether you want to include the initiative in your 12-month roadmap.

    3.2.2 Prioritize your vendor optimization initiatives

    1 hour

    1. Review each vendor optimization initiative to set the priority.
    2. Validate your cost and feasibility estimates and consider the automated evaluation, in the IT Cost Optimization Workbook, providing you with a preliminary priority based on your cost and feasibility estimates (see next slides).
    3. Revisit your overarching goals (step 1.4) as you will assess the time it will take you to complete your initiatives and prioritize accordingly.
    4. Determine your start and end date for each initiative based on your journey, objectives, and overarching goals. Consider the urgency of each initiative. Document the quarter and year for your start and end dates in the IT Cost Optimization Workbook (see next slides).
    5. Identify the time remaining in your current budget cycle after the completion of each initiative to get a cost savings estimate for the current fiscal year. Document the number of remaining quarters (0, 1, 2, 3, or 4) in the IT Cost Optimization Workbook (see next slides).
    6. Decide on the priority of each initiative (High, Medium, or Low), and document it in the IT Cost Optimization Workbook (see next slides).
    7. Revisit the priority decision after prioritizing all your initiatives and determine which ones to include in your 12-month roadmap; consider the number of initiatives you can tackle at the same time within a 12-month period. Document your final decision (Yes or No) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    Input Output
    • Vendor optimization initiatives
    • Time and priority estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    Materials Participants
    • Define Priority Threshold tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • IT vendor management lead
    • Other IT management

    Template & Example

    Understand your priority assessment

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how the preliminary priority assessment is assigned, for each vendor optimization initiative, noting that columns Q to X are hidden automatic calculations and should not be touched:

    Understand your priority assessment

    Column ID Input Type Guidelines
    R Formula Hidden automatic calculation, no entry required. Rank of estimate cost savings (per year) in ascending order (higher cost savings implies a higher rank).
    S Formula Hidden automatic calculation, no entry required. Cost Savings Score on a scale of 1 to 3, where the top third in Cost Savings Rank are assigned a score of 1, the bottom third a score of 3, and in between a score of 2, noting that negative cost savings would imply a -1 score.
    T Formula Hidden automatic calculation, no entry required. Cost Score adds 1 to the Cost Savings Score if the underlying initiative is within the budget.
    U, V, W Formula Hidden automatic calculation, no entry required. A score on a scale of 1 to 3 based on input of columns M, N, and O, where Low or Positive Impact is assigned a score of 3, Medium or No Impact a score of 2, and High or Negative Impact a score of 1.
    X Formula Hidden automatic calculation, no entry required. The rounding of the average of columns U, V, and W, adding 1 to the result if the initiative's approval falls within your accountability (column P).
    Y Formula Hidden automatic calculation, no entry required. The sum of columns T and X, adding 3 for Reduce Unwarranted IT Spending, and 1 to Optimize Cost-to-Value (column H).
    Z Formula Hidden automatic calculation, no entry required. Preliminary priority assessment based on the Define Priority Threshold worksheet (hidden, see next slide).

    Review the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Validate cost and feasibility estimates (columns I to P previously filled - steps 2.2 and 3.1) driving the Priority Score and Preliminary Priority Assessment.

    Template & Example

    Priority Threshold Rationale

    Excel Workbook: IT Cost Optimization – Define Priority Threshold Worksheet

    Refer to the screenshot of the Define Priority Threshold worksheet below to understand the rationale behind the Priority Score and Priority Level:

    Priority Threshold Rationale

    Template & Example

    Estimate your timeline

    Excel Workbook: IT Cost Optimization – Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete timeline estimates for each vendor optimization initiative:

    Estimate your timeline

    Column ID Input Type Guidelines
    AA, AC Dropdown Select the quarter(s) in which you plan to begin and complete your initiative.
    AB, AD Dropdown Select the year(s) in which you plan to begin and complete your initiative.
    AE Dropdown Select the number of remaining quarters, in the current fiscal year, after you complete the initiative (0 to 4); based on columns AA to AD.
    AF Formula Automatic calculation, no entry required. Estimate of cost savings in the current fiscal year, based on the remaining quarters after implementation. The entry in column AE is divided by 4, and the result is multiplied by the related estimated cost savings per year (entry in column L).
    AG Dropdown Select if cost savings after the implementation of the underlying initiative will be Permanent or Temporary.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate quarter and year to start and complete the initiative.
    3. Identify the time remaining in your current budget cycle after the completion of the initiative.

    Template & Example

    Make your final decisions

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to assign the final priority for each vendor optimization initiative, and include it in your 12-month roadmap:

    Make your final decisions

    Column ID Row ID Input Type Guidelines
    AH - Dropdown Select your final priority decision after reviewing the preliminary priority assessment (column Z) and timeline estimates (columns AA to AG).
    AI - Dropdown Select whether you want to include the initiative in your 12-month roadmap (Yes or No).
    AK, AL 5 Formula Automatic calculation, no entry required. The total number of initiatives you decided to include in your 12-month roadmap; based on column AI when Yes is selected.
    AK, AL 6 Formula Automatic calculation, no entry required. Total estimated cost savings per year after the initiative's completion; based on column L when included in the 12-month roadmap (column AI when Yes is selected)
    AK, AL 7 Formula Automatic calculation, no entry required. Total estimated cost savings in the current fiscal year; based on column AF when included in the 12-month roadmap (column AI when Yes is selected)
    • Estimated cost savings per year refer to cost savings fully realized by the end of the upcoming fiscal year, following the initiatives' implementation.
    • Estimated cost savings in the current budget cycle, refer to cost savings partially realized in the current fiscal year, after the initiatives' implementation.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the final priority of the initiative.
    3. Decide whether you want to include the initiative in your 12-month roadmap.

    3.2.3 Prioritize your project portfolio optimization initiatives

    1 hour

    1. Review each project portfolio optimization initiative to set the priority.
    2. Validate your cost and feasibility estimates and consider the automated evaluation, in the IT Cost Optimization Workbook, providing you with a preliminary priority based on your cost and feasibility estimates (see next slides).
    3. Revisit your overarching goals (step 1.4) as you will assess the time it will take you to complete your initiatives and prioritize accordingly.
    4. Determine your start and end date for each initiative based on your journey, objectives, and overarching goals. Consider the urgency of each initiative. Document the quarter and year for your start and end dates in the IT Cost Optimization Workbook (see next slides).
    5. Identify the time remaining in your current budget cycle after the completion of each initiative to get a cost savings estimate for the current fiscal year. Document the number of remaining quarters (0, 1, 2, 3, or 4) in the IT Cost Optimization Workbook (see next slides).
    6. Decide on the priority of each initiative (High, Medium, or Low), and document it in the IT Cost Optimization Workbook (see next slides).
    7. Revisit the priority decision after prioritizing all your initiatives and determine which ones to include in your 12-month roadmap; consider the number of initiatives you can tackle at the same time within a 12-month period. Document your final decision (Yes or No) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Project portfolio optimization initiatives
    • Time and priority estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Priority Threshold tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • PMO lead
    • Other IT management

    Template & Example

    Understand your priority assessment

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how the preliminary priority assessment is assigned, for each project portfolio optimization initiative, noting that columns Q to X are hidden automatic calculations and should not be touched:

    Understand your priority assessment

    Column ID Input Type Guidelines
    R Formula Hidden automatic calculation, no entry required. Rank of Estimate Cost Savings (per year) in ascending order (higher cost savings implies a higher rank).
    S Formula Hidden automatic calculation, no entry required. Cost Savings Score on a scale of 1 to 3, where the top third in Cost Savings Rank are assigned a score of 1, the bottom third a score of 3, and in between a score of 2, noting that negative cost savings would imply a -1 score.
    T Formula Hidden automatic calculation, no entry required. Cost Score adds 1 to the Cost Savings Score if the underlying initiative is within the budget.
    U, V, W Formula Hidden automatic calculation, no entry required. A score on a scale of 1 to 3 based on input of columns M, N, and O, where Low or Positive Impact is assigned a score of 3, Medium or No Impact a score of 2, and High or Negative Impact a score of 1.
    X Formula Hidden automatic calculation, no entry required. The rounding of the average of columns U, V, and W, adding 1 to the result if the initiative's approval falls within your accountability (column P).
    Y Formula Hidden automatic calculation, no entry required. The sum of columns T and X, adding 3 for Reduce Unwarranted IT Spending, and 1 to Optimize Cost-to-Value (column H).
    Z Formula Hidden automatic calculation, no entry required. Preliminary Priority Assessment based on the Define Priority Threshold worksheet (hidden, see next slide).

    Review the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Validate cost and feasibility estimates (columns I to P previously filled - steps 2.2 and 3.1) driving the Priority Score and Preliminary Priority Assessment.

    Template & Example

    Priority Threshold Rationale

    Excel Workbook: IT Cost Optimization - Define Priority Threshold Worksheet

    Refer to the screenshot of the Define Priority Threshold worksheet below to understand the rationale behind the Priority Score and Priority Level:

    Priority threshold rationale

    Template & Example

    Estimate your timeline

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete timeline estimates for each project portfolio optimization initiative:

    Estimate your timeline

    Column ID Input Type Guidelines
    AA, AC Dropdown Select the quarter(s) in which you plan to begin and complete your initiative.
    AB, AD Dropdown Select the year(s) in which you plan to begin and complete your initiative.
    AE Dropdown Select the number of remaining quarters, in the current fiscal year, after you complete the initiative (0 to 4); based on columns AA to AD.
    AF Formula Automatic calculation, no entry required. Estimate of cost savings in the current fiscal year, based on the remaining quarters after implementation. The entry in column AE is divided by 4, and the result is multiplied by the related estimated cost savings per year (entry in column L).
    AG Dropdown Select if cost savings after the implementation of the underlying initiative will be Permanent or Temporary.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate quarter and year to start and complete the initiative.
    3. Identify the time remaining in your current budget cycle after the completion of the initiative.

    Template & Example

    Make your final decisions

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to assign the final priority for each project portfolio optimization initiative and include it in your 12-month roadmap:

    Make your final decisions

    Column ID Row ID Input Type Guidelines
    AH - Dropdown Select your final priority decision after reviewing the preliminary priority assessment (column Z) and timeline estimates (columns AA to AG).
    AI - Dropdown Select whether you want to include the initiative in your 12-month roadmap (Yes or No).
    AK, AL 5 Formula Automatic calculation, no entry required. The total number of initiatives you decided to include in your 12-month roadmap; based on column AI when Yes is selected.
    AK, AL 6 Formula Automatic calculation, no entry required. Total estimated cost savings per year after the initiative's completion; based on column L when included in the 12-month roadmap (column AI when Yes is selected)
    AK, AL 7 Formula Automatic calculation, no entry required. Total estimated cost savings in the current fiscal year; based on column AF when included in the 12-month roadmap (column AI when Yes is selected)
    • Estimated cost savings per year refer to cost savings fully realized by the end of the upcoming fiscal year, following the initiatives' implementation.
    • Estimated cost savings in the current budget cycle, refer to cost savings partially realized in the current fiscal year, after the initiatives' implementation.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the final priority of the initiative.
    3. Decide whether you want to include the initiative in your 12-month roadmap.

    3.2.4 Prioritize your workforce optimization initiatives

    1 hour

    1. Review each workforce optimization initiative to set the priority.
    2. Validate your cost and feasibility estimates and consider the automated evaluation, in the IT Cost Optimization Workbook, providing you with a preliminary priority based on your cost and feasibility estimates (see next slides).
    3. Revisit your overarching goals (step 1.4) as you will assess the time it will take you to complete your initiatives and prioritize accordingly.
    4. Determine your start and end date for each initiative based on your journey, objectives, and overarching goals. Consider the urgency of each initiative. Document the quarter and year for your start and end dates in the IT Cost Optimization Workbook (see next slides).
    5. Identify the time remaining in your current budget cycle after the completion of each initiative to get a cost savings estimate for the current fiscal year. Document the number of remaining quarters (0, 1, 2, 3, or 4) in the IT Cost Optimization Workbook (see next slides).
    6. Decide on the priority of each initiative (High, Medium, or Low), and document it in the IT Cost Optimization Workbook (see next slides).
    7. Revisit the priority decision after prioritizing all your initiatives and determine which ones to include in your 12-month roadmap; consider the number of initiatives you can tackle at the same time within a 12-month period. Document your final decision (Yes or No) in the IT Cost Optimization Workbook (see next slides).

    Download the IT Cost Optimization Workbook

    InputOutput
    • Workforce optimization initiatives
    • Time and priority estimates of cost optimization initiatives in the IT Cost Optimization Workbook
    MaterialsParticipants
    • Define Priority Threshold tab in the IT Cost Optimization Workbook
    • Outline Initiatives tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT finance lead
    • Talent management representative
    • Other IT management

    Template & Example

    Understand your priority assessment

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how the preliminary priority assessment is assigned, for each workforce optimization initiative, noting that columns Q to X are hidden automatic calculations and should not be touched:

    Understand your priority assessment

    Column ID Input Type Guidelines
    R Formula Hidden automatic calculation, no entry required. Rank of Estimate Cost Savings (per year) in ascending order (higher cost savings implies a higher rank).
    S Formula Hidden automatic calculation, no entry required. Cost Savings Score on a scale of 1 to 3, where the top third in Cost Savings Rank are assigned a score of 1, the bottom third a score of 3, and in between a score of 2, noting that negative cost savings would imply a -1 score.
    T Formula Hidden automatic calculation, no entry required. Cost Score adds 1 to the Cost Savings Score if the underlying initiative is within the budget.
    U, V, W Formula Hidden automatic calculation, no entry required. A score on a scale of 1 to 3 based on input of columns M, N, and O, where Low or Positive Impact is assigned a score of 3, Medium or No Impact a score of 2, and High or Negative Impact a score of 1.
    X Formula Hidden automatic calculation, no entry required. The rounding of the average of columns U, V, and W, adding 1 to the result if the initiative's approval falls within your accountability (column P).
    Y Formula Hidden automatic calculation, no entry required. The sum of columns T and X, adding 3 for Reduce Unwarranted IT Spending, and 1 to Optimize Cost-to-Value (column H).
    Z Formula Hidden automatic calculation, no entry required. Preliminary Priority Assessment based on the Define Priority Threshold worksheet (hidden, see next slide).

    Review the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Validate cost and feasibility estimates (columns I to P previously filled - steps 2.2 and 3.1) driving the Priority Score and Preliminary Priority Assessment.

    Template & Example

    Priority Threshold Rationale

    Excel Workbook: IT Cost Optimization - Define Priority Threshold

    Refer to the screenshot of the Define Priority Threshold worksheet below to understand the rationale behind the Priority Score and Priority Level:

    Priority Threshold Rationale

    Template & Example

    Estimate your timeline

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to complete timeline estimates for each workforce optimization initiative:

    Estimate your timeline

    Column ID Input Type Guidelines
    AA, AC Dropdown Select the quarter(s) in which you plan to begin and complete your initiative.
    AB, AD Dropdown Select the year(s) in which you plan to begin and complete your initiative.
    AE Dropdown Select the number of remaining quarters, in the current fiscal year, after you complete the initiative (0 to 4); based on columns AA to AD.
    AF Formula Automatic calculation, no entry required. Estimate of cost savings in the current fiscal year, based on the remaining quarters after implementation. The entry in column AE is divided by 4, and the result is multiplied by the related estimated cost savings per year (entry in column L).
    AG Dropdown Select if cost savings after the implementation of the underlying initiative will be Permanent or Temporary.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the appropriate quarter and year to start and complete the initiative.
    3. Identify the time remaining in your current budget cycle after the completion of the initiative.

    Template & Example

    Make your final decisions

    Excel Workbook: IT Cost Optimization - Outline Initiatives Worksheet

    Refer to the example and guidelines below on how to assign the final priority for each workforce optimization initiative, and include it in your 12-month roadmap:

    Make your final decisions

    Column ID Row ID Input Type Guidelines
    AH - Dropdown Select your final priority decision after reviewing the preliminary priority assessment (column Z) and timeline estimates (columns AA to AG).
    AI - Dropdown Select whether you want to include the initiative in your 12-month roadmap (Yes or No).
    AK, AL 5 Formula Automatic calculation, no entry required. The total number of initiatives you decided to include in your 12-month roadmap; based on column AI when Yes is selected.
    AK, AL 6 Formula Automatic calculation, no entry required. Total estimated cost savings per year after the initiative's completion; based on column L when included in the 12-month roadmap (column AI when Yes is selected)
    AK, AL 7 Formula Automatic calculation, no entry required. Total estimated cost savings in the current fiscal year; based on column AF when included in the 12-month roadmap (column AI when Yes is selected)
    • Estimated cost savings per year refer to cost savings fully realized by the end of the upcoming fiscal year, following the initiatives' implementation.
    • Estimated cost savings in the current budget cycle, refer to cost savings partially realized in the current fiscal year, after the initiatives' implementation.

    Complete the following fields for each initiative in the Excel Workbook as per guidelines:

    1. Navigate to the Outline Initiatives tab.
    2. Determine the final priority of the initiative.
    3. Decide whether you want to include the initiative in your 12-month roadmap.

    3.3 Develop your cost optimization roadmap

    1 hour

    1. Conduct a final evaluation of your timeline, priority decision, and initiatives you wish to include in your 12-month roadmap. Do they make sense, are they achievable, and do they all contribute individually and collectively to reaching your cost optimization goals?
    2. Review your 12-month roadmap outputs in the IT Cost Optimization Workbook (see next slides).
    3. Make adjustments to your 12-month roadmap by adding or removing initiatives as you deem necessary (step 3.2).
    4. Document your final roadmap - including initiatives and relative time frames for execution - in the IT Cost Optimization Roadmap templates provided (see slide 97). The 12-month roadmap outputs from the IT Cost Optimization Workbook (see next slide) can facilitate this task.

    Download the IT Cost Optimization Workbook

    Input Output
    • Outline Initiatives tab in the IT Cost Optimization Workbook, output from previous steps
    • IT Cost Optimization Roadmap
    Materials Participants
    • Outline Initiatives Charts tab in the IT Cost Optimization Workbook
    • Diagram Results tab in the IT Cost Optimization Workbook
    • List Results tab in the IT Cost Optimization Workbook
    • Timeline Result tab in the IT Cost Optimization Workbook
    • CIO/IT director
    • IT financial lead
    • Other IT management

    Template & Example

    Potential Cost Savings Per Year

    Excel Workbook: IT Cost Optimization - Outline Initiatives Charts Worksheet

    Refer to the example below on charts depicting different views of estimated cost savings per year across the four optimization levers (Assets, Vendors, Project Portfolio, and Workforce) that could help you in your assessment and decision making.

    Potential cost savings per year

    From the Excel Workbook, after completing your potential initiatives and filling all related entries in the Outline Initiatives tab:

    1. Navigate to the Outline Initiatives Charts tab.
    2. Review each of the charts.
    3. Navigate back to the Outline Initiatives tab to examine, drill down, and amend individual initiative entries or final decisions as you deem necessary.

    Template & Example

    12-month Roadmap Outputs

    Excel Workbook: IT Cost Optimization - Diagram Results, List Results, and Timeline Result Worksheets

    Refer to the example below depicting different roadmap output that could help you in presentations, assessment, and decision making.

    12-month Roadmap Outputs

    From the Excel Workbook:

    1. Navigate to the Diagram Results tab. This bubble diagram represent cost optimization initiatives by objective where each bubble size is determined by its estimated cost saving per year.
    2. Navigate to the List Results tab. You will find a list of the cost optimizations initiatives you've chosen to include in your roadmap and related charts.
    3. Navigate to the Timeline Result tab. This Gantt chart is a timeline view of the cost optimizations initiatives you've chosen to include in your roadmap.

    Download the IT Cost Optimization Workbook

    IT cost optimization roadmap

    Phase 4

    Communicate and Execute

    Phase 1
    Understand Your Mandate and Objectives

    Phase 2
    Outline Your Cost Optimization Initiatives

    Phase 3
    Develop Your IT Cost Optimization Roadmap

    Phase 4
    Communicate and Execute

    This phase will walk you through the following activities:

    • Cost optimization communication plan
    • Cost optimization executive presentation

    This phase involves the following participants:

    • CIO/IT director
    • IT finance lead
    • PMO lead
    • Other IT management

    Build Your IT Cost Optimization Roadmap

    4.1 Build the communication plan

    45 to 60 minutes

    1. Use the Cost Optimization Communication Plan templates and guidance on the following slides.
    2. Complete the template to develop your communication plan for your cost optimization proposal and initiatives. At a minimum, it should include:
      1. Steps for preparing and presenting your proposal to decision-makers, sponsors, and other stakeholders, including named presenters and points of contact in IT.
      2. Checkpoints for communication throughout the execution of each initiative and the cost optimization roadmap overall, including target audiences, accountabilities, modes and methods of communication, type/scope of information to be communicated at each checkpoint, and any decision/approval steps.

    Download the IT Cost Optimization Workbook

    InputOutput
    • Cost optimization roadmap
    • Completed draft of the Cost Optimization Communication Plan
    MaterialsParticipants
    • IT Cost Optimization Workbook
    • IT Cost Optimization Roadmap
    • Info-Tech's Cost Optimization Communication Plan template
    • CIO/IT director
    • IT financial lead
    • Other IT management

    Understand a communication strategy's purpose

    Put as much effort into developing your communication strategy as you would into planning and executing the cost optimization initiatives themselves. Don't skip this part.

    Your communication strategy has two major components ...

    1. A tactical plan for how and when you'll communicate with stakeholders about your proposals, activities, and progress toward meeting cost optimization goals.
    2. An executive or board presentation that outlines your final proposed cost optimization initiatives, their respective business cases, and resources/support required with the goal of gaining approval to execute.

    Your communication strategy will need to ...

    • Provide answers to the "What's in it for me?" question from all impacted stakeholders.
    • Roles, responsibilities, and accountabilities before, during, and after initiatives are completed.
    • Descriptions and high-level information about dates, deliverables, and impacts of the specific changes being made.

    You will also develop more detailed operational and project plans for each initiative. IT will use these plans to manage and track the execution of individual initiatives when the time comes.

    Template & Example

    Document the overall what and why of your planned communications

    Component Purpose Context Key Messages Intended Outcomes
    Definition Description of the topic and why you're communicating with this specific audience right now. Background information about the broader situation and how you got to where you are today. The main points you want your target audience to hear/read, absorb, and remember. What you hope you and your audience will get at the end of the communication or effort.
    Our Language
    • IT is proposing an organization-wide array of initiatives in order to reduce IT costs. We are seeking your approval and support to carry out these initiatives.
    • [Purpose]
    • The economy is in active downturn and may become a full recession.
    • IT is anticipating mandatory cost reductions and has opted to take a proactive position.
    • We used an analytical framework to look at all areas of the organization to identify and prioritize IT cost-reduction opportunities.
    • [Context]
    • IT is being proactive.
    • IT is sensitive to the business.
    • IT needs your support.
    • IT is committed to keeping you informed at every step.
    • IT wants to position the organization for rapid recovery when the economy improves.
    • [Message]
    • Buy-in, approval, and ongoing support for cost optimization initiatives proposed.
    • Update on the status of specific initiatives, including what's happened, progress, and what's coming next.
    • [Outcome]

    Template & Example

    Next, note the who, how, and when of your communication plan

    Stakeholder/Approver Initiatives Impact Format Time frame Messenger
    CEO
    • Reduce number of Minitab licenses
    • Defer hiring of new data architecture position
    • Cancel VR simulation project
    Indefinitely delays current strategic projects Monthly meeting discussion Last Wednesday of every month starting Oct. 26, FY1 CIO, IT data analytics project lead, IT VR project lead
    IT Steering Committee
    • Adjust service level framework and level assignments
    • Postpone purchases for network modernization
    • Postpone workstation/laptop upgrades for non-production functions
    • Outsource data analytics project
    Nearly all of these initiatives are enterprise-wide or affect multiple departments. Varying direct and indirect impacts will need to be independently communicated for each initiative if approved by the ITS.

    Formal presentation at quarterly ITS meetings

    Monthly progress updates via email bulletin

    Approval presentation: Oct. 31, FY1

    Quarterly updates: Jan. 31, Apr. 28, and Jul. 28, FY2

    CIO, IT service director, IT infrastructure director, IT data analytics project lead
    VP of Sales
    • Pause Salesforce view redesign project
    Delays new sales tool efficiency improvement. Meeting discussion Nov. FY1 CIO, IT Salesforce view redesign project lead
    [Name/Title/Group]
    • [Initiative]
    • [Initiative]
    [Impact statement] [Format] [Date/Period] [Name/Title]
    [Name/Title/Group]
    • [Initiative]
    • [Initiative]
    [Impact statement] [Format] [Date/Period] [Name/Title]
    [Name/Title/Group]
    • [Initiative]
    • [Initiative]
    [Impact statement] [Format] [Date/Period] [Name/Title]

    4.2 Build the executive presentation

    45-60 minutes

    1. Download Info-Tech's IT Cost Optimization Roadmap Samples and Templates.
    2. Update the content with the outputs of your cost optimization roadmap and data/graph elements from the IT Cost Optimization Workbook. Refer to your organization's standards and norms for executive-level presentations and adapt accordingly.

    Download IT Cost Optimization Roadmap Samples and Templates

    Input Output
    • IT Cost Optimization Roadmap
    • IT Cost Optimization Workbook
    • Completed draft of the IT Cost Optimization Executive Presentation
    Materials Participants
    • IT Cost Optimization Workbook
    • IT Cost Optimization Roadmap Samples and Templates
    • CIO/IT directors
    • IT financial lead
    • Other IT management

    Summary of Accomplishment

    Congratulations! You now have an IT cost optimization strategy and a communication plan.

    Throughout this blueprint, you have:

    1. Identified your IT mandate and cost optimization journey.
    2. Outlined your initiatives across the four levers (assets, vendors, project portfolio, and workforce).
    3. Put together a 12-month IT cost optimization roadmap.
    4. Developed a communication strategy and crafted an executive presentation - your initial step to communicate and discuss IT cost optimization initiatives with your key stakeholders.

    What's next?

    Communicate with your stakeholders, then follow your internal project policies and procedures to get the necessary approvals as required. Once obtained, you can start the execution and implementation of your IT cost optimization strategy.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com
    1-888-670-8889

    Research Contributors and Experts

    Jennifer Perrier, Principal Research Director, IT Financial Management

    Jennifer Perrier
    Principal Research Director, IT Financial Management
    Info-Tech Research Group

    Jack Hakimian, Senior Vice President, Research Development

    Jack Hakimian
    Senior Vice President, Research Development
    Info-Tech Research Group

    Graham Price, Senior Executive Counselor, Executive Services

    Graham Price
    Senior Executive Counselor, Executive Services
    Info-Tech Research Group

    Travis Duncan, Research Director, Project & Portfolio Management

    Travis Duncan
    Research Director, Project & Portfolio Management
    Info-Tech Research Group

    Dave Kish, Practice Lead, IT Financial Management

    Dave Kish
    Practice Lead, IT Financial Management
    Info-Tech Research Group

    Baird Miller, PhD, Senior Executive Advisor, Executive Services

    Baird Miller, PhD
    Senior Executive Advisor, Executive Services
    Info-Tech Research Group

    Other Research Contributors and Experts

    Monica Braun
    Research Director, IT Financial Management
    Info-Tech Research Group

    Sandi Conrad
    Principal Advisory Director, Infrastructure & Operations
    Info-Tech Research Group

    Phil Bode
    Principal Advisory Director, Vendor Management
    Info-Tech Research Group

    Donna Glidden
    Advisory Director, Vendor Management
    Info-Tech Research Group

    Barry Cousins
    Distinguished Analyst & Research Fellow
    Info-Tech Research Group

    Andrew Sharp
    Research Director, Infrastructure & Operations Practice
    Info-Tech Research Group

    Frank Sewell
    Advisory Director, Vendor Management
    Info-Tech Research Group

    Related Info-Tech Research

    Achieve IT Spend & Staffing Transparency
    Most CIOs, CFOs, and business function leaders don't enjoy a shared vocabulary when it comes to talking about technology spend. As a result, truly meaningful conversations about where and how to spend technology funds in support of business goals are rare. Enable these important conversations by transparently mapping your IT spend data against four key stakeholder views.

    Reduce Shadow IT With a Service Request Catalog
    As the business gets more innovative to solve its problems, IT finds itself in reactive mode, dealing with software bloat, managing surprise SaaS renewals, and having to integrate products that they didn't know were purchased. To solve this, IT needs to focus on service and visibility to counter Shadow IT.

    Bibliography

    "A Short Guide to Structured Cost Reduction." National Audit Office, 18 June 2010. Web.

    "IT Cost Savings: A Guide to Application Rationalization." LeanIX, 2021. Web.

    Jouravlev, Roman. "Service Financial Management: ITIL 4 Practice Guide." Axelos, 30 April 2020. Web.

    Leinwand, Paul, and Vinay Couto. "How to Cut Costs More Strategically." Harvard Business Review, March 2017. Web.

    "Role & Influence of the Technology Decision-Maker 2022." Foundry, 2022. Web.

    "State of the CIO 2022." CIO, 2022. Web.

    "The Definitive Guide to IT Cost Optimization." LeanIX, n.d. Web.

    "Understand the Principles of Cost Optimization." Google Cloud, n.d. Web.

    Redesign Your IT Organizational Structure

    • Buy Link or Shortcode: {j2store}275|cart{/j2store}
    • member rating overall impact (scale of 10): 9.2/10 Overall Impact
    • member rating average dollars saved: $71,830 Average $ Saved
    • member rating average days saved: 25 Average Days Saved
    • Parent Category Name: Organizational Design
    • Parent Category Link: /organizational-design

    Most organizations go through an organizational redesign to:

    • Better align to the strategic objectives of the organization.
    • Increase the effectiveness of IT as a function.
    • Provide employees with clarity in their roles and responsibilities.
    • Support new capabilities.
    • Better align IT capabilities to suit the vision.
    • Ensure the IT organization can support transformation initiatives.

    Our Advice

    Critical Insight

    • Organizational redesign is only as successful as the process leaders engage in. It shapes a story framed in a strong foundation of need and a method to successfully implement and adopt the new structure.
    • Benchmarking your organizational redesign to other organizations will not work. Other organizations have different strategies, drivers, and context. It’s important to focus on your organization, not someone else's.
    • You could have the best IT employees in the world, but if they aren’t structured well your organization will still fail in reaching its vision.

    Impact and Result

    • We are often unsuccessful in organizational redesign because we lack an understanding of why this initiative is required or fail to recognize that it is a change initiative.
    • Successful organizational design requires a clear understanding of why it is needed and what will be achieved by operating in a new structure.
    • Additionally, understanding the impact of the change initiative can lead to greater adoption by core stakeholders.

    Redesign Your IT Organizational Structure Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Redesign Your IT Organizational Structure Deck – A defined method of redesigning your IT structure that is founded by clear drivers and consistently considering change management practices.

    The purpose of this storyboard is to provide a four-phased approach to organizational redesign.

    • Redesign Your IT Organizational Structure – Phases 1-4

    2. Communication Deck – A method to communicate the new organizational structure to critical stakeholders to gain buy-in and define the need.

    Use this templated Communication Deck to ensure impacted stakeholders have a clear understanding of why the new organizational structure is needed and what that structure will look like.

    • Organizational Design Communications Deck

    3. Redesign Your IT Organizational Structure Executive Summary Template – A template to secure executive leadership buy-in and financial support for the new organizational structure to be implemented.

    This template provides IT leaders with an opportunity to present their case for a change in organizational structure and roles to secure the funding and buy-in required to operate in the new structure.

    • Redesign Your IT Organizational Structure Executive Summary

    4. Redesign Your IT Organizational Structure Workbook – A method to document decisions made and rationale to support working through each phase of the process.

    This Workbook allows IT and business leadership to work through the steps required to complete the organizational redesign process and document key rationale for those decisions.

    • Redesign Your IT Organizational Structure Workbook

    5. Redesign Your IT Organizational Structure Operating Models and Capability Definitions – A tool that can be used to provide clarity on the different types of operating models that exist as well as the process definitions of each capability.

    Refer to this tool when working through the redesign process to better understand the operating model sketches and the capability definitions. Each capability has been tied back to core frameworks that exist within the information and technology space.

    • Redesign Your IT Organizational Structure Operating Models and Capability Definitions

    Infographic

    Workshop: Redesign Your IT Organizational Structure

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish the Organizational Design Foundation

    The Purpose

    Lay the foundation for your organizational redesign by establishing a set of organizational design principles that will guide the redesign process.

    Key Benefits Achieved

    Clearly articulate why this organizational redesign is needed and the implications the strategies and context will have on your structure.

    Activities

    1.1 Define the org design drivers.

    1.2 Document and define the implications of the business context.

    1.3 Align the structure to support the strategy.

    1.4 Establish guidelines to direct the organizational design process.

    Outputs

    Clear definition of the need to redesign the organizational structure

    Understanding of the business context implications on the organizational structure creation.

    Strategic impact of strategies on organizational design.

    Customized Design Principles to rationalize and guide the organizational design process.

    2 Create the Operating Model Sketch

    The Purpose

    Select and customize an operating model sketch that will accurately reflect the future state your organization is striving towards. Consider how capabilities will be sourced, gaps in delivery, and alignment.

    Key Benefits Achieved

    A customized operating model sketch that informs what capabilities will make up your IT organization and how those capabilities will align to deliver value to your organization.

    Activities

    2.1 Augmented list of IT capabilities.

    2.2 Capability gap analysis

    2.3 Identified capabilities for outsourcing.

    2.4 Select a base operating model sketch.

    2.5 Customize the IT operating model sketch.

    Outputs

    Customized list of IT processes that make up your organization.

    Analysis of which capabilities require dedicated focus in order to meet goals.

    Definition of why capabilities will be outsourced and the method of outsourcing used to deliver the most value.

    Customized IT operating model reflecting sourcing, centralization, and intended delivery of value.

    3 Formalize the Organizational Structure

    The Purpose

    Translate the operating model sketch into a formal structure with defined functional teams, roles, reporting structure, and responsibilities.

    Key Benefits Achieved

    A detailed organizational chart reflecting team structures, reporting structures, and role responsibilities.

    Activities

    3.1 Categorize your IT capabilities within your defined functional work units.

    3.2 Create a mandate statement for each work unit.

    3.3 Define roles inside the work units and assign accountability and responsibility.

    3.4 Finalize your organizational structure.

    Outputs

    Capabilities Organized Into Functional Groups

    Functional Work Unit Mandates

    Organizational Chart

    4 Plan for the Implementation & Change

    The Purpose

    Ensure the successful implementation of the new organizational structure by strategically communicating and involving stakeholders.

    Key Benefits Achieved

    A clear plan of action on how to transition to the new structure, communicate the new organizational structure, and measure the effectiveness of the new structure.

    Activities

    4.1 Identify and mitigate key org design risks.

    4.2 Define the transition plan.

    4.3 Create the change communication message.

    4.4 Create a standard set of FAQs.

    4.5 Align sustainment metrics back to core drivers.

    Outputs

    Risk Mitigation Plan

    Change Communication Message

    Standard FAQs

    Implementation and sustainment metrics.

    Further reading

    Redesign Your IT Organizational Structure

    Designing an IT structure that will enable your strategic vision is not about an org chart – it’s about how you work.

    EXECUTIVE BRIEF

    Analyst Perspective

    Structure enables strategy.

    The image contains a picture of Allison Straker.

    Allison Straker

    Research Director,

    Organizational Transformation

    The image contains a picture of Brittany Lutes.

    Brittany Lutes

    Senior Research Analyst,

    Organizational Transformation

    An organizational structure is much more than a chart with titles and names. It defines the way that the organization operates on a day-to-day basis to enable the successful delivery of the organization’s information and technology objectives. Moreover, organizational design sees beyond the people that might be performing a specific role. People and role titles will and often do change frequently. Those are the dynamic elements of organizational design that allow your organization to scale and meet specific objectives at defined points of time. Capabilities, on the other hand, are focused and related to specific IT processes.

    Redesigning an IT organizational structure can be a small or large change transformation for your organization. Create a structure that is equally mindful of the opportunities and the constraints that might exist and ensure it will drive the organization towards its vision with a successful implementation. If everyone understands why the IT organization needs to be structured that way, they are more likely to support and adopt the behaviors required to operate in the new structure.

    Executive Summary

    Your Challenge

    Your organization needs to reorganize itself because:

    • The current IT structure does not align to the strategic objectives of the organization.
    • There are inefficiencies in how the IT function is currently operating.
    • IT employees are unclear about their role and responsibilities, leading to inconsistencies.
    • New capabilities or a change in how the capabilities are organized is required to support the transformation.

    Common Obstacles

    Many organizations struggle when it comes redesigning their IT organizational structure because they:

    • Jump right into creating the new organizational chart.
    • Do not include the members of the IT leadership team in the changes.
    • Do not include the business in the changes.
    • Consider the context in which the change will take place and how to enable successful adoption.

    Info-Tech’s Approach

    Successful IT organization redesign includes:

    • Understanding the drivers, context, and strategies that will inform the structure.
    • Remaining objective by focusing on capabilities over people or roles.
    • Identifying gaps in delivery, sourcing strategies, customers, and degrees of centralization.
    • Remembering that organizational design is a change initiative and will require buy-in.

    Info-Tech Insight

    A successful redesign requires a strong foundation and a plan to ensure successful adoption. Without these, the organizational chart has little meaning or value.

    Your challenge

    This research is designed to help organizations who are looking to:

    • Redesign the IT structure to align to the strategic objectives of the enterprise.
    • Increase the effectiveness in how the IT function is operating in the organization.
    • Provide clarity to employees around their roles and responsibilities.
    • Ensure there is an ability to support new IT capabilities and/or align capabilities to better support the direction of the organization.
    • Align the IT organization to support a business transformation such as becoming digitally enabled or engaging in M&A activities.

    Organizational design is a challenge for many IT and digital executives

    69% of digital executives surveyed indicated challenges related to structure, team silos, business-IT alignment, and required roles when executing on a digital strategy.

    Source: MIT Sloan, 2020

    Common obstacles

    These barriers make IT organizational redesign difficult to address for many organizations:

    • Confuse organizational design and organizational charts as the same thing.
    • Start with the organizational chart, not taking into consideration the foundational elements that will make that chart successful.
    • Fail to treat organizational redesign as a change management initiative and follow through with the change.
    • Exclude impacted or influential IT leaders and/or business stakeholders from the redesign process.
    • Leverage an operating model because it is trending.

    To overcome these barriers:

    • Understand the context in which the changes will take place.
    • Communicate the changes to those impacted to enable successful adoption and implementation of a new organizational structure.
    • Understand that organizational design is for more than just HR leaders now; IT executives should be driving this change.

    Succeed in Organizational Redesign

    75% The percentage of change efforts that fail.

    Source: TLNT, 2019

    55% The percentage of practitioners who identify how information flows between work units as a challenge for their organization.

    Source: Journal of Organizational Design, 2019

    Organizational design defined

    If your IT strategy is your map, your IT organizational design represents the optimal path to get there.

    IT organizational design refers to the process of aligning the organization’s structure, processes, metrics, and talent to the organization’s strategic plan to drive efficiency and effectiveness.

    Why is the right IT organizational design so critical to success?

    Adaptability is at the core of staying competitive today

    Structure is not just an organizational chart

    Organizational design is a never-ending process

    Digital technology and information transparency are driving organizations to reorganize around customer responsiveness. To remain relevant and competitive, your organizational design must be forward looking and ready to adapt to rapid pivots in technology or customer demand.

    The design of your organization dictates how roles function. If not aligned to the strategic direction, the structure will act as a bungee cord and pull the organization back toward its old strategic direction (ResearchGate.net, 2014). Structure supports strategy, but strategy also follows structure.

    Organization design is not a one-time project but a continuous, dynamic process of organizational self-learning and continuous improvement. Landing on the right operating model will provide a solid foundation to build upon as the organization adapts to new challenges and opportunities.

    Understand the organizational differences

    Organizational Design

    Organizational design the process in which you intentionally align the organizational structure to the strategy. It considers the way in which the organization should operate and purposely aligns to the enterprise vision. This process often considers centralization, sourcing, span of control, specialization, authority, and how those all impact or are impacted by the strategic goals.

    Operating Model

    Operating models provide an architectural blueprint of how IT capabilities are organized to deliver value. The placement of the capabilities can alter the culture, delivery of the strategic vision, governance model, team focus, role responsibility, and more. Operating model sketches should be foundational to the organizational design process, providing consistency through org chart changes.

    Organizational Structure

    The organizational structure is the chosen way of aligning the core processes to deliver. This can be strategic, or it can be ad hoc. We recommend you take a strategic approach unless ad hoc aligns to your culture and delivery method. A good organizational structure will include: “someone with authority to make the decisions, a division of labor and a set of rules by which the organization operates” (Bizfluent, 2019).

    Organizational Chart

    The capstone of this change initiative is an easy-to-read chart that visualizes the roles and reporting structure. Most organizations use this to depict where individuals fit into the organization and if there are vacancies. While this should be informed by the structure it does not necessarily depict workflows that will take place. Moreover, this is the output of the organizational design process.

    Sources: Bizfluent, 2019; Strategy & Business, 2015; SHRM, 2021

    The Technology Value Trinity

    The image contains a diagram of the Technology Value Trinity as described in the text below.

    All three elements of the Technology Value Trinity work in harmony to delivery business value and achieve strategic needs. As one changes, the others need to change as well.

    How do these three elements relate?

    • Digital and IT strategy tells you what you need to achieve to be successful.
    • Operating model and organizational design align resources to deliver on your strategy and priorities. This is done by strategically structuring IT capabilities in a way that enables the organizations vision and considers the context in which the structure will operate.
    • I&T governance is the confirmation of IT’s goals and strategy, which ensures the alignment of IT and business strategy and is the mechanism by which you continuously prioritize work to ensure that what is delivered is in line with the strategy.

    Too often strategy, organizational design, and governance are considered separate practices – strategies are defined without teams and resources to support. Structure must follow strategy.

    Info-Tech’s approach to organizational design

    Like a story, a strategy without a structure to deliver on it is simply words on paper.

    Books begin by setting the foundation of the story.

    Introduce your story by:

    • Defining the need(s) that are driving this initiative forward.
    • Introducing the business context in which the organizational redesign must take place.
    • Outlining what’s needed in the redesign to support the organization in reaching its strategic IT goals.

    The plot cannot thicken without the foundation. Your organizational structure and chart should not exist without one either.

    The steps to establish your organizational chart - with functional teams, reporting structure, roles, and responsibilities defined – cannot occur without a clear definition of goals, need, and context. An organizational chart alone won’t provide the insight required to obtain buy-in or realize the necessary changes.

    Conclude your story through change management and communication.

    Good stories don’t end without referencing what happened before. Use the literary technique of foreshadowing – your change management must be embedded throughout the organizational redesign process. This will increase the likelihood that the organizational structure can be communicated, implemented, and reinforced by stakeholders.

    Info-Tech uses a capability-based approach to help you design your organizational structure

    Once your IT strategy is defined, it is critical to identify the capabilities that are required to deliver on those strategic initiatives. Each initiative will require a combination of these capabilities that are only supported through the appropriate organization of roles, skills, and team structures.

    The image contains a diagram of the various services and blueprints that Info-Tech has to offer.

    Embed change management into organizational design

    Change management practices are needed from the onset to ensure the implementation of an organizational structure.

    For each phase of this blueprint, its important to consider change management. These are the points when you need to communicate the structure changes:

    • Phase 1: Begin to socialize the idea of new organizational structure with executive leadership and explain how it might be impactful to the context of the organization. For example, a new control, governance model, or sourcing approach could be considered.
    • Phase 2: The chosen operating model will influence your relationships with the business and can create/eliminate silos. Ensure IT and business leaders have insight into these possible changes and a willingness to move forward.
    • Phase 3: The new organizational structure could create or eliminate teams, reduce or increase role responsibilities, and create different reporting structures than before. It’s time to communicate these changes with those most impacted and be able to highlight the positive outcomes of the various changes.
    • Phase 4: Should consider the change management practices holistically. This includes the type of change and length of time to reach the end state, communication, addressing active resistors, acquiring the right skills, and measuring the success of the new structure and its adoption.

    Info-Tech Insight

    Do not undertake an organizational redesign initiative if you will not engage in change management practices that are required to ensure its successful adoption.

    Measure the value of the IT organizational redesign

    Given that the organizational redesign is intended to align with the overall vision and objectives of the business, many of the metrics that support its success will be tied to the business. Adapt the key performance indicators (KPIs) that the business is using to track its success and demonstrate how IT can enable the business and improve its ability to reach those targets.

    Strategic Resources

    The percentage of resources dedicated to strategic priorities and initiatives supported by IT operating model. While operational resources are necessary, ensuring people are allocating time to strategic initiatives as well will drive the business towards its goal state. Leverage Info-Tech’s IT Staffing Assessment diagnostic to benchmark your IT resource allocation.

    Business Satisfaction

    Assess the improvement in business satisfaction overall with IT year over year to ensure the new structure continues to drive satisfaction across all business functions. Leverage Info-Tech’s CIO Business Vision diagnostic to see how your IT organization is perceived.

    Role Clarity

    The degree of clarity that IT employees have around their role and its core responsibilities can lead to employee engagement and retention. Consider measuring this core job driver by leveraging Info-Tech’s Employee Engagement Program.

    Customer & User Satisfaction

    Measure customer satisfaction with technology-enabled business services or products and improvements in technology-enabled client acquisition or retention processes. Assess the percentage of users satisfied with the quality of IT service delivery and leverage Info-Tech’s End-User Satisfaction Survey to determine improvements.

    Info-Tech’s methodology for Redesigning Your IT Organization

    Phase

    1. Establish the Organizational Design Foundation

    2. Create the Operating Model Sketch

    3. Formalize the Organizational Structure

    4. Plan for Implementation and Change

    Phase Outcomes

    Lay the foundation for your organizational redesign by establishing a set of organizational design principles that will guide the redesign process.

    Select and customize an operating model sketch that will accurately reflect the future state your organization is striving towards. Consider how capabilities will be sourced, gaps in delivery, and alignment.

    Translate the operating model sketch into a formal structure with defined functional teams, roles, reporting structure, and responsibilities.

    Ensure the successful implementation of the new organizational structure by strategically communicating and involving stakeholders.

    Insight summary

    Overarching insight

    Organizational redesign processes focus on defining the ways in which you want to operate and deliver on your strategy – something an organizational chart will never be able to convey.

    Phase 1 insight

    Focus on your organization, not someone else's’. Benchmarking your organizational redesign to other organizations will not work. Other organizations have different strategies, drivers, and context.

    Phase 2 insight

    An operating model sketch that is customized to your organization’s specific situation and objectives will significantly increase the chances of creating a purposeful organizational structure.

    Phase 3 insight

    If you follow the steps outlined in the first three phases, creating your new organizational chart should be one of the fastest activities.

    Phase 4 insight

    Throughout the creation of a new organizational design structure, it is critical to involve the individuals and teams that will be impacted.

    Tactical insight

    You could have the best IT employees in the world, but if they aren’t structured well your organization will still fail in reaching its vision.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:


    Communication Deck

    Communicate the changes to other key stakeholders such as peers, managers, and staff.

    Workbook

    As you work through each of the activities, use this workbook as a place to document decisions and rationale.

    Reference Deck

    Definitions for every capability, base operating model sketches, and sample organizational charts aligned to those operating models.

    Job Descriptions

    Key deliverable:

    Executive Presentation

    Leverage this presentation deck to gain executive buy-in for your new organizational structure.

    Blueprint benefits

    IT Benefits

    • Create an organizational structure that aligns to the strategic goals of IT and the business.
    • Provide IT employees with clarity on their roles and responsibilities to ensure the successful delivery of IT capabilities.
    • Highlight and sufficiently staff IT capabilities that are critical to the organization.
    • Define a sourcing strategy for IT capabilities.
    • Increase employee morale and empowerment.

    Business Benefits

    • IT can carry out the organization’s strategic mission and vision of all technical and digital initiatives.
    • Business has clarity on who and where to direct concerns or questions.
    • Reduce the likelihood of turnover costs as IT employees understand their roles and its importance.
    • Create a method to communicate how the organizational structure aligns with the strategic initiatives of IT.
    • Increase ability to innovate the organization.

    Executive Brief Case Study

    IT design needs to support organizational and business objectives, not just IT needs.

    INDUSTRY: Government

    SOURCE: Analyst Interviews and Working Sessions

    Situation

    IT was tasked with providing equality to the different business functions through the delivery of shared IT services. The government created a new IT organizational structure with a focus on two areas in particular: strategic and operational support capabilities.

    Challenge

    When creating the new IT structure, an understanding of the complex and differing needs of the business functions was not reflected in the shared services model.

    Outcome

    As a result, the new organizational structure for IT did not ensure adequate meeting of business needs. Only the operational support structure was successfully adopted by the organization as it aligned to the individual business objectives. The strategic capabilities aspect was not aligned to how the various business lines viewed themselves and their objectives, causing some partners to feel neglected.

    Info-Tech offers various levels of support to best suit your needs.

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    Phase 1

    Call #1: Define the process, understand the need, and create a plan of action.

    Phase 2

    Call #2: Define org. design drivers and business context.

    Call #3: Understand strategic influences and create customized design principles.

    Call #4: Customize, analyze gaps, and define sourcing strategy for IT capabilities.

    Call #5: Select and customize the IT operating model sketch.

    Phase 3

    Call #6: Establish functional work units and their mandates.

    Call #7: Translate the functional organizational chart to an operational organizational chart with defined roles.

    Phase 4

    Call #8: Consider risks and mitigation tactics associated with the new structure and select a transition plan.

    Call #9: Create your change message, FAQs, and metrics to support the implementation plan.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish the Organizational Redesign Foundation

    Create the Operating Model Sketch

    Formalize the Organizational Structure

    Plan for Implementation and Change

    Next Steps and
    Wrap-Up (offsite)

    Activities

    1.1 Define the org. design drivers.

    1.2 Document and define the implications of the business context.

    1.3 Align the structure to support the strategy.

    1.4 Establish guidelines to direct the organizational design process.

    2.1 Augment list of IT capabilities.

    2.2 Analyze capability gaps.

    2.3 Identify capabilities for outsourcing.

    2.4 Select a base operating model sketch.

    2.5 Customize the IT operating model sketch.

    3.1 Categorize your IT capabilities within your defined functional work units.

    3.2 Create a mandate statement for each work unit.

    3.3 Define roles inside the work units and assign accountability and responsibility.

    3.4 Finalize your organizational structure.

    4.1 Identify and mitigate key org. design risks.

    4.2 Define the transition plan.

    4.3 Create the change communication message.

    4.4 Create a standard set of FAQs.

    4.5 Align sustainment metrics back to core drivers.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Foundational components to the organizational design
    2. Customized design principles
    1. Heat mapped IT capabilities
    2. Defined outsourcing strategy
    3. Customized operating model
    1. Capabilities organized into functional groups
    2. Functional work unit mandates
    3. Organizational chart
    1. Risk mitigation plan
    2. Change communication message
    3. Standard FAQs
    4. Implementation and sustainment metrics
    1. Completed organizational design communications deck

    This blueprint is part one of a three-phase approach to organizational transformation

    PART 1: DESIGN

    PART 2: STRUCTURE

    PART 3: IMPLEMENT

    IT Organizational Architecture

    Organizational Sketch

    Organizational Structure

    Organizational Chart

    Transition Strategy

    Implement Structure

    1. Define the organizational design drivers, business context, and strategic alignment.

    2. Create customized design principles.

    3. Develop and customize a strategically aligned operating model sketch.

    4. Define the future-state work units.

    5. Create future-state work unit mandates.

    6. Define roles by work unit.

    7. Turn roles into jobs with clear capability accountabilities and responsibilities.

    8. Define reporting relationships between jobs.

    9. Assess options and select go-forward organizational sketch.

    11. Validate organizational sketch.

    12. Analyze workforce utilization.

    13. Define competency framework.

    14. Identify competencies required for jobs.

    15. Determine number of positions per job

    16. Conduct competency assessment.

    17. Assign staff to jobs.

    18. Build a workforce and staffing plan.

    19. Form an OD implementation team.

    20. Develop change vision.

    21. Build communication presentation.

    22. Identify and plan change projects.

    23. Develop organizational transition plan.

    24. Train managers to lead through change.

    25. Define and implement stakeholder engagement plan.

    26. Develop individual transition plans.

    27. Implement transition plans.

    Risk Management: Create, implement, and monitor risk management plan.

    HR Management: Develop job descriptions, conduct job evaluation, and develop compensation packages.

    Monitor and Sustain Stakeholder Engagement

    Phase 1

    Establish the Organizational Redesign Foundation

    This phase will walk you through the following activities:

    1.1 Define the organizational redesign driver(s)

    1.2 Create design principles based on the business context

    1.3a (Optional Exercise) Identify the capabilities from your value stream

    1.3b Identify the capabilities required to deliver on your strategies

    1.4 Finalize your list of design principles

    This phase involves the following participants:

    • CIO
    • IT Leadership
    • Business Leadership

    Embed change management into the organizational design process

    Articulate the Why

    Changes are most successful when leaders clearly articulate the reason for the change – the rationale for the organizational redesign of the IT function. Providing both staff and executive leaders with an understanding for this change is imperative to its success. Despite the potential benefits to a redesign, they can be disruptive. If you are unable to answer the reason why, a redesign might not be the right initiative for your organization.

    Employees who understand the rationale behind decisions made by executive leaders are 3.6 times more likely to be engaged.

    McLean & Company Engagement Survey Database, 2021; N=123,188

    Info-Tech Insight

    Successful adoption of the new organizational design requires change management from the beginning. Start considering how you will convey the need for organizational change within your IT organization.

    The foundation of your organizational design brings together drivers, context, and strategic implications

    All aspects of your IT organization’s structure should be designed with the business’ context and strategic direction in mind.

    Use the following set of slides to extract the key components of your drivers, business context, and strategic direction to land on a future structure that aligns with the larger strategic direction.

    REDESIGN DRIVERS

    Driver(s) can originate from within the IT organization or externally. Ensuring the driver(s) are easy to understand and articulate will increase the successful adoption of the new organizational structure.

    BUSINESS CONTEXT

    Defines the interactions that occur throughout the organization and between the organization and external stakeholders. The context provides insight into the environment by both defining the purpose of the organization and the values that frame how it operates.

    STRATEGY IMPLICATIONS

    The IT strategy should be aligned to the overall business strategy, providing insight into the types of capabilities required to deliver on key IT initiatives.

    Understand IT’s desired maturity level, alignment with business expectations, and capabilities of IT

    Where are we today?

    Determine the current overall maturity level of the IT organization.

    Where do we want to be as an organization?

    Use the inputs from Info-Tech’s diagnostic data to determine where the organization should be after its reorganization.

    How can you leverage these results?

    The result of these diagnostics will inform the design principles that you’ll create in this phase.

    Leverage Info-Tech’s diagnostics to provide an understanding of critical areas your redesign can support:

    CIO Business Vision Diagnostic

    Management & Governance Diagnostic

    IT Staffing Diagnostic

    The image contains a picture of Info-Tech's maturity ladder.

    Consider the organizational design drivers

    Consider organizational redesign if …

    Effectiveness is a concern:

    • Insufficient resources to meet demand
    • Misalignment to IT (and business) strategies
    • Lack of clarity around role responsibility or accountability
    • IT functions operating in silos

    New capabilities are needed:

    • Organization is taking on new capabilities (digital, transformation, M&A)
    • Limited innovation
    • Gaps in the capabilities/services of IT
    • Other external environmental influences or changes in strategic direction

    Lack of business understanding

    • Misalignment between business and IT or how the organization does business
    • Unhappy customers (internal or external)

    Workforce challenges

    • Frequent turnover or inability to attract new skills
    • Low morale or employee empowerment

    These are not good enough reasons …

    • New IT leader looking to make a change for the sake of change or looking to make their legacy known
    • To work with specific/hand-picked leaders over others
    • To “shake things up” to see what happens
    • To force the organization to see IT differently

    Info-Tech Insight

    Avoid change for change’s sake. Restructuring could completely miss the root cause of the problem and merely create a series of new ones.

    1.1 Define the organizational redesign driver(s)

    1-2 hours

    1. As a group, brainstorm a list of current pain points or inhibitors in the current organizational structure, along with a set of opportunities that can be realized during your restructuring. Group these pain points and opportunities into themes.
    2. Leverage the pain points and opportunities to help further define why this initiative is something you’re driving towards. Consider how you would justify this initiative to different stakeholders in the organization.
    3. Questions to consider:
      1. Who is asking for this initiative?
      2. What are the primary benefits this is intended to produce?
      3. What are you optimizing for?
      4. What are we capable of achieving as an IT organization?
      5. Are the drivers coming from inside or outside the IT organization?
    4. Once you’ve determined the drivers for redesigning the IT organization, prioritize those drivers to ensure there is clarity when communicating why this is something you are focusing time and effort on.

    Input

    Output

    • Knowledge of the current organization
    • Pain point and opportunity themes
    • Defined drivers of the initiative

    Materials

    Participants
    • Whiteboard/flip charts (physical or electronic)
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Communications Deck

    Frame the organizational design within the context of the business

    Workforce Considerations:

    • How does your organization view its people resources? Does it have the capacity to increase the number of resources?
    • Do you currently have sufficient staff to meet the demands of the organization? Are you able to outsource resources when demand requires it?
    • Are the members of your IT organization unionized?
    • Is your workforce distributed? Do time zones impact how your team can collaborate?

    Business Context Consideration

    IT Org. Design Implication

    Culture:

    Culture, "the way we do things here,” has huge implications for executing strategy, driving engagement, and providing a guiding force that ensures organizations can work together toward common goals.

    • What is the culture of your organization? Is it cooperative, traditional, competitive, or innovative? (See appendix for details.)
    • Is this the target culture or a stepping-stone to the ideal culture?
    • How do the attitudes and behaviors of senior leaders in the organization reinforce this culture?

    Consider whether your organization’s culture can accept the operating model and organizational structure changes that make sense on paper.

    Certain cultures may lean toward particular operating models. For example, the demand-develop-service operating model may be supported by a cooperative culture. A traditional organization may lean towards the plan-build-run operating model.

    Ensure you have considered your current culture and added exercises to support it.

    If more capacity is required to accomplish the goals of the organization, you’ll want to prepare the leaders and explain the need in your design principles (to reflect training, upskilling, or outsourcing). Unionized environments require additional consideration. They may necessitate less structural changes, and so your principles will need to reflect other alternatives (hiring additional resources, creative options) to support organizational needs. Hybrid or fully remote workforces may impact how your organization interacts.

    Business context considerations

    Business Context Consideration

    IT Org. Design Implication

    Control & Governance:

    It is important to consider how your organization is governed, how decisions are made, and who has authority to make decisions.

    Strategy tells what you do, governance validates you’re doing the right things, and structure is how you execute on what’s been approved.

    • How do decisions get considered and approved in your organization? Are there specific influences that impact the priorities of the organization?
    • Are those in the organization willing to release decision-making authority around specific IT components?
    • Should the organization take on greater accountability for specific IT components?

    Organizations that require more controls may lean toward more centralized governance. Organizations that are looking to better enable and empower their divisions (products, groups, regions, etc.) may look to embed governance in these parts of the organization.

    For enterprise organizations, consider where IT has authority to make decisions (at the global, local, or system level). Appropriate governance needs to be built into the appropriate levels.

    Business context considerations

    Business Context Consideration

    IT Org. Design Implication

    Financial Constraints:

    Follow the money: You may need to align your IT organization according to the funding model.

    • Do partners come to IT with their budgets, or does IT have a central pool that they use to fund initiatives from all partners?
    • Are you able to request finances to support key initiatives/roles prioritized by the organization?
    • How is funding aligned: technology, data, digital, etc.? Is your organization business-line funded? Pooled?
    • Are there special products or digital transformation initiatives with resources outside IT? Product ownership funding?
    • How are regulatory changes funded?
    • Do you have the flexibility to adjust your budget throughout the fiscal year?
    • Are chargebacks in place? Are certain services charged back to business units

    Determine if you can move forward with a new model or if you can adjust your existing one to suit the financial constraints.

    If you have no say over your funding, pre-work may be required to build a business case to change your funding model before you look at your organizational structure – without this, you might have to rule out centralized and focus on hybrid/centralized. If you don’t control the budget (funding comes from your partners), it will be difficult to move to a more centralized model.

    A federated business organization may require additional IT governance to help prioritize across the different areas.

    Budgets for digital transformation might come from specific areas of the business, so resources may need to be aligned to support that. You’ll have to consider how you will work with those areas. This may also impact the roles that are going to exist within your IT organization – product owners or division owners might have more say.

    Business context considerations

    Business Context Consideration

    IT Org. Design Implication

    Business Perspective of IT:

    How the business perceives IT and how IT perceives itself are sometimes not aligned. Make sure the business’ goals for IT are well understood.

    • Are your business partners satisfied if IT is an order taker? Do they agree with the need for IT to become a business partner? Is IT expected to innovate and transform the organization?
    • Is what the business needs from IT the same as what IT is providing currently?

    Business Organization Structure and Growth:

    • How is the overall organization structured: Centralized/decentralized? Functionally aligned? Divided by regions?
    • In what areas does the organization prioritize investments?
    • Is the organization located across a diverse geography?
    • How big is the organization?
    • How is the organization growing and changing – by mergers and acquisitions?

    If IT needs to become more of a business partner, you’ll want to define what that means to your organization and focus on the capabilities to enable this. Educating your partners might also be required if you’re not aligned.

    For many organizations, this will include stakeholder management, innovation, and product/project management. If IT and its business partners are satisfied with an order-taker relationship, be prepared for the consequences of that.

    A global organization will require different IT needs than a single location. Specifically, site reliability engineering (SRE) or IT support services might be deployed in each region. Organizations growing through mergers and acquisitions can be structured differently depending on what the organization needs from the transaction. A more centralized organization may be appropriate if the driver is reuse for a more holistic approach, or the organization may need a more decentralized organization if the acquisitions need to be handled uniquely.

    Business context considerations

    Business Context Consideration

    IT Org. Design Implication

    Sourcing Strategy:

    • What are the drivers for sourcing? Staff augmentation, best practices, time zone support, or another reason?
    • What is your strategy for sourcing?
    • Does IT do all of your technology work, or are parts being done by business or other units?
    • Are we willing/able to outsource, and will that place us into non-compliance (regulations)?
    • Do you have vendor management capabilities in areas that you might outsource?
    • How cloud-driven is your organization?
    • Do you have global operations?

    Change Tolerance:

    • What’s your organization’s tolerance to make changes around organizational design?
    • What's the appetite and threshold for risk?

    Your sourcing strategy affects your organizational structure, including what capabilities you group together. Since managing outsourced capabilities also includes the need for vendor management, you’ll need to ensure there aren’t too many capabilities required per leader. Look closely at what can be achieved through your operating model if IT is done through other groups. Even though these groups may not be in scope of your organization changes, you need to ensure your IT team works with them effectively.

    If your organization is going to push back if there are big structural changes, consider whether the changes are truly necessary. It may be preferred to take baby steps – use an incremental versus big-bang approach.

    A need for incremental change might mean not making a major operating model change.

    Business context considerations

    Business Context Consideration

    IT Org Design. Implication

    Stakeholder Engagement & Focus:

    Identify who your customers and stakeholders are; clarify their needs and engagement model.

    • Who is the customer for IT products and services?
    • Is your customer internal? External? Both?
    • How much of a priority is customer focus for your organization?
    • How will IT interact with customers, end users, and partners? What is the engagement model desired?

    Business Vision, Services, and Products:

    Articulate what your organization was built to do.

    • What does the organization create or provide?
    • Are these products and services changing?
    • What are the most critical capabilities to your organization?
    • What makes your organization a success? What are critical success factors of the organization and how are they measuring this to determine success?

    For a customer or user focus, ensure capabilities related to understanding needs (stakeholder, UX, etc.) are prioritized. Hybrid, decentralized, or demand-develop-service models often have more of a focus on customer needs.

    Outsourcing the service desk might be a consideration if there’s a high demand for the service. A differentiation between these users might mean there’s a different demand for services.

    Think broadly in terms of your organizational vision, not just the tactical (widget creation). You might need to choose an operating model that supports vision.

    Do you need to align your organization with your value stream? Do you need to decentralize specific capabilities to enable prioritization of the key capabilities?

    1.2 Create design principles based on the business context

    1-3 hours

    1. Discuss the business context in which the IT organizational redesign will be taking place. Consider the following standard components of the business context; include other relevant components specific to your organization:
    • Culture
    • Workforce Considerations
    • Control and Governance
    • Financial Constraints
    • Business Perspective of IT
    • Business Organization Structure and Growth
    • Sourcing Strategy
    • Change Tolerance
    • Stakeholder Engagement and Focus
    • Business Vision, Services, and Products
  • Different stakeholders can have different perspectives on these questions. Be sure to consider a holistic approach and engage these individuals.
  • Capture your findings and use them to create initial design principles.
  • Input

    Output

    • Business context
    • Design principles reflecting how the business context influences the organizational redesign for IT

    Materials

    Participants

    • Whiteboard/flip charts (physical or electronic)
    • List of Context Questions
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Communications Deck

    How your IT organization is structured needs to reflect what it must be built to do

    Structure follows strategy – the way you design will impact what your organization can produce.

    Designing your IT organization requires an assessment of what it needs to be built to do:

    • What are the most critical capabilities that you need to deliver, and what does success look like in those different areas?
    • What are the most important things that you deliver overall in your organization?

    The IT organization must reflect your business needs:

    • Understand your value stream and/or your prioritized business goals.
    • Understand the impact of your strategies – these can include your overall digital strategy and/or your IT strategy

    1.3a (Optional Exercise) Identify the capabilities from your value stream

    1 hour

    1. Identify your organization’s value stream – what your overall organization needs to do from supplier to consumer to provide value. Leverage Info-Tech’s industry reference architectures if you haven’t identified your value stream, or use the Document Your Business Architecture blueprint to create yours.
    2. For each item in your value stream, list capabilities that are critical to your organizational strategy and IT needs to further invest in to enable growth.
    3. Also, list those that need further support, e.g. those that lead to long wait times, rework time, re-tooling, down-time, unnecessary processes, unvaluable processes.*
    4. Capture the IT capabilities required to enable your business in your draft principles.
    The image contains a screenshot of the above activity: Sampling Manufacturing Business Capabilities.
    Source: Six Sigma Study Guide, 2014
    Input Output
    • Organization’s value stream
    • List of IT capabilities required to support the IT strategy
    Materials Participants
    • Whiteboard/flip charts (physical or electronic)
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Communications Deck

    Your strategy will help you decide on your structure

    Ensure that you have a clear view of the goals and initiatives that are needed in your organization. Your IT, digital, business, and/or other strategies will surface the IT capabilities your organization needs to develop. Identify the goals of your organization and the initiatives that are required to deliver on them. What capabilities are required to enable these? These capabilities will need to be reflected in your design principles.

    Sample initiatives and capabilities from an organization’s strategies

    The image contains a screenshot of sample initiatives and capabilities from an organization's strategies.

    1.3b Identify the capabilities required to deliver on your strategies

    1 hour

    1. For each IT goal, there may be one or more initiatives that your organization will need to complete in order to be successful.
    2. Document those goals and infinitives. For each initiative, consider which core IT capabilities will be required to deliver on that goal. There might be one IT capability or there might be several.
    3. Identify which capabilities are being repeated across the different initiatives. Consider whether you are currently investing in those capabilities in your current organizational structure.
    4. Highlight the capabilities that require IT investment in your design principles.
    InputOutput
    • IT goals
    • IT initiatives
    • IT, digital, and business strategies
    • List of IT capabilities required to support the IT strategy
    MaterialsParticipants
    • Whiteboard/flip charts (physical or electronic)
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Communications Deck

    Create your organizational design principles

    Your organizational design principles should define a set of loose rules that can be used to design your organizational structure to the specific needs of the work that needs to be done. These rules will guide you through the selection of the appropriate operating model that will meet your business needs. There are multiple ways you can hypothetically organize yourself to meet these needs, and the design principles will point you in the direction of which solution is the most appropriate as well as explain to your stakeholders the rationale behind organizing in a specific way. This foundational step is critical: one of the key reasons for organizational design failure is a lack of requisite time spent on the front-end understanding what is the best fit.

    The image contains an example of organizing design principles as described above.

    1.4 Finalize your list of design principles

    1-3 hours

    1. As a group, review the key outputs from your data collection exercises and their implications.
    2. Consider each of the previous exercises – where does your organization stand from a maturity perspective, what is driving the redesign, what is the business context, and what are the key IT capabilities requiring support. Identify how each will have an implication on your organizational redesign. Leverage this conversation to generate design principles.
    3. Vote on a finalized list of eight to ten design principles that will guide the selection of your operating model. Have everyone leave the meeting with these design principles so they can review them in more detail with their work units or functional areas and elicit any necessary feedback.
    4. Reconvene the group that was originally gathered to create the list of design principles and make any final amendments to the list as necessary. Use this opportunity to define exactly what each design principle means in the context of your organization so everyone has the same understanding of what this means moving forward.
    InputOutput
    • Organizational redesign drivers
    • Business context
    • IT strategy capabilities
    • Organizational design principles to help inform the selection of the right operating model sketch
    MaterialsParticipants
    • Whiteboard/flip charts (physical or electronic)
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Communications Deck

    Example design principles

    Your eight to ten design principles will be those that are most relevant to YOUR organization. Below are samples that other organizations have created, but yours will not be the same.

    Design Principle

    Description

    Decision making

    We will centralize decision making around the prioritization of projects to ensure that the initiatives driving the most value for the organization as a whole are executed.

    Fit for purpose

    We will build and maintain fit-for-purpose solutions based on business units’ unique needs.

    Reduction of duplication

    We will reduce role and application duplication through centralized management of assets and clearly differentiated roles that allow individuals to focus within key capability areas.

    Managed security

    We will manage security enterprise-wide and implement compliance and security governance policies.

    Reuse > buy > build

    We will maximize reuse of existing assets by developing a centralized application portfolio management function and approach.

    Managed data

    We will create a specialized data office to provide data initiatives with the focus they need to enable our strategy.

    Design Principle

    Description

    Controlled technical diversity

    We will control the variety of technology platforms we use to allow for increased operability and reduction of costs.

    Innovation

    R&D and innovation are critical – we will build an innovation team into our structure to help us meet our digital agenda.

    Resourcing

    We will separate our project and maintenance activities to ensure each are given the dedicated support they need for success and to reduce the firefighting mentality.

    Customer centricity

    The new structure will be directly aligned with customer needs – we will have dedicated roles around relationship management, requirements, and strategic roadmapping for business units.

    Interoperability

    We will strengthen our enterprise architecture practices to best prepare for future mergers and acquisitions.

    Cloud services

    We will move toward hosted versus on-premises infrastructure solutions, retrain our data center team in cloud best practices, and build roles around effective vendor management, cloud provisioning, and architecture.

    Phase 2

    Create the Operating Model Sketch

    This phase will walk you through the following activities:

    2.1 Augment the capability list

    2.2 Heatmap capabilities to determine gaps in service

    2.3 Identify the target state of sourcing for your IT capabilities

    2.4 Review and select a base operating model sketch

    2.5 Customize the selected overlay to reflect the desired future state

    This phase involves the following participants:

    • CIO
    • IT Leadership

    Embed change management into the organizational design process

    Gain Buy-In

    Obtain desire from stakeholders to move forward with organizational redesign initiative by involving them in the process to gain interest. This will provide the stakeholders with assurance that their concerns are being heard and will help them to understand the benefits that can be anticipated from the new organizational structure.

    “You’re more likely to get buy-in if you have good reason for the proposed changes – and the key is to emphasize the benefits of an organizational redesign.”

    Source: Lucid Chart

    Info-Tech Insight

    Just because people are aware does not mean they agree. Help different stakeholders understand how the change in the organizational structure is a benefit by specifically stating the benefit to them.

    Info-Tech uses capabilities in your organizational design

    We differentiate between capabilities and competencies.

    Capabilities

    • Capabilities are focused on the entire system that would be in place to satisfy a particular need. This includes the people who are competent to complete a specific task and also the technology, processes, and resources to deliver.
    • Capabilities work in a systematic way to deliver on specific need(s).
    • A functional area is often made up of one or more capabilities that support its ability to deliver on that function.
    • Focusing on capabilities rather then the individuals in organizational redesign enables a more objective and holistic view of what your organization is striving toward.

    Competencies

    • Competencies on the other hand are specific to an individual. It determines if the individual poses the skills or ability to perform.
    • Competencies are rooted in the term competent, which looks to understand if you are proficient enough to complete the specific task at hand.
    • Source: The People Development Magazine, 2020

    Use our IT capabilities to establish your IT organization design

    The image contains a diagram of the various services and blueprints that Info-Tech has to offer.

    2.1 Augment the capability list

    1-3 hours

    1. Using the capability list on the previous slide, go through each of the IT capabilities and remove any capabilities for which your IT organization is not responsible and/or accountable. Refer to the Operating Model and Capability Definition List for descriptions of each of the IT capabilities.
    2. Augment the language of specific capabilities that you feel are not directly reflective of what is being done within your organizational context or that you feel need to be changed to reflect more specifically how work is being done in your organization.
    • For example, some organizations may refer to their service desk capability as help desk or regional support. Use a descriptive term that most accurately reflects the terminology used inside the organization today.
  • Add any core capabilities from your organization that are missing from the provided IT capability list.
    • For example, organizations that leverage DevOps capabilities for their product development may desire to designate this in their operating model.
  • Document the rationale for decisions made for future reference.
  • Input Output
    • Baseline list of IT capabilities
    • IT capabilities required to support IT strategy
    • Customized list of IT capabilities
    Materials Participants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership

    Record the results in the Organizational Design Workbook

    Gaps in delivery

    Identify areas that require greater focus and attention.

    Assess the gaps between where you currently are and where you need to be. Evaluate how critical and how effective your capabilities are:

    • Criticality = Importance
      • Try to focus on those which are highly critical to the organization.
      • These may be capabilities that have been identified in your strategies as areas to focus on.
    • Effectiveness = Performance
      • Identify those where the process or system is broken or ineffective, preventing the team from delivering on the capability.
      • Effectiveness could take into consideration how scalable, adaptable, or sustainable each capability is.
      • Focus on the capabilities that are low or medium in effectiveness but highly critical. Addressing the delivery of these capabilities will lead to the most positive outcomes in your organization.

    Remember to identify what allows the highly effective capabilities to perform at the capacity they are. Leverage this when increasing effectiveness elsewhere.

    High Gap

    There is little to no effectiveness (high gap) and the capability is highly important to your organization.

    Medium Gap

    Current ability is medium in effectiveness (medium gap) and there might be some priority for that capability in your organization.

    Low Gap

    Current ability is highly effective (low gap) and the capability is not necessarily a priority for your organization.

    2.2 Heatmap capabilities to determine gaps in delivery

    1-3 hours

    1. At this point, you should have identified what capabilities you need to have to deliver on your organization's goals and initiatives.
    2. Convene a group of the key stakeholders involved in the IT organizational design initiative.
    3. Review your IT capabilities and color each capability border according to the effectiveness and criticality of that capability, creating a heat map.
    • Green indicates current ability is highly effective (low gap) and the capability is not necessarily a priority for your organization.
    • Yellow indicates current ability is medium in effectiveness (medium gap) and there might be some priority for that capability in your organization.
    • Red indicates that there is little to no effectiveness (high gap) and the capability is highly important to your organization.
    Input Output
    • Selected capabilities from activity 2.1
    • Gap analysis in delivery of capabilities currently
    Materials Participants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership

    Record the results in the Organizational Design Workbook

    Don’t forget the why: why are you considering outsourcing?

    There are a few different “types” of outsourcing:

    1. Competitive Advantage – Working with a third-party organization for the knowledge, insights, and best practices they can bring to your organization.
    2. Managed Service– The third party manages a capability or function for your organization.
    3. Staff Augmentation – Your organization brings in contractors and third-party organizations to fill specific skills gaps.

    Weigh which sourcing model(s) will best align with the needed capabilities to deliver effectively

    Insourcing

    Staff Augmentation

    Managed Service

    Competitive Advantage

    Description

    The organization maintains full responsibility for the management and delivery of the IT capability or service.

    Vendor provides specialized skills and enables the IT capability or service together with the organization to meet demand.

    Vendor completely manages the delivery of value for the IT capability, product or service.

    Vendor has unique skills, insights, and best practices that can be taught to staff to enable insourced capability and competency.

    Benefits

    • Retains in-house control over proprietary knowledge and assets that provide competitive or operational advantage.
    • Gains efficiency due to integration into the organization’s processes.
    • Provision of unique skills.
    • Addresses variation in demand for resources.
    • Labor cost savings.
    • Improves use of internal resources.
    • Improves effectiveness due to narrow specialization.
    • Labor cost savings.
    • Gain insights into aspects that could provide your organization with advantages over competitors.
    • Long-term labor cost savings.
    • Short-term outsourcing required.
    • Increase in-house competencies.

    Drawbacks

    • Quality of services/capabilities might not be as high due to lack of specialization.
    • No labor cost savings.
    • Potentially inefficient distribution of labor for the delivery of services/capabilities.
    • Potential conflicts in management or delivery of IT services and capabilities.
    • Negative impact on staff morale.
    • Limited control over services/capabilities.
    • Limited integration into organization’s processes.
    • Short-term labor expenses.
    • Requires a culture of continuous learning and improvement.

    Your strategy for outsourcing will vary with capability and capacity

    The image contains a diagram to show the Develop Vendor Management Capabilities, as described in the text below.

    Capability

    Capacity

    Outsourcing Model

    Low

    Low

    Your solutions may be with you for a long time, so it doesn’t matter whether it is a strategic decision to outsource development or if you are not able to attract the talent required to deliver in your market. Look for a studio, agency, or development shop that has a proven reputation for long-term partnership with its clients.

    Low

    High

    Your team has capacity but needs to develop new skills to be successful. Look for a studio, agency, or development shop that has a track record of developing its customers and delivering solutions.

    High

    Low

    Your organization knows what it is doing but is strapped for people. Look at “body shops” and recruiting agencies that will support short-term development contracts that can be converted to full-time staff or even a wholesale development shop acquisition.

    High

    High

    You have capability and capacity for delivering on your everyday demands but need to rise to the challenge of a significant, short-term rise in demand on a critical initiative. Look for a major system integrator or development shop with the specific expertise in the appropriate technology.

    Use these criteria to inform your right sourcing strategy

    Sourcing Criteria

    Description

    Determine whether you’ll outsource using these criteria

    1. Critical or commodity

    Determine whether the component to be sourced is critical to your organization or if it is a commodity. Commodity components, which are either not strategic in nature or related to planning functions, are likely candidates for outsourcing. Will you need to own the intellectual property created by the third party? Are you ok if they reuse that for their other clients?

    2. Readiness to outsource

    Identify how easy it would be to outsource a particular IT component. Consider factors such as knowledge transfer, workforce reassignment or reduction, and level of integration with other components.

    Vendor management readiness – ensuring that you have sufficient capabilities to manage vendors – should also be considered here.

    3. In-house capabilities

    Determine if you have the capability to deliver the IT solutions in-house. This will help you establish how easy it would be to insource an IT component.

    4. Ability to attract resources (internal vs. outsourced)

    Determine if the capability is one that is easily sourced with full-time, internal staff or if it is a specialty skill that is best left for a third-party to source.

    Determine your sourcing model using these criteria

    5. Cost

    Consider the total cost (investment and ongoing costs) of the delivery of the IT component for each of the potential sourcing models for a component.

    6. Quality

    Define the potential impact on the quality of the IT component being sourced by the possible sourcing models.

    7. Compliance

    Determine whether the sourcing model would fit with regulations in your industry. For example, a healthcare provider would only go for a cloud option if that provider is HIPAA compliant.

    8. Security

    Identify the extent to which each sourcing option would leave your organization open to security threats.

    9. Flexibility

    Determine the extent to which the sourcing model will allow your organization to scale up or down as demand changes.

    2.3 Identify capabilities that could be outsourced

    1-3 hours

    1. For each of the capabilities that will be in your future-state operating model, determine if it could be outsourced. Review the sourcing criteria available on the previous slide to help inform which sourcing strategy you will use for each capability.
    2. When looking to outsource or co-source capabilities, consider why that capability would be outsourced:
    • Competitive Advantage – Work with a third-party organization for the knowledge, insights, and best practices they can bring to your organization.
    • Managed Service – The third party manages a capability or function for your organization.
    • Staff Augmentation – Your organization brings in contractors and third-party organizations to fill specific skills gaps.
  • Place an asterisk (*) around the capabilities that will be leveraging one of the three previous sourcing options.
  • InputOutput
    • Customized IT capabilities
    • Sourcing strategy for each IT capability
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership

    Record the results in the Organizational Design Workbook

    What is an operating model?

    Leverage a cohesive operating model throughout the organizational design process.

    An IT operating model sketch is a visual representation of the way your IT organization needs to be designed and the capabilities it requires to deliver on the business mission, strategic objectives, and technological ambitions. It ensures consistency of all elements in the organizational structure through a clear and coherent blueprint.

    The visual should be the optimization and alignment of the IT organization’s structure to deliver the capabilities required to achieve business goals. Additionally, it should clearly show the flow of work so that key stakeholders can understand where inputs flow in and outputs flow out of the IT organization. Investing time in the front end getting the operating model right is critical. This will give you a framework to rationalize future organizational changes, allowing you to be more iterative and your model to change as the business changes.

    The image contains an example of an operating model as described in the text above.

    Info-Tech Insight

    Every structure decision you make should be based on an identified need, not on a trend.Build your IT organization to enable the priorities of the organization.

    Each IT operating model is characterized by a variety of advantages and disadvantages

    Centralized

    Hybrid

    Decentralized

    Advantages
    • Maximum flexibility to allocate IT resources across business units.
    • Low-cost delivery model and greatest economies of scale.
    • Control and consistency offers opportunity for technological rationalization and standardization and volume purchasing at the highest degree.
    • Centralizes processes and services that require consistency across the organization.
    • Decentralizes processes and services that need to be responsive to local market conditions.
    • Eliminates duplication and redundancy by allowing effective use of common resources (e.g. shared services, standardization).
    • Goals are aligned to the distinct business units or functions.
    • Greater flexibility and more timely delivery of services.
    • Development resources are highly knowledgeable about business-unit-specific applications.
    • Business unit has greatest control over IT resources and can set and change priorities as needed.

    Disadvantages

    • Less able to respond quickly to local requirements with flexibility.
    • IT can be resistant to change and unwilling to address the unique needs of end users.
    • Business units can be frustrated by perception of lack of control over resources.
    • Development of special business knowledge can be limited.
    • Requires the most disciplined governance structure and the unwavering commitment of the business; therefore, it can be the most difficult to maintain.
    • Requires new processes as pooled resources must be staffed to approved projects.
    • Redundancies, conflicts, and incompatible technologies can result from business units having differentiated services and applications – increasing cost.
    • Ability to share IT resources is low due to lack of common approaches.
    • Lack of integration limits the communication of data between businesses and reduces common reporting.

    Decentralization can take many forms – define what it means to your organization

    Decentralization can take a number of different forms depending on the products the organization supports and how the organization is geographically distributed. Use the following set of explanations to understand the different types of decentralization possible and when they may make sense for supporting your organizational objectives.

    Line of Business

    Decentralization by lines of business (LoB) aligns decision making with business operating units based on related functions or value streams. Localized priorities focus the decision making from the CIO or IT leadership team. This form of decentralization is beneficial in settings where each line of business has a unique set of products or services that require specific expertise or flexible resourcing staffing between the teams.

    Product Line

    Decentralization by product line organizes your team into operationally aligned product families to improve delivery throughput, quality, and resource flexibility within the family. By adopting this approach, you create stable product teams with the right balance between flexibility and resource sharing. This reinforces value delivery and alignment to enterprise goals within the product lines.

    Geographical

    Geographical decentralization reflects a shift from centralized to regional influences. When teams are in different locations, they can experience a number of roadblocks to effective communication (e.g. time zones, regulatory differences in different countries) that may necessitate separating those groups in the organizational structure, so they have the autonomy needed to make critical decisions.

    Functional

    Functional decentralization allows the IT organization to be separated by specialty areas. Organizations structured by functional specialization can often be organized into shared service teams or centers of excellence whereby people are grouped based on their technical, domain, or functional area within IT (Applications, Data, Infrastructure, Security, etc.). This allows people to develop specialized knowledge and skills but can also reinforce silos between teams.

    2.4 Review and select a base operating model sketch

    1 hour

    1. Review the set of base operating model sketches available on the following slides.
    2. For each operating model sketch, there are benefits and risks to be considered. Make an informed selection by understanding the risks that your organization might be taking on by adopting that particular operating model.
    3. If at any point in the selection process the group is unsure about which operating model will be the right fit, refer back to your design principles established in activity 1.4. These should guide you in the selection of the right operating model and eliminate those which will not serve the organization.
    InputOutput
    • Organizational design principles
    • Customized list of IT capabilities
    • Operating model sketch examples
    • Selected operating model sketch
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership

    Record the results in the Organizational Design Workbook

    Centralized Operating Model #1: Plan-Build-Run

    I want to…

    • Establish a formalized governance process that takes direction from the organization on which initiatives should be prioritized by IT.
    • Ensure there is a clear separation between teams that are involved in strategic planning, building solutions, and delivering operational support.
    • Be able to plan long term by understanding the initiatives that are coming down the pipeline and aligning to an infrequent budgeting plan.

    BENEFITS

    • Effective at implementing long-term plans efficiently; separates maintenance and projects to allow each to have the appropriate focus.
    • More oversight over financials; better suited for fixed budgets.
    • Works across centralized technology domains to better align with the business’ strategic objectives – allows for a top-down approach to decision making.
    • Allows for economies of scale and expertise pooling to improve IT’s efficiency.
    • Well-suited for a project-driven environment that employs waterfall or a hybrid project management methodology that is less iterative.

    RISKS

    • Creates artificial silos between the build (developers) and run (operations staff) teams, as both teams focus on their own responsibilities and often fail to see the bigger picture.
    • Miss opportunities to deliver value to the organization or innovate due to an inability to support unpredictable/shifting project demands as decision making is centralized in the plan function.
    • The portfolio of initiatives being pursued is often determined before requirements analysis takes place, meaning the initiative might be solving the wrong need or problem.
    • Depends on strong hand-off processes to be defined and strong knowledge transfer from build to run functions in order to be successful.
    The image contains an example of a Centralized Operating Model: Plan-Build-Run.

    Centralized Operating Model #2: Demand-Develop-Service

    I want to…

    • Listen to the business to understand new initiatives or service enhancements being requested.
    • Enable development and operations to work together to seamlessly deliver in a DevOps culture.
    • Govern and confirm that initiatives being requested by the business are still aligned to IT’s overarching strategy and roadmap before prioritizing those initiatives.

    BENEFITS

    • Aligns well with an end-to-end services model; constant attention to customer demand and service supply.
    • Centralizes service operations under one functional area to serve shared needs across lines of business.
    • Allows for economies of scale and expertise pooling to improve IT’s efficiency.
    • Elevates sourcing and vendor management as its own strategic function; lends well to managed service and digital initiatives.
    • Development and operations housed together; lends well to DevOps-related initiatives and reduces the silos between these two core groups.

    RISKS

    • IT prioritizes the initiatives it thinks are a priority to the business based on how well it establishes good stakeholder relations and communications.
    • Depends on good governance to prevent enhancements and demands from being prioritized without approval from those with accountability and authority.
    • This model thrives in a DevOps culture but does not mean it ensures your organization is a “DevOps” organization. Be sure you're encouraging the right behaviors and attitudes.

    The image contains an example of a Centralized Operating Model: Demand, Develop, Service.

    Hybrid Operating Model #1: LOB/Functional Aligned

    I want to…

    • Better understand the various needs of the organization to align IT priorities and ensure the right services can be delivered.
    • Keep all IT decisions centralized to ensure they align with the overarching strategy and roadmap that IT has set.
    • Organize your shared services in a strategic manner that enables delivery of those services in a way that fits the culture of the organization and the desired method of operating.

    BENEFITS

    • Best of both worlds of centralization and decentralization; attempts to channel benefits from both centralized and decentralized models.
    • Embeds key IT functions that require business knowledge within functional areas, allowing for critical feedback and the ability to understand those business needs.
    • Places IT in a position to not just be “order takers” but to be more involved with the different business units and promote the value of IT.
    • Achieves economies of scale where necessary through the delivery of shared services that can be requested by the function.
    • Shared services can be organized to deliver in the best way that suits the organization.

    RISKS

    • Different business units may bypass governance to get their specific needs met by functions – to alleviate this, IT must have strong governance and prioritize amongst demand.
    • Decentralized role can be viewed as an order taker by the business if not properly embedded and matured.
    • No guaranteed synergy and integration across functions; requires strong communication, collaboration, and steering.
    • Cannot meet every business unit’s needs – can cause tension from varying effectiveness of the IT functions.

    The image contains an example of a Hybrid Operating Model: LOB/Functional Aligned.

    Hybrid Model #2: Product-Aligned Operating Model

    I want to…

    • Align my IT organization into core products (services) that IT provides to the organization and establish a relationship with those in the organization that have alignment to that product.
    • Have roles dedicated to the lifecycle of their product and ensure the product can continuously deliver value to the organization.
    • Maintain centralized set of standards as it applies to overall IT strategy, security, and architecture to ensure consistency across products and reduce silos.

    BENEFITS

    • Focus is on the full lifecycle of a product – takes a strategic view of how technology enables the organization.
    • Promotes centralized backlog around a specific value creator, rather than a traditional project focus that is more transactional.
    • Dedicated teams around the product family ensure you have all of the resources required to deliver on your product roadmap.
    • Reduces barriers between IT and business stakeholders; focuses on technology as a key strategic enabler.
    • Delivery is largely done through frequent releases that can deliver value.

    RISKS

    • If there is little or no business involvement, it could prevent IT from truly understanding business demand and prioritizing the wrong work.
    • A lack of formal governance can create silos between the IT products, causing duplication of efforts, missed opportunities for collaboration, and redundancies in application or vendor contracts.
    • Members of each product can interpret the definition of standards (e.g. architecture, security) differently.

    The image contains an example of the Hybrid Operating Model: Product-Aligned Operating Model.

    Hybrid Operating Model #3: Service-Aligned Operating Model

    I want to…

    • Decentralize the IT organization by the various IT services it offers to the organization while remaining centralized with IT strategy, governance, security and operational services.
    • Ensure IT services are defined and people resources are aligned to deliver on those services.
    • Enable each of IT’s services to have the autonomy to understand the business needs and be able to manage the operational and new project initiatives with a dedicated service owner or business relationship manager.

    BENEFITS

    • Strong enabler of agility as each service has the autonomy to make decisions around operational work versus project work based on their understanding of the business demand.
    • Individuals in similar roles that are decentralized across services are given coaching to provide common direction.
    • Allows teams to efficiently scale with service demand.
    • This is a structurally baseline DevOps model. Each group will have services built within that have their own dedicated teams that will handle the full gambit of responsibilities, from new features to enhancements and maintenance.

    RISKS

    • Service owners require a method to collaborate to avoid duplication of efforts or projects that conflict with the efforts of other IT services.
    • May result in excessive cost through role redundancies across different services, as each will focus on components like integration, stakeholder management, project management, and user experiences.
    • Silos cause a high degree of specialization, making it more difficult for team members to imagine moving to another defined service group, limiting potential career advancement opportunities.
    • The level of complex knowledge required by shared services (e.g. help desk) is often beyond what they can provide, causing them to rely on and escalate to defined service groups more than with other operating models.

    The image contains an example of the Hybrid Operating Model: Service-Aligned Operating Model.

    Decentralized Model: Division Decentralization (LoB, Geography, Function, Product)

    I want to…

    • Decentralize the IT organization to enable greater autonomy within specific groups that have differing customer demands and levels of support.
    • Maintain a standard level of service that can be provided by IT for all divisions.
    • Ensure each division has access to critical data and reports that supports informed decision making.

    BENEFITS

    • Organization around functions allows for diversity in approach in how areas are run to best serve a specific business unit’s needs.
    • Each functional line exists largely independently, with full capacity and control to deliver service at the committed SLAs.
    • Highly responsive to shifting needs and demands with direct connection to customers and all stages of the solution development lifecycle.
    • Accelerates decision making by delegating authority lower into the function.
    • Promotes a flatter organization with less hierarchy and more direct communication with the CIO.

    RISKS

    • Requires risk and security to be centralized and have oversight of each division to prevent the decisions of one division from negatively impacting other divisions or the enterprise.
    • Less synergy and integration across what different lines of business are doing can result in redundancies and unnecessary complexity.
    • Higher overall cost to the IT group due to role and technology duplication across different divisions.
    • It will be difficult to centralize aspects of IT in the future, as divisions adopt to a culture of IT autonomy.

    The image contains an example of the Decentralized Model: Division Decentralization.

    Enterprise Model: Multi-Modal

    I want to…

    • Have an organizational structure that leverages several different operating models based on the needs and requirements of the different divisions.
    • Provide autonomy and authority to the different divisions so they can make informed and necessary changes as they see fit without seeking approval from a centralized IT group.
    • Support the different initiatives the enterprise is focused on delivering and ensure the right model is adopted based on those initiatives.

    BENEFITS

    • Allows for the organization to work in ways that best support individual areas; for example, areas that support legacy systems can be supported through traditional operating models while areas that support digital transformations may be supported through more flexible operating models.
    • Enables a specialization of knowledge related to each division.

    RISKS

    • Inconsistency across the organization can lead to confusion on how the organization should operate.
    • Parts of the organization that work in more traditional operating models may feel limited in career growth and innovation.
    • Cross-division initiatives may require greater oversight and a method to enable operations between the different focus areas.

    The image contains an example of the Enterprise Model: Multi-Modal.

    Create enabling teams that bridge your divisions

    The following bridges might be necessary to augment your divisions:

    • Specialized augmentation: There might not be a sufficient number of resources to support each division. These teams will be leveraged across the divisions; this means that the capabilities needed for each division will exist in this bridge team, rather than in the division.
    • Centers of Excellence: Capabilities that exist within divisions can benefit from shared knowledge across the enterprise. Your organization might set up centers of excellence to support best practices in capabilities organization wide. These are Forums in the unfix model, or communities of practice and support capability development rather than deliveries of each division.
    • Facilitation teams might be required to support divisions through coaching. This might include Agile or other coaches who can help teams adopt practices and embed learnings.
    • Holistic teams provide an enterprise view as they work with various divisions. This can include capabilities like user experience, which can benefit from the holistic perspective rather than a siloed one. People with these capabilities augment the divisions on an as-needed basis.
    The image contains a diagram to demonstrate the use of bridges on divisions.

    2.5 Customize the selected sketch to reflect the desired future state

    1-3 hours

    1. Using the baseline operating model sketch, walk through each of the IT capabilities. Based on the outputs from activity 2.1:
      1. Remove any capabilities for which your IT organization is not responsible and/or accountable.
      2. Augment the language of specific capabilities that you feel are not directly reflective of what is being done within your organizational context or that you feel need to be changed to reflect more specifically how work is being done in your organization.
      3. Add any core capabilities from your organization that are missing from the provided IT capability list.
    2. Move capabilities to the right places in the operating model to reflect how each of the core IT processes should interact with one another.
    3. Add bridges as needed to support the divisions in your organization. Identify which capabilities will sit in these bridges and define how they will enable the operating model sketch to deliver.
    InputOutput
    • Selected base operating model sketch
    • Customized list of IT capabilities
    • Understanding of outsourcing and gaps
    • Customized operating model sketch
    MaterialsParticipants
    • Whiteboard/flip charts
    • Operating model sketch examples
    • CIO
    • IT Leadership

    Record the results in the Organizational Design Workbook

    Document the final operating model sketch in the Communications Deck

    Phase 3

    Formalize the Organizational Structure

    This phase will walk you through the following activities:

    3.1 Create work units

    3.2 Create work unit mandates

    3.3 Define roles inside the work units

    3.4 Finalize the organizational chart

    3.5 Identify and mitigate key risks

    This phase involves the following participants:

    • CIO
    • IT Leadership
    • Business Leadership

    Embed change management into the organizational design process

    Enable adoption of the new structure.

    You don’t have to make the change in one big bang. You can adopt alternative transition plans such as increments or pilots. This allows people to see the benefits of why you are undergoing the change, allows the change message to be repeated and applied to the individuals impacted, and provides people with time to understand their role in making the new organizational structure successful.

    “Transformational change can be invigorating for some employees but also highly disruptive and stressful for others.”

    Source: OpenStax, 2019

    Info-Tech Insight

    Without considering the individual impact of the new organizational structure on each of your employees, the change will undoubtedly fail in meeting its intended goals and your organization will likely fall back into old structured habits.

    Use a top-down approach to build your target-state IT organizational sketch

    The organizational sketch is the outline of the organization that encompasses the work units and depicts the relationships among them. It’s important that you create the structure that’s right for your organization, not one that simply fits with your current staff’s skills and knowledge. This is why Info-Tech encourages you to use your operating model as a mode of guidance for structuring your future-state organizational sketch.

    The organizational sketch is made up of unique work units. Work units are the foundational building blocks on which you will define the work that IT needs to get done. The number of work units you require and their names will not match your operating model one to one. Certain functional areas will need to be broken down into smaller work units to ensure appropriate leadership and span of control.

    Use your customized operating model to build your work units

    WHAT ARE WORK UNITS?

    A work unit is a functional group or division that has a discrete set of processes or capabilities that it is responsible for, which don’t overlap with any others. Your customized list of IT capabilities will form the building blocks of your work units. Step one in the process of building your structure is grouping IT capabilities together that are similar or that need to be done in concert in the case of more complex work products. The second step is to iterate on these work units based on the organizational design principles from Phase 1 to ensure that the future-state structure is aligned with enablement of the organization’s objectives.

    Work Unit Examples

    Here is a list of example work units you can use to brainstorm what your organization’s could look like. Some of these overlap in functionality but should provide a strong starting point and hint at some potential alternatives to your current way of organizing.

    • Office of the CIO
    • Strategy and Architecture
    • Architecture and Design
    • Business Relationship Management
    • Projection and Portfolio Management
    • Solution Development
    • Solution Delivery
    • DevOps
    • Infrastructure and Operations
    • Enterprise Information Security
    • Security, Risk & Compliance
    • Data and Analytics

    Example of work units

    The image contains an example of work units.

    3.1 Create functional work units

    1-3 hours

    1. Using a whiteboard or large tabletop, list each capability from your operating model on a sticky note and recreate your operating model. Use one color for centralized activities and a second color for decentralized activities.
    2. With the group of key IT stakeholders, review the operating model and any important definitions and rationale for decisions made.
    3. Starting with your centralized capabilities, review each in turn and begin to form logical groups of compatible capabilities. Review the decentralized capabilities and repeat the process, writing additional sticky notes for capabilities that will be repeated in decentralized units.
    4. Note: Not all capabilities need to be grouped. If you believe that a capability has a high enough priority, has a lot of work, or is significantly divergent from others put this capability by itself.
    5. Define a working title for each new work unit, and discuss the pros and cons of the model. Ensure the work units still align with the operating model and make any changes to the operating model needed.
    6. Review your design principles and ensure that they are aligned with your new work units.
    InputOutput
    • Organizational business objectives
    • Customized operating model
    • Defined work units
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Group formation

    Understand the impact of the functional groups you create.

    A group consists of two or more individuals who are working toward a common goal. Group formation is how those individuals are organized to deliver on that common goal. It should take into consideration the levels of hierarchy in your structure, the level of focus you give to processes, and where power is dispersed within your organizational design.

    Importance: Balance highly important capabilities with lower priority capabilities

    Specialization: The scope of each role will be influenced by specialized knowledge and a dedicated leader

    Effectiveness: Group capabilities that increase their efficacy

    Span of Control: Identify the right number of employees reporting to a single leader

    Choose the degree of specialization required

    Be mindful of the number of hats you’re placing on any one role.

    • Specialization exists when individuals in an organization are dedicated to performing specific tasks associated with a common goal and requiring a particular skill set. Aligning the competencies required to carry out the specific tasks based on the degree of complexity associated with those tasks ensures the right people and number of people can be assigned.
    • When people are organized by their specialties, it reduces the likelihood of task switching, reduces the time spent training or cross-training, and increases the focus employees can provide to their dedicated area of specialty.
    • There are disadvantages associated with aligning teams by their specialization, such as becoming bored and seeing the tasks they are performing as monotonous. Specialization doesn’t come without its problems. Monitor employee motivation

    Info-Tech Insight

    Smaller organizations will require less specialization simply out of necessity. To function and deliver on critical processes, some people might be asked to wear several hats.

    Avoid overloading the cognitive capacity of employees

    Cognitive load refers to the number of responsibilities that one can successfully take on.

    • When employees are assigned an appropriate number of responsibilities this leads to:
      • Engaged employees
      • Less task switching
      • Increased effectiveness on assigned responsibilities
      • Reduced bottlenecks
    • While this cognitive load can differ from employee to employee, when assigning role responsibilities, ensure each role isn’t being overburdened and spreading their focus thin.
    • Moreover, capable does not equal successful. Just because someone has the capability to take on more responsibilities doesn’t mean they will be successful.
    • Leverage the cognitive load being placed on your team to help create boundaries between teams and demonstrate clear role expectations.
    Source: IT Revolution, 2021

    Info-Tech Insight

    When you say you are looking for a team that is a “jack of all trades,” you are likely exceeding appropriate cognitive loads for your staff and losing productivity to task switching.

    Factors to consider for span of control

    Too many and too few direct reports have negative impacts on the organization.

    Complexity: More complex work should have fewer direct reports. This often means the leader will need to provide lots of support, even engaging in the work directly at times.

    Demand: Dynamic shifts in demand require more managerial involvement and therefore should have a smaller span of control. Especially if this demand is to support a 24/7 operation.

    Competency Level: Skilled employees should require less hands-on assistance and will be in a better position to support the business as a member of a larger team than those who are new to the role.

    Purpose: Strategic leaders are less involved in the day-to-day operations of their teams, while operational leaders tend to provide hands-on support, specifically when short-staffed.

    Group formation will influence communication structure

    Pick your poison…

    It’s important to understand the impacts that team design has on your services and products. The solutions that a team is capable of producing is highly dependent on how teams are structured. For example, Conway’s Law tells us that small distributed software delivery teams are more likely to produce modular service architecture, where large collocated teams are better able to create monolithic architecture. This doesn’t just apply to software delivery but also other products and services that IT creates. Note that small distributed teams are not the only way to produce quality products as they can create their own silos.

    Sources: Forbes, 2017

    Create mandates for each of your identified work units

    WHAT ARE WORK UNIT MANDATES?

    The work unit mandate should provide a quick overview of the work unit and be clear enough that any reader can understand why the work unit exists, what it does, and what it is accountable for.

    Each work unit will have a unique mandate. Each mandate should be distinguishable enough from your other work units to make it clear why the work is grouped in this specific way, rather than an alternative option. The mandate will vary by organization based on the agreed upon work units, design archetype, and priorities.

    Don’t just adopt an example mandate from another organization or continue use of the organization’s pre-existing mandate – take the time to ensure it accurately depicts what that group is doing so that its value-added activities are clear to the larger organization.

    Examples of Work Unit Mandates

    The Office of the CIO will be a strategic enabler of the IT organization, driving IT organizational performance through improved IT management and governance. A central priority of the Office of the CIO is to ensure that IT is able to respond to evolving environments and challenges through strategic foresight and a centralized view of what is best for the organization.

    The Project Management Office will provide standardized and effective project management practices across the IT landscape, including an identified project management methodology, tools and resources, project prioritization, and all steps from project initiation through to evaluation, as well as education and development for project managers across IT.

    The Solutions Development Group will be responsible for the high-quality development and delivery of new solutions and improvements and the production of customized business reports. Through this function, IT will have improved agility to respond to new initiatives and will be able to deliver high-quality services and insights in a consistent manner.

    3.2 Create work unit mandates

    1-3 hours

    1. Break into teams of three to four people and assign an equal number of work units to each team.
    2. Have each team create a set of statements that describe the overall purpose of that working group. Each mandate statement should:
    • Be clear enough that any reader can understand.
    • Explain why the work unit exists, what it does, and what it is accountable for.
    • Be distinguishable enough from your other work units to make it clear why the work is grouped in this specific way, rather than an alternative option.
  • Have each group present their work unit mandates and make changes wherever necessary.
  • InputOutput
    • Work units
    • Work unit mandates
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Identify the key roles and responsibilities for the target IT organization

    Now that you have identified the main units of work in the target IT organization, it is time to identify the roles that will perform that work. At the end of this step, the key roles will be identified, the purpose statement will be built, and accountability and responsibility for roles will be clearly defined. Make sure that accountability for each task is assigned to one role only. If there are challenges with a role, change the role to address them (e.g. split roles or shift responsibilities).

    The image contains an example of two work units: Enterprise Architecture and PMO. It then lists the roles of the two work units.

    Info-Tech Insight

    Do not bias your role design by focusing on your existing staff’s competencies. If you begin to focus on your existing team members, you run the risk of artificially narrowing the scope of work or skewing the responsibilities of individuals based on the way it is, rather than the way it should be.

    3.3 Define roles inside the work units

    1-3 hours

    1. Select a work unit from the organizational sketch.
    2. Describe the most senior role in that work unit by asking, “what would the leader of this group be accountable or responsible for?” Define this role and move the capabilities they will be accountable for under that leader. Repeat this activity for the capabilities this leader would be responsible for.
    3. Continue to define each role that will be required in that work unit to deliver or provide oversight related to those capabilities.
    4. Continue until key roles are identified and the capabilities each role will be accountable or responsible for are clarified.
    5. Remember, only one role can have accountability for each capability but several can have responsibility.
    6. For each role, use the list of capabilities that the position will be accountable, responsible, or accountable and responsible for to create a job description. Leverage your own internal job descriptions or visit our Job Descriptions page.
    InputOutput
    • Work units
    • Work unit mandates
    • Responsibilities
    • Accountabilities
    • Roles with clarified responsibilities and accountabilities
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Delivery model for product or solution development

    Can add additional complexity or clarity

    • Certain organizational structures will require a specific type of resourcing model to meet expectations and deliver on the development or sustainment of core products and solutions.
    • There are four common methods that we see in IT organizations:
      • Functional Roles: Completed work is handed off from functional team to functional team sequentially as outlined in the organization’s SDLC.
      • Shared Service & Resource Pools (Matrix): Resources are pulled whenever the work requires specific skills or pushed to areas where product demand is high.
      • Product or System: Work is directly sent to the teams who are directly managing the product or directly supporting the requestor.
      • Skills & Competencies: Work is directly sent to the teams who have the IT and business skills and competencies to complete the work.
    • Each of these will lead to a difference in how the functional team is skilled. They could have a great understanding of their customer, the product, the solution, or their service.

    Info-Tech Insight

    Despite popular belief, there is no such thing as the Spotify model, and organizations that structured themselves based on the original Spotify drawing might be missing out on key opportunities to obtain productivity from employees.

    Sources: Indeed, 2020; Agility Scales

    There can be different patterns to structure and resource your product delivery teams

    The primary goal of any product delivery team is to improve the delivery of value for customers and the business based on your product definition and each product’s demand. Each organization will have different priorities and constraints, so your team structure may take on a combination of patterns or may take on one pattern and then transform into another.

    Delivery Team Structure Patterns

    How Are Resources and Work Allocated?

    Functional Roles

    Teams are divided by functional responsibilities (e.g. developers, testers, business analysts, operations, help desk) and arranged according to their placement in the software development lifecycle (SDLC).

    Completed work is handed off from team to team sequentially as outlined in the organization’s SDLC.

    Shared Service and Resource Pools

    Teams are created by pulling the necessary resources from pools (e.g. developers, testers, business analysts, operations, help desk).

    Resources are pulled whenever the work requires specific skills or pushed to areas where product demand is high.

    Product or System

    Teams are dedicated to the development, support, and management of specific products or systems.

    Work is directly sent to the teams who are directly managing the product or directly supporting the requester.

    Skills and Competencies

    Teams are grouped based on skills and competencies related to technology (e.g. Java, mobile, web) or familiarity with business capabilities (e.g. HR, Finance).

    Work is directly sent to the teams who have the IT and business skills and competencies to complete the work.

    Delivery teams will be structured according to resource and development needs

    Functional Roles

    Shared Service and Resource Pools

    Product or System

    Skills and Competencies

    When your people are specialists versus having cross-functional skills

    Leveraged when specialists such as Security or Operations will not have full-time work on the product

    When you have people with cross-functional skills who can self-organize around a product’s needs

    When you have a significant investment in a specific technology stack

    The image contains a diagram of functional roles.The image contains a diagram of shared service and resource pools.The image contains a diagram of product or system.The image contains a diagram of skills and competencies.

    For more information about delivering in a product operating model, refer to our Deliver Digital Products at Scale blueprint.

    3.4 Finalize the organizational chart

    1-3 hours

    1. Import each of your work units and the target-state roles that were identified for each.
    2. In the place of the name of each work unit in your organizational sketch, replace the work unit name with the prospective role name for the leader of that group.
    3. Under each of the leadership roles, import the names of team members that were part of each respective work unit.
    4. Validate the final structure as a group to ensure each of the work units includes all the necessary roles and responsibilities and that there is clear delineation of accountabilities between the work units.

    Input

    Output

    • Work units
    • Work unit mandates
    • Roles with accountabilities and responsibilities
    • Finalized organizational chart

    Materials

    Participants

    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook & Executive Communications Deck

    Proactively consider and mitigate redesign risks

    Every organizational structure will include certain risks that should have been considered and accepted when choosing the base operating model sketch. Now that the final organizational structure has been created, consider if those risks were mitigated by the final organizational structure that was created. For those risks that weren’t mitigated, have a tactic to control risks that remain present.

    3.5 Identify and mitigate key risks

    1-3 hours

    1. For each of the operating model sketch options, there are specific risks that should have been considered when selecting that model.
    2. Take those risks and transfer them into the correct slide of the Organizational Design Workbook.
    3. Consider if there are additional risks that need to be considered with the new organizational structure based on the customizations made.
    4. For each risk, rank the severity of that risk on a scale of low, medium, or high.
    5. Determine one or more mitigation tactic(s) for each of the risks identified. This tactic should reduce the likelihood or impact of the risk event happening.
    InputOutput
    • Final organizational structure
    • Operating model sketch benefits and risks
    • Redesign risk mitigation plan
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Phase 4

    Plan for Implementation & Change

    This phase will walk you through the following activities:

    4.1 Select a transition plan

    4.2 Establish the change communication messages

    4.3 Be consistent with a standard set of FAQs

    4.4 Define org. redesign resistors

    4.5 Create a sustainment plan

    This phase involves the following participants:

    • CIO
    • IT Leadership
    • Business Leadership
    • HR Business Partners

    All changes require change management

    Change management is:

    Managing a change that requires replanning and reorganizing and that causes people to feel like they have lost control over aspects of their jobs.

    – Padar et al., 2017
    People Process Technology

    Embedding change management into organizational design

    PREPARE A

    Awareness: Establish the need for organizational redesign and ensure this is communicated well.

    This blueprint is mostly focused on the prepare and transition components.

    D

    Desire: Ensure the new structure is something people are seeking and will lead to individual benefits for all.

    TRANSITION K

    Knowledge: Provide stakeholders with the tools and resources to function in their new roles and reporting structure.

    A

    Ability: Support employees through the implementation and into new roles or teams.

    FUTURE R

    Reinforcement: Emphasize and reward positive behaviors and attitudes related to the new organizational structure.

    Implementing the new organizational structure

    Implementing the organizational structure can be the most difficult part of the process.

    • To succeed in the process, consider creating an implementation plan that adequately considers these five components.
    • Each of these are critical to supporting the final organizational structure that was established during the redesign process.

    Implementation Plan

    Transition Plan: Identify the appropriate approach to making the transition, and ensure the transition plan works within the context of the business.

    Communication Strategy: Create a method to ensure consistent, clear, and concise information can be provided to all relevant stakeholders.

    Plan to Address Resistance: Given that not everyone will be happy to move forward with the new organizational changes, ensure you have a method to hear feedback and demonstrate concerns have been heard.

    Employee Development Plan: Provide employees with tools, resources, and the ability to demonstrate these new competencies as they adjust to their new roles.

    Monitor and Sustain the Change: Establish metrics that inform if the implementation of the new organizational structure was successful and reinforce positive behaviors.

    Define the type of change the organizational structure will be

    As a result, your organization must adopt OCM practices to better support the acceptance and longevity of the changes being pursued.

    Incremental Change

    Transformational Change

    Organizational change management is highly recommended and beneficial for projects that require people to:

    • Adopt new tools and workflows.
    • Learn new skills.
    • Comply with new policies and procedures.
    • Stop using old tools and workflows.

    Organizational change management is required for projects that require people to:

    • Move into different roles, reporting structures, and career paths.
    • Embrace new responsibilities, goals, reward systems, and values.
    • Grow out of old habits, ideas, and behaviors.
    • Lose stature in the organization.

    Info-Tech Insight

    How you transition to the new organizational structure can be heavily influenced by HR. This is the time to be including them and leveraging their expertise to support the transition “how.”

    Transition Plan Options

    Description

    Pros

    Cons

    Example

    Big Bang Change

    Change that needs to happen immediately – “ripping the bandage off.”

    • It puts an immediate stop to the current way of operating.
    • Occurs quickly.
    • More risky.
    • People may not buy into the change immediately.
    • May not receive the training needed to adjust to the change.

    A tsunami in Japan stopped all imports and exports. Auto manufacturers were unable to get parts shipped and had to immediately find an alternative supplier.

    Incremental Change

    The change can be rolled out slower, in phases.

    • Can ensure that people are bought in along the way through the change process, allowing time to adjust and align with the change.
    • There is time to ensure training takes place.
    • It can be a timely process.
    • If the change is dragged on for too long (over several years) the environment may change and the rationale and desired outcome for the change may no longer be relevant.

    A change in technology, such as HRIS, might be rolled out one application at a time to ensure that people have time to learn and adjust to the new system.

    Pilot Change

    The change is rolled out for only a select group, to test and determine if it is suitable to roll out to all impacted stakeholders.

    • Able to test the success of the change initiative and the implementation process.
    • Able to make corrections before rolling it out wider, to aid a smooth change.
    • Use the pilot group as an example of successful change.
    • Able to gain buy-in and create change champions from the pilot group who have experienced it and see the benefits.
    • Able to prevent an inappropriate change from impacting the entire organization.
    • Lengthy process.
    • Takes time to ensure the change has been fully worked through.

    A retail store is implementing a new incentive plan to increase product sales. They will pilot the new incentive plan at select stores, before rolling it out broadly.

    4.1 Select a transition plan approach

    1-3 hours

    1. List each of the changes required to move from your current structure to the new structure. Consider:
      1. Changes in reporting structure
      2. Hiring new members
      3. Eliminating positions
      4. Developing key competencies for staff
    2. Once you’ve defined all the changes required, consider the three different transition plan approaches: big bang, incremental, and pilot. Each of the transition plan approaches will have drawbacks and benefits. Use the list of changes to inform the best approach.
    3. If you are proceeding with the incremental or the pilot, determine the order in which you will proceed with the changes or the groups that will pilot the new structure first.
    InputOutput
    • Customized operating model sketch
    • New org. chart
    • Current org. chart
    • List of changes to move from current to future state
    • Transition plan to support changes
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • HR Business Partners

    Record the results in the Organizational Design Workbook

    Make a plan to effectively manage and communicate the change

    Success of your new organizational structure hinges on adequate preparation and effective communication.

    The top challenge facing organizations in completing the organizational redesign is their organizational culture and acceptance of change. Effective planning for the implementation and communication throughout the change is pivotal. Make sure you understand how the change will impact staff and create tailored plans for communication.

    65% of managers believe the organizational change is effective when provided with frequent and clear communication.

    Source: SHRM, 2021

    Communicate reasons for organizational structure changes and how they will be implemented

    Leaders of successful change spend considerable time developing a powerful change message, i.e. a compelling narrative that articulates the desired end state, and that makes the change concrete and meaningful to staff.

    The organizational change message should:

    • Explain why the change is needed.
    • Summarize what will stay the same.
    • Highlight what will be left behind.
    • Emphasize what is being changed.
    • Explain how change will be implemented.
    • Address how change will affect various roles in the organization.
    • Discuss the staff’s role in making the change successful.

    Five elements of communicating change

    • What is the change?
    • Why are we doing it?
    • How are we going to go about it?
    • How long will it take us to do it?
    • What will the role be for each department and individual?
    Source: Cornelius & Associates, 2010

    4.2 Establish the change communication messages

    2 hours

    1. The purpose of this activity is to establish a change communication message you can leverage when talking to stakeholders about the new organizational structure.
    2. Review the questions in the Organizational Design Workbook.
    3. Establish a clear message around the expected changes that will have to take place to help realize the new organizational structure.
    InputOutput
    • Customized operating model sketch
    • New org. chart
    • Current org. chart
    • List of changes
    • Transition plan
    • Change communication message for new organizational structure
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Apply the following communication principles to make your IT organization redesign changes relevant to stakeholders

    Be Clear

    • Say what you mean and mean what you say.
    • Choice of language is important: “Do you think this is a good idea? I think we could really benefit from your insights and experience here.” Or do you mean: “I think we should do this. I need you to do this to make it happen.”
    • Don’t use jargon.

    Be Consistent

    • The core message must be consistent regardless of audience, channel, or medium.
    • Test your communication with your team or colleagues to obtain feedback before delivering to a broader audience.
    • A lack of consistency can be interpreted as an attempt at deception. This can hurt credibility and trust.

    Be Concise

    • Keep communication short and to the point so key messages are not lost in the noise.
    • There is a risk of diluting your key message if you include too many other details.

    Be Relevant

    • Talk about what matters to the stakeholder.
    • Talk about what matters to the initiative.
    • Tailor the details of the message to each stakeholder’s specific concerns.
    • IT thinks in processes but stakeholders only care about results: talk in terms of results.
    • IT wants to be understood but this does not matter to stakeholders. Think: “what’s in it for them?”
    • Communicate truthfully; do not make false promises or hide bad news.

    Frequently asked questions (FAQs) provide a chance to anticipate concerns and address them

    As a starting point for building an IT organizational design implementation, look at implementing an FAQ that will address the following:

    • The what, who, when, why, and where
    • The transition process
    • What discussions should be held with clients in business units
    • HR-centric questions

    Questions to consider answering:

    • What is the objective of the IT organization?
    • What are the primary changes to the IT organization?
    • What does the new organizational structure look like?
    • What are the benefits to our IT staff and to our business partners?
    • How will the IT management team share new information with me?
    • What is my role during the transition?
    • What impact is there to my reporting relationship within my department?
    • What are the key dates I should know about?

    4.3 Be consistent with a standard set of FAQs

    1 hour

    1. Beyond the completed communications plans, brainstorm a list of answers to the key “whats” of your organizational design initiative:
    • What is the objective of the IT organization?
    • What are the primary changes to the IT organization?
    • What does the new organizational structure look like?
    • What are the benefits to our IT staff and to our business partners?
  • Think about any key questions that may rise around the transition:
    • How will the IT management team share new information with me?
    • What is my role during the transition?
    • What impact is there to my reporting relationship within my department?
    • What are the key dates I should know about?
  • Determine the best means of socializing this information. If you have an internal wiki or knowledge-sharing platform, this would be a useful place to host the information.
  • InputOutput
    • Driver(s) for the new organizational structure
    • List of changes to move from current to future state
    • Change communication message
    • FAQs to provide to staff about the organizational design changes
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    The change reaction model

    The image contains a picture of the change reaction model. The model includes a double arrow pointing in both directions of left and right. On top of the arrow are 4 circles spread out on the arrow. They are labelled: Active Resistance, Detachment, Questioning, Acceptance.

    (Adapted from Cynthia Wittig)

    Info-Tech Insight

    People resist changes for many reasons. When it comes to organizational redesign changes, some of the most common reasons people resist change include a lack of understanding, a lack of involvement in the process, and fear.

    Include employees in the employee development planning process

    Prioritize

    Assess employee to determine competency levels and interests.

    Draft

    Employee drafts development goals; manager reviews.

    Select

    Manager helps with selection of development activities.

    Check In

    Manager provides ongoing check-ins, coaching, and feedback.

    Consider core and supplementary components that will sustain the new organizational structure

    Supplementary sustainment components:

    • Tools & Resources
    • Structure
    • Skills
    • Work Environment
    • Tasks
    • Disincentives

    Core sustainment components:

    • Empowerment
    • Measurement
    • Leadership
    • Communication
    • Incentives

    Sustainment Plan

    Sustain the change by following through with stakeholders, gathering feedback, and ensuring that the change rationale and impacts are clearly understood. Failure to so increases the potential that the change initiative will fail or be a painful experience and cost the organization in terms of loss of productivity or increase in turnover rates.

    Support sustainment with clear measurements

    • Measurement is one of the most important components of monitoring and sustaining the new organizational structure as it provides insight into where the change is succeeding and where further support should be added.
    • There should be two different types of measurements:
    1. Standard Change Management Metrics
    2. Organizational Redesign Metrics
  • When gathering data around metrics, consider other forms of measurement (qualitative) that can provide insights on opportunities to enhance the success of the organizational redesign change.
    1. Every measurement should be rooted to a goal. Many of the goals related to organizational design will be founded in the driver of this change initiative
    2. Once the goals have been defined, create one or more measurements that determines if the goal was successful.
    3. Use specific key performance indicators (KPIs) that contain a metric that is being measured and the frequency of that measurement.

    Info-Tech Insight

    Obtaining qualitative feedback from employees, customers, and business partners can provide insight into where the new organizational structure is operating optimally versus where there are further adjustments that could be made to support the change.

    4.4 Consider sustainment metrics

    1 hour

    1. Establish metrics that bring the entire process together and that will ensure the new organizational design is a success.
    2. Go back to your driver(s) for the organizational redesign. Use these drivers to help inform a particular measurement that can be used to determine if the new organizational design will be successful. Each measurement should be related to the positive benefits of the organization, an individual, or the change itself.
    3. Once you have a list of measurements, use these to determine the specific KPI that can be qualified through a metric. Often you are looking for an increase or decrease of a particular measurement by a dollar or percentage within a set time frame.
    4. Use the example metrics in the workbook and update them to reflect your organization’s drivers.
    InputOutput
    • Driver(s) for the new organizational structure
    • List of changes to move from current to future state
    • Change communication message
    • Sustainment metrics
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • CIO
    • IT Leadership
    • Business Leadership

    Record the results in the Organizational Design Workbook

    Related Info-Tech Research

    Build a Strategic IT Workforce Plan

    • Continue into the second phase of the organizational redesign process by defining the required workforce to deliver.
    • Leveraging trends, data, and feedback from your employees, define the competencies needed to deliver on the defined roles.

    Implement a New IT Organizational Structure

    • Organizational design implementations can be highly disruptive for IT staff and business partners.
    • Without a structured approach, IT leaders may experience high turnover, decreased productivity, and resistance to the change.

    Define the Role of Project Management in Agile and Product-Centric Delivery

    • There are many voices with different opinions on the role of project management. This causes confusion and unnecessary churn.
    • Project management and product management naturally align to different time horizons. Harmonizing their viewpoints can take significant work.

    Research Contributors and Experts

    The image contains a picture of Jardena London.

    Jardena London

    Transformation Catalyst, Rosetta Technology Group

    The image contains a picture of Jodie Goulden.

    Jodie Goulden

    Consultant | Founder, OrgDesign Works

    The image contains a picture of Shan Pretheshan.

    Shan Pretheshan

    Director, SUPA-IT Consulting

    The image contains a picture of Chris Briley.

    Chris Briley

    CIO, Manning & Napier

    The image contains a picture of Dean Meyer.

    Dean Meyer

    President N. Dean Meyer and Associates Inc.

    The image contains a picture of Jimmy Williams.

    Jimmy Williams

    CIO, Chocktaw Nation of Oklahoma

    Info-Tech Research Group

    Cole Cioran, Managing Partner

    Dana Daher, Research Director

    Hans Eckman, Principal Research Director

    Ugbad Farah, Research Director

    Ari Glaizel, Practice Lead

    Valence Howden, Principal Research Director

    Youssef Kamar, Senior Manager, Consulting

    Carlene McCubbin, Practice Lead

    Baird Miller, Executive Counsellor

    Josh Mori, Research Director

    Rajesh Parab, Research Director

    Gary Rietz, Executive Counsellor

    Bibliography

    “A Cheat Sheet for HR Professionals: The Organizational Development Process.” AIHR, 2021. Web.

    Acharya, Ashwin, Roni Lieber, Lissa Seem, and Tom Welchman. “How to identify the right ‘spans of control’ for your organization.” McKinsey, 21 December 2017. Web.

    Anand. N., and Jean-Louis Barsoux. “What everyone gets wrong about change management. Harvard Business Review, December 2017. Web.

    Atiken, Chris. “Operating model design-first principles.” From Here On, 24 August 2018. Web.

    “Avoid common digital transformation challenges: Address your IT Operating Model Now.” Sofigate, 5 May 2020. Web.

    Baumann, Oliver, and Brian Wu. “The many dimensions of research on designing flat firms.” Journal of Organizational Design, no. 3, vol. 4. 09 May 2022.Web.

    Bertha, Michael. “Cross the project to product chasm.” CIO, 1 May 2020. Web.

    Blenko, Marcia, and James Root. “Design Principles for a Robust Operating Model.” Bain & Company, 8 April 2015. Web.

    Blenko, Marcia, Leslie Mackrell, and Kevin Rosenberg. “Operating models: How non-profits get from strategy to results.” The Bridge Span Group, 15 August 2019. Web.

    Boulton, Clint. “PVH finds perfect fit in hybrid IT operating model amid pandemic.” CIO, 19 July 2021. Web.

    Boulton, Clint. “Why digital disruption leaves no room for bimodal IT.” CIO, 11 May 2017. Web.

    Bright, David, et al. “Chapter 10: Organizational Structure & Change.” Principles of Management, OpenStax, Rice University, 20 March 2019. Book.

    Campbell, Andrew. “Design Principles: How to manage them.” Ashridge Operating Models. 1 January 2022. Web.

    D., Maria. “3 Types of IT Outsourcing Models and How to Choose Between Them.” Cleveroad, 29 April 2022. Web.

    Devaney, Eric. “9 Types of Organizational Structure Every Company Should Consider.” HubSpot, 11 February 2022. Web.

    Devaney, Erik. “The six building blocks of organizational structure.” Hubspot, 3 June 2020. Web.

    Eisenman, M., S. Paruchuri, and P. Puranam. “The design of emergence in organizations.” Journal of Organization Design, vol. 9, 2020. Web.

    Forbes Business Development Council. “15 Clear Signs It’s Time to Restructure the Business.” Forbes, 10 February 2020. Web.

    Freed, Joseph. “Why Cognitive Load Could Be The Most Important Employee Experience Metric In The Next 10 Years.” Forbes, 30 June 2020. Web.

    Galibraith, Jay. “The Star Model.” JayGalbraith.com, n.d. Web.

    Girod, Stéphane, and Samina Karim. “Restructure or reconfigure?” Harvard Business Review, April 2017. Web.

    Goldman, Sharon. “The need for a new IT Operating Model: Why now?” CIO, 27 August 2019. Web.

    Halapeth, Milind. “New age IT Operating Model: Creating harmony between the old and the new.” Wirpo, n.d. Web.

    Harvey, Michelle. “Why a common operating model is efficient for business productivity.” CMC, 10 May 2020. Web.

    Helfand, Heidi. “Dynamic Reteaming.” O’Reilly Media, 7 July 2020. Book.

    JHeller, Martha. “How Microsoft CIO Jim DuBois changed the IT Operating Model.” CIO, 2 February 2016. Web.

    Heller, Martha. “How Stryker IT Shifted to a global operating model.” CIO, 19 May 2021. Web.

    Heller, Michelle. “Inside blue Shields of California’s IT operating model overhaul.” CIO, 24 February 2021. Web.

    Hessing, Ted. “Value Stream Mapping.” Six Sigma Study Guide, 11 April 2014. Web.

    Huber, George, P. “What is Organization Design.” Organizational Design Community, n.d. Web.

    Indeed Editorial Team. “5 Advantages and Disadvantages of the Matrix Organizational Structure.” Indeed, 23 November 2020. Web.

    Indeed Editorial Team. “How to plan an effective organization restructure.” Indeed, 10 June 2021. Web.

    “Insourcing vs Outsourcing vs Co-Sourcing.” YML Group, n.d. Web.

    “Investing in more strategic roles.” CAPS Research, 3 February 2022. Web.

    Jain, Gagan. “Product IT Operating Model: The next-gen model for a digital work.” DevOps, 22 July 2019. Web.

    Kane, Gerald, D. Plamer, and Anh Phillips. “Accelerating Digital Innovation Inside and Out.” Deloitte Insights, 4 June 2019. Web.

    Krush, Alesia. “IT companies with ‘flat’ structures: utopia or innovative approach?” Object Style, 18 October 2018. Web.

    Law, Michael. “Adaptive Design: Increasing Customer Value in Your Organisation.” Business Agility Institute, 5 October 2020. Web.

    LucidContent Team. “How to get buy-in for changes to your organizational structure.” Lucid Chart, n.d. Web.

    Matthews, Paul. “Do you know the difference between competence and capability?” The People Development Magazine, 25 September 2020. Web.

    Meyer, Dean N. “Analysis: Common symptoms of organizational structure problems.” NDMA, n.d. Web.

    Meyer, N. Dean. “Principle-based Organizational Structure.” NDMA Publishing, 2020. Web.

    Morales Pedraza, Jorge. Answer to posting, “What is the relationship between structure and strategy?” ResearchGate.net, 5 March 2014. Web.

    Nanjad, Len. “Five non-negotiables for effective organization design change.” MNP, 01 October 2021. Web.

    Neilson, Gary, Jaime Estupiñán, and Bhushan Sethi. “10 Principles of Organizational Design.” Strategy & Business, 23 March 2015. Web.

    Nicastro, Dom. “Understanding the Foundational Concepts of Organizational Design.” Reworked, 24 September 2020. Web.

    Obwegeser, Nikolaus, Tomoko Yokoi, Michael Wade, and Tom Voskes. “7 Key Principles to Govern Digital Initiatives.” MIT Sloan, 1 April 2020. Web.

    “Operating Models and Tools.” Business Technology Standard, 23 February 2021. Web.

    “Organizational Design Agility: Journey to a combined community.” ODF-BAI How Space, Organizational Design Forum, 2022. Web.

    “Organizational Design: Understanding and getting started.” Ingentis, 20 January 2021. Web.

    Padar, Katalin, et al. “Bringing project and change management roles into sync.” Journal of Change Management, 2017. Web.

    Partridge, Chris. “Evolve your Operating Model- It will drive everything.” CIO, 30 July 2021. Web.

    Pijnacker, Lieke. “HR Analytics: role clarity impacts performance.” Effectory, 25 September 2019. Web.

    Pressgrove, Jed. “Centralized vs. Federated: Breaking down IT Structures.” Government Technology, March 2020. Web.

    Sherman, Fraser. “Differences between Organizational Structure and Design.” Bizfluent, 20 September 2019. Web.

    Skelton, Matthew, and Manual Pais. “Team Cognitive Load.” IT Revolution, 19 January 2021. Web.

    Skelton, Matthew, and Manual Pais. Team Topologies. IT Revolution Press, 19 September 2019. Book

    Spencer, Janet, and Michael Watkins. “Why organizational change fails.” TLNT, 26 November 2019. Web.

    Storbakken, Mandy. “The Cloud Operating Model.” VMware, 27 January 2020. Web.

    "The Qualities of Leadership: Leading Change.” Cornelius & Associates, 2010. Web.

    “Understanding Organizational Structures.” SHRM, 31 August 2021. Web.

    "unfix Pattern: Base.” AgilityScales, n.d. Web.

    Walker, Alex. “Half-Life: Alyx helped change Valve’s Approach to Development.” Kotaku, 10 July 2020. Web.

    "Why Change Management.” Prosci, n.d. Web.

    Wittig, Cynthia. “Employees' Reactions to Organizational Change.” OD Practioner, vol. 44, no. 2, 2012. Web.

    Woods, Dan. “How Platforms are neutralizing Conway’s Law.” Forbes, 15 August 2017. Web.

    Worren, Nicolay, Jeroen van Bree, and William Zybach. “Organization Design Challenges. Results from a practitioner survey.” Journal of Organizational Design, vol. 8, 25 July 2019. Web.

    Appendix

    IT Culture Framework

    This framework leverages McLean & Company’s adaptation of Quinn and Rohrbaugh’s Competing Values Approach.

    The image contains a diagram of the IT Culture Framework. The framework is divided into four sections: Competitive, Innovative, Traditional, and Cooperative, each with their own list of descriptors.

    Develop and Implement a Security Incident Management Program

    • Buy Link or Shortcode: {j2store}316|cart{/j2store}
    • member rating overall impact (scale of 10): 9.2/10 Overall Impact
    • member rating average dollars saved: $105,346 Average $ Saved
    • member rating average days saved: 39 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Tracked incidents are often classified into ready-made responses that are not necessarily applicable to the organization. With so many classifications, tracking becomes inefficient and indigestible, allowing major incidents to fall through the cracks.
    • Outcomes of incident response tactics are not formally tracked or communicated, resulting in a lack of comprehensive understanding of trends and patterns regarding incidents, leading to being re-victimized by the same vector.
    • Having a formal incident response document to meet compliance requirements is not useful if no one is adhering to it.

    Our Advice

    Critical Insight

    • You will experience incidents. Don’t rely on ready-made responses. They’re too broad and easy to ignore. Save your organization response time and confusion by developing your own specific incident use cases.
    • Analyze, track, and review results of incident response regularly. Without a comprehensive understanding of incident trends and patterns, you can be re-victimized by the same attack vector.
    • Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and exchange information with other organizations to stay ahead of incoming threats.

    Impact and Result

    • Effective and efficient management of incidents involves a formal process of preparation, detection, analysis, containment, eradication, recovery, and post-incident activities.
    • This blueprint will walk through the steps of developing a scalable and systematic incident response program relevant to your organization.

    Develop and Implement a Security Incident Management Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop and implement a security incident management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare

    Equip your organization for incident response with formal documentation of policies and processes.

    • Develop and Implement a Security Incident Management Program – Phase 1: Prepare
    • Security Incident Management Maturity Checklist ‒ Preliminary
    • Information Security Requirements Gathering Tool
    • Incident Response Maturity Assessment Tool
    • Security Incident Management Charter Template
    • Security Incident Management Policy Template
    • Security Incident Management RACI Tool

    2. Operate

    Act with efficiency and effectiveness as new incidents are handled.

    • Develop and Implement a Security Incident Management Program – Phase 2: Operate
    • Security Incident Management Plan
    • Security Incident Runbook Prioritization Tool
    • Security Incident Management Runbook: Credential Compromise
    • Security Incident Management Workflow: Credential Compromise (Visio)
    • Security Incident Management Workflow: Credential Compromise (PDF)
    • Security Incident Management Runbook: Distributed Denial of Service
    • Security Incident Management Workflow: Distributed Denial of Service (Visio)
    • Security Incident Management Workflow: Distributed Denial of Service (PDF)
    • Security Incident Management Runbook: Malware
    • Security Incident Management Workflow: Malware (Visio)
    • Security Incident Management Workflow: Malware (PDF)
    • Security Incident Management Runbook: Malicious Email
    • Security Incident Management Workflow: Malicious Email (Visio)
    • Security Incident Management Workflow: Malicious Email (PDF)
    • Security Incident Management Runbook: Ransomware
    • Security Incident Management Workflow: Ransomware (Visio)
    • Security Incident Management Workflow: Ransomware (PDF)
    • Security Incident Management Runbook: Data Breach
    • Security Incident Management Workflow: Data Breach (Visio)
    • Security Incident Management Workflow: Data Breach (PDF)
    • Data Breach Reporting Requirements Summary
    • Security Incident Management Runbook: Third-Party Incident
    • Security Incident Management Workflow: Third-Party Incident (Visio)
    • Security Incident Management Workflow: Third-Party Incident (PDF)
    • Security Incident Management Runbook: Blank Template

    3. Maintain and optimize

    Manage and improve the incident management process by tracking metrics, testing capabilities, and leveraging best practices.

    • Develop and Implement a Security Incident Management Program – Phase 3: Maintain and Optimize
    • Security Incident Metrics Tool
    • Post-Incident Review Questions Tracking Tool
    • Root-Cause Analysis Template
    • Security Incident Report Template
    [infographic]

    Workshop: Develop and Implement a Security Incident Management Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare Your Incident Response Program

    The Purpose

    Understand the purpose of incident response.

    Formalize the program.

    Identify key players and escalation points.

    Key Benefits Achieved

    Common understanding of the importance of incident response.

    Various business units becoming aware of their roles in the incident management program.

    Formalized documentation.

    Activities

    1.1 Assess the current process, obligations, scope, and boundaries of the incident management program.

    1.2 Identify key players for the response team and for escalation points.

    1.3 Formalize documentation.

    1.4 Prioritize incidents requiring preparation.

    Outputs

    Understanding of the incident landscape

    An identified incident response team

    A security incident management charter

    A security incident management policy

    A list of top-priority incidents

    A general security incident management plan

    A security incident response RACI chart

    2 Develop Incident-Specific Runbooks

    The Purpose

    Document the clear response procedures for top-priority incidents.

    Key Benefits Achieved

    As incidents occur, clear response procedures are documented for efficient and effective recovery.

    Activities

    2.1 For each top-priority incident, document the workflow from detection through analysis, containment, eradication, recovery, and post-incident analysis.

    Outputs

    Up to five incident-specific runbooks

    3 Maintain and Optimize the Program

    The Purpose

    Ensure the response procedures are realistic and effective.

    Identify key metrics to measure the success of the program.

    Key Benefits Achieved

    Real-time run-through of security incidents to ensure roles and responsibilities are known.

    Understanding of how to measure the success of the program.

    Activities

    3.1 Limited scope tabletop exercise.

    3.2 Discuss key metrics.

    Outputs

    Completed tabletop exercise

    Key success metrics identified

    Further reading

    Develop and Implement a Security Incident Management Program

    Create a scalable incident response program without breaking the bank.

    ANALYST PERSPECTIVE

    Security incidents are going to happen whether you’re prepared or not. Ransomware and data breaches are just a few top-of-mind threats that all organizations deal with. Taking time upfront to formalize response plans can save you significantly more time and effort down the road. When an incident strikes, don’t waste time deciding how to remediate. Rather, proactively identify your response team, optimize your response procedures, and track metrics so you can be prepared to jump to action.

    Céline Gravelines,
    Senior Research Analyst
    Security, Risk & Compliance Info-Tech Research Group

    Picture of Céline Gravelines

    Céline Gravelines,
    Senior Research Analyst
    Security, Risk & Compliance Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For

    • A CISO who is dealing with the following:
      • Inefficient use of time and money when retroactively responding to incidents, negatively affecting business revenue and workflow.
      • Resistance from management to adequately develop a formal incident response plan.
      • Lack of closure of incidents, resulting in being re-victimized by the same vector.

    This Research Will Help You

    • Develop a consistent, scalable, and usable incident response program that is not resource intensive.
    • Track and communicate incident response in a formal manner.
    • Reduce the overall impact of incidents over time.
    • Learn from past incidents to improve future response processes.

    This Research Will Also Assist

    • Business stakeholders who are responsible for the following:
    • Improving workflow and managing operations in the event of security incidents to reduce any adverse business impacts.
    • Ensuring that incident response compliance requirements are being adhered to.

    This Research Will Help Them

    • Efficiently allocate resources to improve incident response in terms of incident frequency, response time, and cost.
    • Effectively communicate expectations and responsibilities to users.

    Executive Summary

    Situation

    • Security incidents are inevitable, but how they’re dealt with can make or break an organization. Poor incident response negatively affects business practices, including workflow, revenue generation, and public image.
    • The incident response of most organizations is ad hoc at best. A formal management plan is rarely developed or adhered to, resulting in ineffective firefighting responses and inefficient allocation of resources.

    Complication

    • Tracked incidents are often classified into ready-made responses that are not necessarily applicable to the organization. With so many classifications, tracking becomes inefficient and indigestible, allowing major incidents to fall through the cracks.
    • Outcomes of incident response tactics are not formally tracked or communicated, resulting in a lack of comprehensive understanding of trends and patterns regarding incidents, leading to being revictimized by the same vector.
    • Having a formal incident response document to meet compliance requirements is not useful if no one is adhering to it.

    Resolution

    • Effective and efficient management of incidents involves a formal process of preparation, detection, analysis, containment, eradication, recovery, and post-incident activities.
    • This blueprint will walk through the steps of developing a scalable and systematic incident response program relevant to your organization.

    Info-Tech Insight

    • You will experience incidents. Don’t rely on ready-made responses. They’re too broad and easy to ignore. Save your organization response time and confusion by developing your own specific incident use cases.
    • Analyze, track, and review results of incident response regularly. Without a comprehensive understanding of incident trends and patterns, you can be re-victimized by the same attack vector.
    • Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and exchange information with other organizations to stay ahead of incoming threats.

    Data breaches are resulting in major costs across industries

    Per capita cost by industry classification of benchmarked companies (measured in USD)

    This is a bar graph showing the per capita cost by industry classification of benchmarked companies(measured in USD). the companies are, in decreasing order of cost: Health; Financial; Services; Pharmaceutical; Technology; Energy; Education; Industrial; Entertainment; Consumer; Media; Transportation; Hospitality; Retail; Research; Public

    Average data breach costs per compromised record hit an all-time high of $148 (in 2018).
    (Source: IBM, “2018 Cost of Data Breach Study)”

    % of systems impacted by a data breach
    1%
    No Impact
    19%
    1-10% impacted
    41%
    11-30% impacted
    24%
    31-50% impacted
    15%
    > 50% impacted
    % of customers lost from a data breach
    61% Lost
    < 20%
    21% Lost 20-40% 8% Lost
    40-60%
    6% Lost
    60-80%
    4% Lost
    80-100%
    % of customers lost from a data breach
    58% Lost
    <20%
    25% Lost
    20-40%
    9% Lost
    40-60%
    5% Lost
    60-80%
    4% Lost
    80-100%

    Source: Cisco, “Cisco 2017 Annual Cybersecurity Report”

    Defining what is security incident management

    IT Incident

    Any event not a part of the standard operation of a service which causes, or may cause, the interruption to, or a reduction in, the quality of that service.

    Security Event:

    A security event is anything that happens that could potentially have information security implications.

    • A spam email is a security event because it may contain links to malware.
    • Organizations may be hit with thousands or perhaps millions of identifiable security events each day.
    • These are typically handled by automated tools or are simply logged.

    Security Incident:

    A security incident is a security event that results in damage such as lost data.

    • Incidents can also include events that don't involve damage but are viable risks.
    • For example, an employee clicking on a link in a spam email that made it through filters may be viewed as an incident.

    It’s not a matter of if you have a security incident, but when

    The increasing complexity and prevalence of threats have finally caught the attention of corporate leaders. Prepare for the inevitable with an incident response program.

    1. A formalized incident response program reduced the average cost of a data breach (per capita) from $148 to $134, while third-party involvement increased costs by $13.40.
    2. US organizations lost an average of $7.91 million per data breach as a result of increased customer attrition and diminished goodwill. Canada and the UK follow suit at $1.57 and $1.39 million, respectively.
    3. 73% of breaches are perpetrated by outsiders, 50% are the work of criminal groups, and 28% involve internal actors.
    4. 55% of companies have to manage fallout, such as reputational damage after a data breach.
    5. The average cost of a data breach increases by $1 million if left undetected for > 100 days.

    (Sources: IBM, “2018 Cost of Data Breach Study”; Verizon, “2017 Data Breach Investigations Report”; Cisco, “Cisco 2018 Annual Cybersecurity Report”)

    Threat Actor Examples

    The proliferation of hacking techniques and commoditization of hacking tools has enabled more people to become threat actors. Examples include:
    • Organized Crime Groups
    • Lone Cyber Criminals
    • Competitors
    • Nation States
    • Hacktivists
    • Terrorists
    • Former Employees
    • Domestic Intelligence Services
    • Current Employees (malicious and accidental)

    Benefits of an incident management program

    Effective incident management will help you do the following:

    Improve efficacy
    Develop structured processes to increase process consistency across the incident response team and the program as a whole. Expose operational weak points and transition teams from firefighting to innovating.

    Improve threat detection, prevention, analysis, and response
    Enhance your pressure posture through a structured and intelligence-driven incident handling and remediation framework.

    Improve visibility and information sharing
    Promote both internal and external information sharing to enable good decision making.

    Create and clarify accountability and responsibility
    Establish a clear level of accountability throughout the incident response program, and ensure role responsibility for all tasks and processes involved in service delivery.

    Control security costs
    Effective incident management operations will provide visibility into your remediation processes, enabling cost savings from misdiagnosed issues and incident reduction.

    Identify opportunities for continuous improvement
    Increase visibility into current performance levels and accurately identify opportunities for continuous improvement with a holistic measurement program.

    Impact

    Short term:
    • Streamlined security incident management program.
    • Formalized and structured response process.
    • Comprehensive list of operational gaps and initiatives.
    • Detailed response runbooks that predefine necessary operational protocol.
    • Compliance and audit adherence.
    Long term:
    • Reduced incident costs and remediation time.
    • Increased operational collaboration between prevention, detection, analysis, and response efforts.
    • Enhanced security pressure posture.
    • Improved communication with executives about relevant security risks to the business.
    • Preserved reputation and brand equity.

    Incident management is essential for organizations of any size

    Your incidents may differ, but a standard response ensures practical security.

    Certain regulations and laws require incident response to be a mandatory process in organizations.

    Compliance Standard Examples Description
    Federal Information Security Modernization Act (FISMA)
    • Organizations must have “procedures for detecting, reporting, and responding to security incidents” (2002).
    • They must also “inform operators of agency information systems about current and potential information security threats and vulnerabilities.”
    Federal Information Processing Standards (FIPS)
    • “Organizations must: (i) establish an operational incident handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities.”
    Payment Card Industry Data Security Standard (PCI DSS v3)
    • 12.5.3: “Establish, document, and distribute security incident response and escalation procedures to ensure timely and effective handling of all situations.”
    Health Insurance Portability and Accountability Act (HIPAA)
    • 164.308: Response and Reporting – “Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity; and document security incidents and their outcomes.”

    Security incident management is applicable to all verticals

    Examples:
    • Finance
    • Insurance
    • Healthcare
    • Public administration
    • Education services
    • Professional services
    • Scientific and technical services

    Maintain a holistic security operations program

    Legacy security operations centers (SOCs) fail to address gaps between data sources, network controls, and human capital. There is limited visibility and collaboration between departments, resulting in siloed decisions that do not support the best interests of the organization.

    Security operations is part of what Info-Tech calls a threat collaboration environment, where members must actively collaborate to address cyberthreats affecting the organization’s brand, business operation, and technology infrastructure on a daily basis.

    Prevent: Defense in depth is the best approach to protect against unknown and unpredictable attacks. Diligent patching and vulnerability management, endpoint protection, and strong human-centric security (amongst other tactics) are essential. Detect: There are two types of companies – those who have been breached and know it, and those who have been breached and don’t know it. Ensure that monitoring, logging, and event detection tools are in place and appropriate to your organizational needs.
    Analyze: Raw data without interpretation cannot improve security and is a waste of time, money, and effort. Establish a tiered operational process that not only enriches data but also provides visibility into your threat landscape. Respond: Organizations can’t rely on an ad hoc response anymore – don’t wait until a state of panic. Formalize your response processes in a detailed incident runbook to reduce incident remediation time and effort.

    Info-Tech’s incident response blueprint is one of four security operations initiatives

    Design and Implement a Vulnerability Management Program Vulnerability Management
    Vulnerability management revolves around the identification, prioritization, and remediation of vulnerabilities. Vulnerability management teams hunt to identify which vulnerabilities need patching and remediating.
    • Vulnerability Tracking Tool
    • Vulnerability Scanning Tool RFP Template
    • Penetration Test RFP Template
    • Vulnerability Mitigation Process Template
    Integrate Threat Intelligence Into Your Security Operations Vulnerability Management
    Vulnerability management revolves around the identification, prioritization, and remediation of vulnerabilities. Vulnerability management teams hunt to identify which vulnerabilities need patching and remediating.
    • Threat Intelligence Maturity Assessment Tool
    • Threat Intelligence RACI Tool
    • Threat Intelligence Management Plan Template
    • Threat Intelligence Policy Template
    • Threat Intelligence Alert Template
    • Threat Intelligence Alert and Briefing Cadence Schedule Template
    Develop Foundational Security Operations Processes Operations
    Security operations include the real-time monitoring and analysis of events based on the correlation of internal and external data sources. This also includes incident escalation based on impact. These analysts are constantly tuning and tweaking rules and reporting thresholds to further help identify which indicators are most impactful during the analysis phase of operations.
    • Security Operations Maturity Assessment Tool
    • Security Operations Event Prioritization Tool
    • Security Operations Efficiency Calculator
    • Security Operations Policy
    • In-House vs. Outsourcing Decision-Making Tool
    • Seccrimewareurity Operations RACI Tool
    • Security Operations TCO & ROI Comparison Calculator
    Develop and Implement a Security Incident Management Program Incident Response (IR)
    Effective and efficient management of incidents involves a formal process of analysis, containment, eradication, recovery, and post-incident activities. Incident response teams coordinate root cause and incident gathering while facilitating post-incident lessons learned. Incident response can provide valuable threat data that ties specific indicators to threat actors or campaigns.
    Security Incident Management Policy
    • Security Incident Management Plan
    • Incident Response Maturity Assessment Tool
    • Security Incident Runbook Prioritization Tool
    • Security Incident Management RACI Tool
    • Various Incident Management Runbooks

    Understand how incident response ties into related processes

    Info-Tech Resources:
    Business Continuity Plan Develop a Business Continuity Plan
    Disaster Recovery Plan Create a Right-Sized Disaster Recovery Plan
    Security Incident Management Develop and Implement a Security Incident Management Program
    Incident Management Incident and Problem Management
    Service Desk Standardize the Service Desk

    Develop and Implement a Security Incident Management Program – project overview

    1. Prepare 2. Operate 3. Maintain and Optimize
    Best-Practice Toolkit 1.1 Establish the Drivers, Challenges, and Benefits.

    1.2 Examine the Security Incident Landscape and Trends.

    1.3 Understand Your Security Obligations, Scope, and Boundaries.

    1.4 Gauge Your Current Process to Identify Gaps.

    1.5 Formalize the Security Incident Management Charter.

    1.6 Identify Key Players and Develop a Call Escalation Tree.

    1.7 Develop a Security Incident Management Policy.

    2.1 Understand the Incident Response Framework.

    2.2 Understand the Purpose of Runbooks.

    2.3 Prioritize the Development of Incident-Specific Runbooks.

    2.4 Develop Top-Priority Runbooks.

    2.5 Fill Out the Root-Cause Analysis Template.

    2.6 Customize the Post-Incident Review Questions Tracking Tool to Standardize Useful Questions for Lessons-Learned Meetings.

    2.7 Complete the Security Incident Report Template.

    3.1 Conduct Tabletop Exercises.

    3.2 Initialize a Security Incident Management Metrics Program.

    3.3 Leverage Best Practices for Continuous Improvement.

    Guided Implementations Understand the incident response process, and define your security obligations, scope, and boundaries.

    Formalize the incident management charter, RACI, and incident management policy.
    Use the framework to develop a general incident management plan.

    Prioritize and develop top-priority runbooks.
    Develop and facilitate tabletop exercises.

    Create an incident management metrics program, and assess the success of the incident management program.
    Onsite Workshop Module 1:
    Prepare for Incident Response
    Module 2:
    Handle Incidents
    Module 3:
    Review and Communicate Security Incidents
    Phase 1 Outcome:
  • Formalized stakeholder support
  • Security Incident Management Policy
  • Security Incident Management Charter
  • Call Escalation Tree
  • Phase 2 Outcome:
    • A generalized incident management plan
    • A prioritized list of incidents
    • Detailed runbooks for top-priority incidents
    Phase 3 Outcome:
    • A formalized tracking system for benchmarking security incident metrics.
    • Recommendations for optimizing your security incident management processes.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities
    • Kick off and introductions.
    • High-level overview of weekly activities and outcomes.
    • Understand the benefits of security incident response management.
    • Formalize stakeholder support.
    • Assess your current process, obligations, and scope.
    • Develop RACI chart.
    • Define impact and scope.
    • Identify key players for the threat escalation protocol.
    • Develop a security incident response policy.
    • Develop a general security incident response plan.
    • Prioritize incident-specific runbook development.
    • Understand the incident response process.
    • Develop general and incident-specific call escalation trees.
    • Develop specific runbooks for your top-priority incidents (e.g. ransomware).
      • Detect the incident.
      • Analyze the incident.
      • Contain the incident.
      • Eradicate the root cause.
      • Recover from the incident.
      • Conduct post-incident analysis and communication.
    • Develop specific runbooks for your next top-priority incidents:
      • Detect the incident.
      • Analyze the incident.
      • Contain the incident.
      • Eradicate the root cause.
      • Recover from the incident.
      • Conduct post-incident analysis and communication.
    • Determine key metrics to track and report.
    • Develop post-incident activity documentation.
    • Understand best practices for both internal and external communication.
    • Finalize key deliverables created during the workshop.
    • Present the security incident response program to key stakeholders.
    • Workshop executive presentation and debrief.
    • Finalize main deliverables.
    • Schedule subsequent Analyst Calls.
    • Schedule feedback call.
    Deliverables
    • Security Incident Management Maturity Checklist ‒ Preliminary
    • Security Incident Management RACI Tool
    • Security Incident Management Policy
    • General incident management plan
    • Security Incident Management Runbook
    • Development prioritization
    • Prioritized list of runbooks
    • Understanding of incident handling process
    • Incident-specific runbooks for two incidents (including threat escalation criteria and Visio workflow)
    • Discussion points for review with response team
    • Incident-specific runbooks for two incidents (including threat escalation criteria and Visio workflow)
    • Discussion points for review with response team
    • Security Incident Metrics Tool
    • Post-Incident Review Questions Tracking Tool
    • Post-Incident Report Analysis Template
    • Root Cause Analysis Template
    • Post-Incident Review Questions Tracking Tool
    • Communication plans
    • Workshop summary documentation
  • All final deliverables
  • Measured value for Guided Implementations

    Engaging in GIs doesn’t just offer valuable project advice – it also results in significant cost savings.

    GI Purpose Measured Value
    Section 1: Prepare

    Understand the need for an incident response program.
    Develop your incident response policy and plan.
    Develop classifications around incidents.
    Establish your program implementation roadmap.

    Time, value, and resources saved using our classification guidance and templates: 2 FTEs*2 days*$80,000/year = $1,280
    Time, value, and resources saved using our classification guidance and templates:
    2 FTEs*5 days*$80,000/year = $3,200

    Section 2: Operate

    Prioritize runbooks and develop the processes to create your own incident response program:

  • Detect
  • Analyze
  • Contain
  • Eradicate
  • Recover
  • Post-Incident Activity
  • Time, value, and resources saved using our guidance:
    4 FTEs*10 days*$80,000/year = $12,800 (if done internally)

    Time, value, and resources saved using our guidance:
    1 consultant*15 days*$2,000/day = $30,000 (if done by third party)
    Section 3: Maintain and Optimize Develop methods of proper reporting and create templates for communicating incident response to key parties. Time, value, and resources saved using our guidance, templates, and tabletop exercises:
    2 FTEs*3 days*$80,000/year = $1,920
    Total Costs To just get an incident response program off the ground. $49,200

    Insurance company put incident response aside; executives were unhappy

    Organization implemented ITIL, but formal program design became less of a priority and turned more ad hoc.

    Situation

    • Ad hoc processes created management dissatisfaction around the organization’s ineffective responses to data breaches.
    • Because of the lack of formal process, an entirely new security team needed to be developed, costing people their positions.

    Challenges

    • Lack of criteria to categorize and classify security incidents.
    • Need to overhaul the long-standing but ineffective program means attempting to change mindsets, which can be time consuming.
    • Help desk is not very knowledgeable on security.
    • New incident response program needs to be in alignment with data classification policy and business continuity.
    • Lack of integration with MSSP’s ticketing system.

    Next steps:

    • Need to get stakeholder buy-in for a new program.
    • Begin to establish classification/reporting procedures.

    Follow this case study to Phase 1

    Phase 1

    Prepare

    Develop and Implement a Security Incident Management Program

    Phase 1: Prepare

    PHASE 1 PHASE 2 PHASE 3
    Prepare Operate Optimize

    This phase walks you through the following activities:

    1.1 Establish the drivers, challenges, and benefits.
    1.2 Examine the security incident landscape and trends.
    1.3 Understand your security obligations, scope, and boundaries.
    1.4 Gauge your current process to identify gaps.
    1.5 Formalize a security incident management charter.
    1.6 Identify key players and develop a call escalation tree.
    1.7 Develop a security incident management policy.

    This phase involves the following participants:

    • CISO
    • Security team
    • IT staff
    • Business leaders

    Outcomes of this phase

    • Formalized stakeholder support.
    • Security incident management policy.
    • Security incident management charter.
    • Call escalation tree.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Prepare for Incident Response
    Proposed Time to Completion: 3 Weeks
    Step 1.1-1.3 Understand Incident Response Step 1.4-1.7 Begin Developing Your Program
    Start with an analyst kick-off call:
  • Discuss your current incident management status.
  • Review findings with analyst:
  • Review documents.
  • Then complete these activities…
    • Establish your security obligations, scope, and boundaries.
    • Identify the drivers, challenges, and benefits of formalized incident response.
    • Review any existing documentation.
    Then complete these activities…
    • Discuss further incident response requirements.
    • Identify key players for escalation and notifications.
    • Develop the policy.
    • Develop the plan.

    With these tools & templates:
    Security Incident Management Maturity Checklist ‒ Preliminary Information Security Requirements Gathering Tool

    With these tools & templates:
    Security Incident Management Policy
    Security Incident Management Plan
    Phase 1 Results & Insights:

    Ready-made incident response solutions often contain too much coverage: too many irrelevant cases that are not applicable to the organization are accounted for, making it difficult to sift through all the incidents to find the ones you care about. Develop specific incident use cases that correspond with relevant incidents to quickly identify the response process and eliminate ambiguity when handled by different individuals.

    Ice breaker: What is a security incident for your organization?

    1.1 Whiteboard Exercise – 60 minutes

    How do you classify various incident types between service desk, IT/infrastructure, and security?

    • Populate sticky notes with various incidents and assign them to the appropriate team.
      • Who owns the remediation? When are other groups involved? What is the triage/escalation process?
      • What other groups need to be notified (e.g. cyber insurance, Legal, HR, PR)?
      • Are there dependencies among incidents?
      • What are we covering in the scope of this project?

    Select Software With the Right Satisfaction Drivers in Mind

    • Buy Link or Shortcode: {j2store}606|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Software selection needs to provide satisfaction. Across the board, satisfaction is easy to achieve in the short term, but long-term satisfaction is much harder to attain. It’s not clear what leads to long-term satisfaction, and it’s even more difficult to determine which software continuously delivers on key satisfaction drivers to support the business.

    Our Advice

    Critical Insight

    • Software satisfaction drops over time. After the initial purchase, the novelty factor of new software begins to wane, and only long-term satisfaction drivers sustain satisfaction after five years.
    • Surface-level satisfaction has immediate effects, but it only provides satisfaction in the short term. Deep satisfaction has a lasting impact that can shape organizational satisfaction and productivity in meaningful ways.
    • Empower IT decision makers with knowledge about what drives satisfaction in the top five and bottom five software vendors in spotlighted categories.

    Impact and Result

    • Reorient discussion around how software is implemented around satisfaction rather than what’s in fashion.
    • Identify software satisfaction drivers that provide deep satisfaction to get the most out of software over the long term.
    • Appreciate the best from the rest and learn which software categories and brands buck the trend of declining satisfaction.

    Select Software With the Right Satisfaction Drivers in Mind Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand what drives user satisfaction

    Gain insight on the various factors that influence software satisfaction.

    • Select Software With the Right Satisfaction Drivers in Mind Storyboard

    2. Learn what provides deep satisfaction

    Reduce the size of your RFPs or skip them entirely to limit time spent watching vendor dog and pony shows.

    3. Appreciate what separates the best from the rest

    Narrow the field to four contenders prior to in-depth comparison and engage in accelerated enterprise architecture oversight.

    [infographic]

    Build an Application Rationalization Framework

    • Buy Link or Shortcode: {j2store}173|cart{/j2store}
    • member rating overall impact (scale of 10): 9.2/10 Overall Impact
    • member rating average dollars saved: $39,942 Average $ Saved
    • member rating average days saved: 23 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Almost two-thirds of organizations report that they have too many or far too many applications due to sprawl from poorly managed portfolios, and application managers are spending too much time supporting non-critical applications and not enough time on their most vital ones.
    • The necessary pieces of rationalization are rarely in one place. You need to assemble the resources to collect vital rationalization criteria.
    • There is a lack of standard practices to define the business value that the applications in a portfolio provide, and without value rationalization, decisions are misaligned to business needs.

    Our Advice

    Critical Insight

    There is no “one size fits all.” Applying a rigid approach to rationalization with inflexible inputs can delay or prevent you from realizing value. Play to your strengths and build a framework that aligns to your goals and limitations.

    Impact and Result

    • Define the roles, responsibilities, and outputs for application rationalization within your application portfolio management practice.
    • Build a tailored application rationalization framework (ARF) aligned with your motivations, goals, and limitations.
    • Apply the various application assessments to produce the information that your dispositions will be based on.
    • Initiate an application portfolio roadmap that will showcase your rationalization decisions to key stakeholders.

    Build an Application Rationalization Framework Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should rationalize your applications and why you need a framework that is specific to your goals and limitations, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Lay your foundations

    Define the motivations, goals, and scope of your rationalization effort. Build the action plan and engagement tactics to roll out the rationalization activities.

    • Build an Application Rationalization Framework – Phase 1: Lay Your Foundations
    • Application Rationalization Tool

    2. Plan your application rationalization framework

    Understand the core assessments performed in application rationalizations. Define your application rationalization framework and degree of rigor in applying these assessments based on your goals and limitations.

    • Build an Application Rationalization Framework – Phase 2: Plan Your Application Rationalization Framework

    3. Test and adapt your application rationalization framework

    Test your application rationalization framework using Info-Tech’s tool set on your first iteration. Perform a retrospective and adapt your framework based on that experience and outcomes.

    • Build an Application Rationalization Framework – Phase 3: Test and Adapt Your Application Rationalization Framework
    • Application TCO Calculator
    • Value Calculator

    4. Initiate your roadmap

    Review, determine, and prioritize your dispositions to ensure they align to your goals. Initiate an application portfolio roadmap to showcase your rationalization decisions to key stakeholders.

    • Build an Application Rationalization Framework – Phase 4: Initiate Your Roadmap
    • Disposition Prioritization Tool
    [infographic]

    Workshop: Build an Application Rationalization Framework

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay Your Foundations

    The Purpose

    Define the goals, scope, roles, and responsibilities of your rationalization effort.

    Key Benefits Achieved

    Defined motivations, long and short-term goals, and metrics for your rationalization effort.

    Definition of application.

    Defined roles and responsibilities for your rationalization effort.

    Activities

    1.1 Define motivations and goals for rationalization.

    1.2 Define “application.”

    1.3 Identify team and responsivities.

    1.4 Adapt target dispositions.

    1.5 Initiate Application Rationalization Framework (ARF).

    Outputs

    Goals, motivations, and metrics for rationalizations

    Definition of “Application”

    Defined dispositions

    Defined core APM team and handoffs

    2 Assess Business Value

    The Purpose

    Review and adapt Info-Tech’s methodology and toolset.

    Assess business value of applications.

    Key Benefits Achieved

    Tailored application rationalization framework

    Defined business value drivers

    Business value scores for applications

    Activities

    2.1 Review Application Rationalization Tool.

    2.2 Review focused apps, capabilities, and areas of functionality overlap.

    2.3 Define business value drivers.

    2.4 Determine the value score of focused apps.

    Outputs

    Application Rationalization Tool

    List of functional overlaps

    Weighed business value drivers

    Value scores for focused application

    Value Calculator

    3 Gather Application Information

    The Purpose

    Continue to review and adapt Info-Tech’s methodology and toolset.

    Key Benefits Achieved

    Tailored application rationalization framework

    TCO values for applications

    Technical health review of applications

    Recommended dispositions for applications

    Activities

    3.1 Determine TCO for focused apps.

    3.2 Determine technical health of focused apps.

    3.3 Review APA.

    3.4 Review recommended dispositions.

    3.5 Perform retrospective of assessments and adapt ARF.

    Outputs

    TCO of focused applications

    TCO Calculator

    Technical health of focused apps

    Defined rationalization criteria

    Recommended disposition for focused apps

    4 Gather, Assess, and Select Dispositions

    The Purpose

    Review and perform high-level prioritization of dispositions.

    Build a roadmap for dispositions.

    Determine ongoing rationalization and application portfolio management activities.

    Key Benefits Achieved

    Application Portfolio Roadmap

    Prioritized Dispositions

    Activities

    4.1 Determine dispositions.

    4.2 Prioritize dispositions.

    4.3 Initiate portfolio roadmap.

    4.4 Build an action plan for next iterations and ongoing activities.

    4.5 Finalize ARF.

    Outputs

    Disposition Prioritization Tool

    Application portfolio roadmap

    Action plan for next iterations and ongoing activities

    Further reading

    Build an Application Rationalization Framework

    Manage your application portfolio to minimize risk and maximize value.

    Analyst Perspective

    "You're not rationalizing for the sake of IT, you’re rationalizing your apps to create better outcomes for the business and your customers. Consider what’s in it for delivery, operations, the business, and the customer." – Cole Cioran, Senior Director – Research, Application Delivery and Management

    Our understanding of the problem

    This Research Is Designed For:

    • Application portfolio managers, application portfolio management (APM) teams, or any application leaders who are tasked with making application portfolio decisions.
    • Application leaders looking to align their portfolios to the organization’s strategy.
    • Application leaders who need a process for rationalizing their applications.

    This Research Will Help You:

    • Measure the business value of your applications.
    • Rationalize your portfolio to determine the best disposition for each application.
    • Initiate a roadmap that will showcase the future of your applications.

    This Research Will Also Assist:

    • CIOs and other business leaders who need to understand the applications in their portfolio, the value they contribute to the business, and their strategic direction over a given timeline.
    • Steering committees and/or the PMO that needs to understand the process by which application dispositions are generated.

    This Research Will Help Them:

    • Build their reputation as an IT leader who drives the business forward.
    • Define the organization’s value statement in the context of IT and their applications.
    • Visualize the roadmap to the organization’s target application landscape.

    Executive Summary

    Situation

    • Almost two-thirds of organizations report that they have too many or far too many applications due to sprawl from poorly managed portfolios (Flexera, 2015).
    • Application managers are spending too much time supporting non-critical applications and not enough time on their most vital ones.
    • Application managers need their portfolios to be current and effective and evolve continuously to support the business or risk being marginalized.

    Complication

    • The necessary pieces of rationalization are rarely in one place. You need to assemble the resources to collect vital rationalization criteria.
    • There is a lack of standard practices to define the business value that the applications in a portfolio provide and, without value rationalization, decisions are misaligned to business needs.

    Resolution

    • Define the roles, responsibilities, and outputs for application rationalization within your application portfolio management (APM) and other related practices.
    • Build a tailored application rationalization framework (ARF) aligned with your motivations, goals, and limitations.
    • Apply the various application assessments to produce the information, which your dispositions will be based on, and adapt your ARF based on the experiences of your first iteration.
    • Review, determine, and prioritize your application dispositions to create a portfolio strategy aligned to your goals.
    • Initiate an application portfolio roadmap, which will showcase your rationalization decisions to key stakeholders.

    Info-Tech Insight

    There is no one size fits all.

    Applying a rigid approach with inflexible inputs can delay or prevent you from realizing value. Play to your strengths and build a framework that aligns to your goals and limitations.

    Business value must drive your decisions.

    Of the 11 vendor capabilities asked about by Info-Tech’s SoftwareReviews, “business value created” has the second highest relationship with overall software satisfaction.

    Take an iterative approach.

    Larger approaches take longer and are more likely to fail. Identify the applications that best address your strategic objectives, then: rationalize, learn, repeat.

    Info-Tech recommends a disciplined, step-by-step approach as outlined in our Application Portfolio Strategy Program

    Step 1 "No Knowledge": Define application capabilities and visualize lifecycle stages

    Application Discovery

    1. Build in Application Portfolio Management Principles.
    2. Conduct Application Alignment.
    3. Build Detailed Application Inventory

    Step 2 "No Strategy": Rationalize application portfolio and visualize strategic directions

    Application Rationalization

    1. Set Your Rationalization Framework
    2. Conduct Assessment & Assign Dispositions
    3. Create an Application Portfolio Roadmap

    Step 3 "No Plan": Build a product roadmap and visualize the detailed plan

    Detailed Disposition Planning

    1. Conduct an Impact Assessment
    2. Determine the Details of the Disposition
    3. Create Detailed Product Roadmaps

    This blueprint focuses on step 2 of Info-Tech's Application Portfolio Strategy Program. Our methodology assumes you have completed the following activities, which are outlined in Discover Your Applications.

    • Collected your full application inventory (including Shadow IT)
    • Aligned applications to business capabilities
    • Determined redundant applications
    • Identified appropriate subject matter experts (business and technical) for your applications

    Info-Tech's four-phase methodology

    Phase 1

    Lay Your Foundations

    • Define Motivations, Goals, and Scope
    • Iteration and Engagement Planning

    This phase is intended to establish the fundamentals in launching either a rationalization initiative or ongoing practice.

    Here we define goals, scope, and the involvement of various roles from both IT and the business.

    Phase 2

    Plan Your ARF

    • Establish Rationalization Inputs and Current Gaps

    This phase is intended to review a high-level approach to rationalization and determine which analyses are necessary and their appropriate level of depth.

    Here we produce an initial ARF and discuss any gaps in terms of the availability of necessary data points and additional collection methods that will need to be applied.

    Phase 3

    Test and Adapt Your ARF

    • Perform First Iteration Analysis
    • First Iteration Retrospective and Adaptation

    This phase is intended to put the ARF into action and adapt as necessary to ensure success in your organization.

    If appropriate, here we apply Info-Tech’s ARF and toolset and test it against a set of applications to determine how best to adapt these materials for your needs.

    Phase 4

    Initiate Your Roadmap

    • Prioritize and Roadmap Applications
    • Ongoing Rationalization and Roadmapping

    This phase is intended to capture results of rationalization and solidify your rationalization initiative or ongoing practice.

    Here we aim to inject your dispositions into an application portfolio roadmap and ensure ongoing governance of APM activities.

    There is an inconsistent understanding and ownership of the application portfolio

    What can I discover about my portfolio?

    Application portfolios are misunderstood.

    Portfolios are viewed as only supportive in nature. There is no strategy or process to evaluate application portfolios effectively. As a result, organizations build a roadmap with a lack of understanding of their portfolio.

    72% of organizations do not have an excellent understanding of the application portfolio (Capgemini).

    How can I improve my portfolio?

    Misalignment between Applications and Business Operations

    Applications fail to meet their intended function, resulting in duplication, a waste of resources, and a decrease in ROI. This makes it harder for IT to justify to the business the reasons to complete a roadmap.

    48% of organizations believe that there are more applications than the business requires (Capgemini).

    How can my portfolio help transform the business?

    IT's budget is to keep the lights on.

    The application portfolio is complex and pervasive and requires constant support from IT. This makes it increasingly difficult for IT to adopt or develop new strategies since its immediate goal will always be to fix what already exists. This causes large delays and breaks in the timeline to complete a roadmap.

    68% of IT directors have wasted time and money because they did not have better visibility of application roadmaps (ComputerWeekly).

    Roadmaps can be the solution, but stall when they lack the information needed for good decision making

    An application portfolio roadmap provides a visual representation of your application portfolio, is used to plan out the portfolio’s strategy over a given time frame, and assists management in key decisions. But…

    • You can’t change an app without knowing its backend.
    • You can't rationalize what you don't know.
    • You can’t confirm redundancies without knowing every app.
    • You can’t rationalize without the business perspective.

    A roadmap is meaningless if you haven’t done any analysis to understand the multiple perspectives on your applications.

    Application rationalization ensures roadmaps reflect what the business actually wants and needs

    Application rationalization is the practice of strategically identifying business applications across an organization to determine which applications should be kept, replaced, retired, or consolidated (TechTarget).

    Discover, Improve, and Transform Through Application Rationalization

    Your application rationalization effort increases the maturity of your roadmap efforts by increasing value to the business. Go beyond the discover phase – leverage application rationalization insights to reach the improve and transform phases.

    Strong Apps Are Key to Business Satisfaction

    79% of organizations with high application suite satisfaction believe that IT offers the organization a competitive edge over others in the industry. (Info-Tech Research Group, N=230)

    Info-Tech Insight

    Companies with an effective portfolio are twice as likely to report high-quality applications, four times as likely to report high proficiency in legacy apps management, and six times as likely to report strong business alignment.

    Rationalization comes at a justified cost

    Rationalization can reduce costs and drive innovation

    Projecting the ROI of application rationalization is difficult and dangerous when used as the only marker for success.

    However, rationalization, when done effectively, will help drop operational or maintenance costs of your applications as well as provide many more opportunities to add value to the business.

    A graph with Time on the X-axis and Cost on the Y axis. The graph compares cost before rationalization, where the cost of the existing portfolio is high, with cost after rationalization, where the cost of the existing portfolio is reduced. The graph demonstrates a decrease in overall portfolio spend after rationalization

    Organizations lack a strategic approach to application rationalization, leading to failure

    IT leaders strive to push the business forward but are stuck in a cycle of reaction where they manage short-term needs rather than strategic approaches.

    Why Is This the Case?

    Lack of Relevant Information

    Rationalization fails without appropriately detailed, accurate, and up-to-date information. You need to identify what information is available and assemble the teams to collect and analyze it.

    Failure to Align With Business Objectives

    Rationalization fails when you lack a clear list of strategic and collaborative priorities; priorities need to be both IT and non-IT related to align with the business objectives and provide value.

    IT Leaders Fails to Justify Projects

    Adhering to a rigid rationalization process can be complex and costly. Play to your strengths and build an ARF based on your goals and limitations.

    Info-Tech Insight

    Misaligned portfolio roadmaps are known to lead teams and projects into failure!
    Building an up-to-date portfolio roadmap that aligns business objectives to IT objectives will increase approval and help the business see the long-term value of roadmapping.

    Don’t start in the middle; ensure you have the basics down

    Application portfolio strategy practice maturity stages

    1. Discover Your Applications
    2. Improve
    3. Transform
    A graph with Rigor of APM Practice on the X-axis and Value to the Business on the Y-axis. The content of the graph is split into the 3 maturity stages, Discover, Improve, and Transform. With each step, the Value to the Business and Rigor of APM Practice increase.

    Disambiguate your systems and clarify your scope

    Define the items that make up your portfolio.

    Broad or unclear definitions of “application” can complicate the scope of rationalization. Take the time to define an application and come to a common understanding of the systems which will be the focus of your rationalization effort.

    Bundling systems under common banner or taking a product view of your applications and components can be an effective way to ensure you include your full collection of systems, without having to perform too many individual assessments.

    Scope

    Single... Capability enabled by... Whole...
    Digital Product + Service Digital Platform Platform Portfolio Customer Facing
    Product (one or more apps) Product Family Product Portfolio

    Application Application Architecture Application Portfolio Internal

    A graphic listing the following products: UI, Applications, Middleware, Data, and Infrastructure. A banner reading APIs runs through all products, and UI, Applications, and Middleware are bracketed off as Application

    Info-Tech’s framework can be applied to portfolios of apps, products, and their related capabilities or services.

    However you organize your tech stack, Info-Tech’s application rationalization framework can be applied.

    Understand the multiple lenses of application rationalization and include in your framework

    There are many lenses to view your applications. Rationalize your applications using all perspectives to assess your portfolio and determine the most beneficial course of action.

    Application Alignment - Architect Perspective

    How well does the entire portfolio align to your business capabilities?

    Are there overlaps or redundancies in your application features?

    Covered in Discover Your Applications.

    Business Value - CEO Perspective

    Is the application producing sufficient business value?

    Does it impact profitability, enable capabilities, or add any critical factor that fulfills the mission and vision?

    TCO - CIO Perspective

    What is the overall cost of the application?

    What is the projected cost as your organization grows? What is the cost to maintain the application?

    End User

    How does the end user perceive the application?

    What is the user experience?

    Do the features adequately support the intended functions?

    Is the application important or does it have high utilization?

    Technical Value - App Team Perspective

    What is the state of the backend of the application?

    Has the application maintained sufficient code quality? Is the application reliable? How does it fit into your application architecture?

    Each perspective requires its own analysis and is an area of criteria for rationalization.

    Apply the appropriate amount of rigor for your ARF based on your specific goals and limitations

    Ideally, the richer the data the better the results, but the reality is in-depth analysis is challenging and you’ll need to play to your strengths to be successful.

    Light-Weight Assessment

    App to capability alignment.

    Determine overlaps.

    Subjective 1-10 scale

    Subjective T-shirt size (high, med., low)

    End-user surveys

    Performance temperature check

    Thorough Analysis

    App to process alignment.

    Determine redundancies.

    Apply a value measurement framework.

    Projected TCO with traceability to ALM & financial records.

    Custom build interviews with multiple end users

    Tool and metric-based analysis

    There is no one-size-fits all rationalization. The primary goal of this blueprint is to help you determine the appropriate level of analysis given your motivations and goals for this effort as well as the limitations of resources, timeline, and accessible information.

    Rationalize and build your application portfolio strategy the right way to ensure success

    Big-Bang Approach

    • An attempt to assess the whole portfolio at once.
    • The result is information overload.
    • Information gathered is likely incomplete and/or inaccurate.
    • Tangible benefits are a long time away.

    Covert Approach

    • Information is collected behind the scenes and whenever information sources are available.
    • Assumptions about the business use of applications go unconfirmed.

    Corner-of-the-Desk Approach

    • No one is explicitly dedicated to building a strategy or APM practices.
    • Information is collected whenever the application team has time available.
    • Benefits are pushed out and value is lost.

    Iterative Approach

    • Carried out in phases, concentrating on individual business units or subsets of applications.
    • Priority areas are completed first.
    • The APM practice strengthens through experience.

    Sponsored Mandate Approach

    • The appropriate business stakeholders participate.
    • Rationalization is given project sponsors who champion the practice and communicate the benefits across the organization.

    Dedicated Approach

    • Rationalization and other APM activities are given a budget and formal agenda.
    • Roles and responsibilities are assigned to team members.

    Use Info-Tech’s Application Portfolio Assessment Diagnostic to add the end users’ perspective to your decision making

    Prior to Blueprint: Call 1-888-670-8889 to inquire about or request the Application Portfolio Assessment.

    Info-Tech Best Practice

    The approach in this blueprint has been designed in coordination with Info-Tech’s Application Portfolio Assessment (APA) Diagnostic. While it is not a prerequisite, your project will experience the best results and be completed much quicker by taking advantage of our diagnostic offering prior to initiating the activities in this blueprint.

    Use the program diagnostic to:

    • Assess the importance and satisfaction of enterprise applications.
    • Solicit feedback from your end users on applications being used.
    • Understand the strengths and weaknesses of your current applications.
    • Perform a high-level application rationalization initiative.

    Integrate diagnostic results to:

    • Target which applications to analyze in greater detail.
    • Expand on the initial application rationalization results with a more comprehensive and business-value-focused criteria.

    Use Info-Tech’s Application Rationalization Tool to determine and then visualize your application portfolio strategy

    At the center of this project is an Application Rationalization Tool that is used as a living document of your:

      1. Customizable Application Rationalization Framework

      2. Recommendation Dispositions

      3. Application Portfolio Roadmap (seen below)

    Use the step-by-step advice within this blueprint to rationalize your application portfolio and build a realistic and accurate application roadmap that drives business value.

    Central to our approach to application rationalization are industry-leading frameworks

    Info-Tech uses the APQC and COBIT5 frameworks for certain areas of this research. Contextualizing application rationalization within these frameworks clarifies its importance and role and ensures that our assessment tool is focused on key priority areas. The APQC and COBIT5 frameworks are used as a starting point for assessing application effectiveness within specific business capabilities of the different components of application rationalization.

    APQC is one of the world's leading proponents of business benchmarking, best practices, and knowledge management research.

    COBIT 5 is the leading framework for the governance and management of enterprise IT.

    In addition to industry-leading frameworks, our best-practice approach is enhanced by the insights and guidance from our analysts, industry experts, and our clients.

    Our peer network of over 33,000 happy clients proves the effectiveness of our research.

    Our team conducts 1,000+ hours of primary and secondary research to ensure that our approach is enhanced by best practices.

    A public utility organization is using Info-Tech’s approach for rationalization of its applications for reduced complexity

    Case Study

    Industry: Public Sector

    Source: Info-Tech Research Group

    Challenge

    • The public utility has a complex application portfolio, with a large number of applications custom-built that provide limited functionality to certain business groups.
    • The organization needed to move away from custom point solutions and adopt more hosted solutions to cater to larger audiences across business domains.
    • The organization required a comprehensive solution for the following:
      • Understanding how applications are being used by business users.
      • Unraveling the complexity of its application landscape using a formal rationalization process.

    Solution

    • The organization went through a rationalization process with Info-Tech in a four-day onsite engagement to determine the following:
      • Satisfaction level and quality evaluation of end users’ perception of application functionality.
      • Confirmation on what needs to be done with each application under assessment.
      • The level of impact the necessary changes required for a particular application would have on the greater app ecosystem.
      • Prioritization methodology for application roadmap implementation.

    Results

    • Info-Tech’s Application Portfolio Assessment Diagnostic report helped the public utility understand what applications users valued and found difficult to use.
    • The rationalization process gave insight into situations where functionality was duplicated across multiple applications and could be consolidated within one application.
    • The organization determined that its application portfolio was highly complex, and Info-Tech provided a good framework for more in-depth analysis.
    • The organization now has a rationalization process that it can take to other business domains.

    Prepare Your Application for PaaS

    • Buy Link or Shortcode: {j2store}181|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • The application may have been written a long time ago, and have source code, knowledge base, or design principles misplaced or lacking, which makes it difficult to understand the design and build.
    • The development team does not have a standardized practice for assessing cloud benefits and architecture, design principles for redesigning an application, or performing capacity for planning activities.

    Our Advice

    Critical Insight

    • An infrastructure-driven cloud strategy overlooks application specific complexities. Ensure that an application portfolio strategy is a precursor to determining the business value gained from an application perspective, not just an infrastructure perspective.
    • Business value assessment must be the core of your decision to migrate and justify the development effort.
    • Right-size your application to predict future usage and minimize unplanned expenses. This ensures that you are truly benefiting from the tier costing model that vendors offer.

    Impact and Result

    • Identify and evaluate what cloud benefits your application can leverage and the business value generated as a result of migrating your application to the cloud.
    • Use Info-Tech’s approach to building a robust application that can leverage scalability, availability, and performance benefits while maintaining the functions and features that the application currently supports for the business.
    • Standardize and strengthen your performance testing practices and capacity planning activities to build a strong current state assessment.
    • Use Info-Tech’s elaboration of the 12-factor app to build a clear and robust cloud profile and target state for your application.
    • Leverage Info-Tech’s cloud requirements model to assess the impact of cloud on different requirements patterns.

    Prepare Your Application for PaaS Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a right-sized, design-driven approach to moving your application to a PaaS platform, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create your cloud application profile

    Bring the business into the room, align your objectives for choosing certain cloud capabilities, and characterize your ideal PaaS environment as a result of your understanding of what the business is trying to achieve. Understand how to right-size your application in the cloud to maintain or improve its performance.

    • Prepare Your Application for PaaS – Phase 1: Create Your Cloud Application Profile
    • Cloud Profile Tool

    2. Evaluate design changes for your application

    Assess the application against Info-Tech’s design scorecard to evaluate the right design approach to migrating the application to PaaS. Pick the appropriate cloud path and begin the first step to migrating your app – gathering your requirements.

    • Prepare Your Application for PaaS – Phase 2: Evaluate Design Changes for Your Application
    • Cloud Design Scorecard Tool
    [infographic]

    2020 Applications Priorities Report

    • Buy Link or Shortcode: {j2store}159|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Optimization
    • Parent Category Link: /optimization
    • Although IT may have time to look at trends, it does not have the capacity to analyze the trends and turn them into initiatives.
    • IT does not have time to parse trends for initiatives that are relevant to them.
    • The business complains that if IT does not pursue trends the organization will get left behind by cutting-edge competitors. At the same time, when IT pursues trends, the business feels that IT is unable to deal with the basic issues.

    Our Advice

    Critical Insight

    • Take advantage of a trend by first understanding why it is happening and how it is actionable. Build momentum now. Breaking a trend into bite-sized initiatives and building them into your IT foundations enables the organization to maintain pace with competitors and make the technological leap.
    • The concepts of shadow IT and governance are critical. As it becomes easier for the business to purchase its own applications, it will be essential for IT to embrace this form of user empowerment. With a diminished focus on vendor selection, IT will drive the most value by directing its energy toward data and integration governance.

    Impact and Result

    • Determine how to explore, adopt, and optimize the technology and practice initiatives in this report by understanding which core objective(s) each initiative serves:
      • Optimize the effectiveness of the IT organization.
      • Boost the productivity of the enterprise.
      • Enable business growth through technology.

    2020 Applications Priorities Report Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief for a summary of the priorities and themes that an IT organization should focus on this year.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Read the 2020 Applications Priorities Report

    Use Info-Tech's 2020 Applications Priorities Report to learn about the five initiatives that IT should prioritize for the coming year.

    • 2020 Applications Priorities Report Storyboard
    [infographic]

    Build IT Capabilities to Enable Digital Marketing Success

    • Buy Link or Shortcode: {j2store}553|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Misalignment: Even if IT builds the capabilities to pursue digital channels, the channels will underperform in realizing organizational goals if the channels and the goals are misaligned.
    • Ineffective analytics: Failure to integrate and analyze new data will undermine organizational success in influencer and sentiment identification.
    • Missed opportunity: If IT does not develop the capabilities to support these channels, then lead generation, brand promotion, and engagement opportunities will be lost.
    • Lack of control: Marketing is developing and depending on internal power users and agencies. This practice can isolate IT from digital marketing technology decision making.

    Our Advice

    Critical Insight

    • Identify and understand the digital marketing channels that can benefit your organization.
    • Get stakeholder buy-in to facilitate collaboration between IT and product marketing groups to identify necessary IT capabilities.
    • Build IT capability by purchasing software, outsourcing, and training or hiring individuals with necessary skillsets.
    • Become transformational: use IT capabilities to support analytics that identify new customer segments, key influencers, and other invaluable insights.
    • Time is of the essence! It is easier to begin strengthening the relationship between marketing and IT today then it will be at any point in the future.
    • Being transformational means more than just enabling the channels marketing wants to pursue; IT must assist in identifying new segments and digital marketing opportunities, such as enabling influencer management.

    Impact and Result

    • IT is involved in decision making and has a complete understanding of the digital channels the organization is going to migrate to or phase out if unused.
    • IT has the necessary capabilities to support and enable success in all relevant digital channel management technologies.
    • IT is a key player in ensuring that all relevant data from new digital channels is managed and analyzed in order to maintain a 360 degree view of customers and feed real-time campaigns.
    • This enables the organization to not only target existing segments effectively, but also to identify and pursue new opportunities not presented before.
    • These opportunities include: identifying new segments among social networks, identifying key influencers as a new target, identifying proactive service and marketing opportunities from the public social cloud, and conducting new competitive analyses on the public social cloud.

    Build IT Capabilities to Enable Digital Marketing Success Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the case for building IT capabilities

    Identify the symptoms of inadequate IT support of digital marketing to diagnose the problems in your organization.

    • Storyboard: Build IT Capabilities to Enable Digital Marketing Success

    2. Identify digital marketing opportunities to understand the need for action in your organization

    Identify the untapped digital marketing value in your organization to understand where your organization needs to improve.

    • Digital Marketing Capability Builder Tool

    3. Mobilize for action: get stakeholder buy-in

    Develop a plan for communicating with stakeholders to ensure buy-in to the digital marketing capability building project.

    • Digital Marketing Communication Deck

    4. Identify the product/segment-specific digital marketing landscape to identify required IT capabilities

    Assess how well each digital channel reaches target segments. Identify the capabilities that must be built to enable digital channels.

    5. Create a roadmap for building capabilities to enable digital marketing

    Assess the people, processes, and technologies required to build required capabilities and determine the best fit with your organization.

    [infographic]

    Workshop: Build IT Capabilities to Enable Digital Marketing Success

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Digital Marketing Opportunities

    The Purpose

    Determine the fit of each digital channel with your organizational goals.

    Determine the fit of digital channels with your organizational structure and business model.

    Compare the fit of digital channels with your organization’s current levels of use to:Identify missed opportunities your organization should capitalize on.Identify digital channels that your organization is wasting resources on.

    Identify missed opportunities your organization should capitalize on.

    Identify digital channels that your organization is wasting resources on.

    Key Benefits Achieved

    IT department achieves consensus around which opportunities need to be pursued.

    Understanding that continuing to pursue excellent-fit digital channels that your organization is currently active on is a priority.

    Identification of the channels that stopping activity on could free up resources for.

    Activities

    1.1 Define and prioritize organizational goals.

    1.2 Assess digital channel fit with goals and organizational characteristics.

    1.3 Identify missed opportunities and wasted resources in your digital channel mix.

    1.4 Brainstorm creative ways to pursue untapped digital channels.

    Outputs

    Prioritized list of organizational goals.

    Assigned level of fit to digital channels.

    List of digital channels that represent missed opportunities or wasted resources.

    List of brainstormed ideas for pursuing digital channels.

    2 Identify Your Product-Specific Digital Marketing Landscape

    The Purpose

    Identify the digital channels that will be used for specific products and segments.

    Identify the IT capabilities that must be built to enable digital channels.

    Prioritize the list of IT capabilities.

    Key Benefits Achieved

    IT and marketing achieve consensus around which digital channels will be pursued for specific product-segment pairings.

    Identification of the capabilities that IT must build.

    Activities

    2.1 Assess digital channel fit with specific products.

    2.2 Identify the digital usage patterns of target segments.

    2.3 Decide precisely which digital channels you will use to sell specific products to specific segments.

    2.4 Identify and prioritize the IT capabilities that need to be built to succeed on each digital channel.

    Outputs

    Documented channel fit with products.

    Documented channel usage by target segments.

    Listed digital channels that will be used for each product-segment pairing.

    Listed and prioritized capabilities that must be built to enable success on necessary digital channels.

    3 Enable Digital Marketing Capabilities and Leverage Analytics

    The Purpose

    Identification of the best possible way to build IT capabilities for all channels.

    Creation of a plan for leveraging transformational analytics to supercharge your digital marketing strategy.

    Key Benefits Achieved

    IT understanding of the costs and benefits of capability building options (people, process, and technology).

    Information about how specific technology vendors could fit with your organization.

    IT identification of opportunities to leverage transformational analytics in your organization.

    Activities

    3.1 Identify the gaps in your IT capabilities.

    3.2 Evaluate options for building capabilities.

    3.3 Identify opportunities for transformational analytics.

    Outputs

    A list of IT capability gaps.

    An action plan for capability building.

    A plan for leveraging transformational analytics.

    Microsoft Dynamics 365: Understand the Transition to the Cloud

    • Buy Link or Shortcode: {j2store}350|cart{/j2store}
    • member rating overall impact (scale of 10): 8.7/10 Overall Impact
    • member rating average dollars saved: $94,858 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Your on-premises Dynamics CRM or AX needs updating or replacing, and you’re not sure whether to upgrade or transition to the cloud with the new Microsoft Dynamics 365 platform. You’re also uncertain about what the cost might be or if there are savings to be had with a transition to the cloud for your enterprise resource planning system.
    • The new license model, Apps vs. Plans and Dual Use Rights in the cloud, includes confusing terminology and licensing rules that don’t seem to make sense. This makes it difficult to purchase proper licensing that aligns with your current on-premises setup and to maximize your choices in transition licenses.
    • There are different licensing programs for Dynamics 365 in the cloud. You need to decide on the most cost effective program for your company, for now and for the future.
    • Microsoft is constantly pressuring you to move to the cloud, but you don’t understand the why. You're uncertain if there's real value in such a strategic move right now, or if should you wait awhile.

    Our Advice

    Critical Insight

    • Focus on what’s best for you. Do a thorough current state assessment of your hardware and software needs and consider what will be required in the near future (one to four years).
    • Educate yourself. You should have a good understanding of your options from staying on-premises vs. an interim hybrid model vs. a lift and shift to the cloud.
    • Consider the overall picture. There might not be hard cost savings to be realized in the near term, given the potential increase in licensing costs over a CapEx to OpEx savings.

    Impact and Result

    • Understanding the best time to transition, from a licensing perspective, could save you significant dollars over the next one to four years.
    • Planning and effectively mapping your current licenses to the new cloud user model will maximize your current investment into the cloud and fully leverage all available Microsoft incentives in the process.
    • Gaining the knowledge required to make the most informed transition decision, based on best timing, most appropriate licensing program, and maximized cost savings in the near term.
    • Engaging effectively with Microsoft and a competent Dynamics partner for deployment or licensing needs.

    Microsoft Dynamics 365: Understand the Transition to the Cloud Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should learn about Microsoft Dynamics 365 user-based cloud licensing, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Timing

    Review to confirm if you are eligible for Microsoft cloud transition discounts and what is your best time to move to the cloud.

    • Microsoft Dynamics 365: Understand the Transition to the Cloud – Phase 1: Timing
    • Microsoft License Agreement Summary Tool
    • Existing CRM-AX License Summary Worksheet

    2. Licensing

    Begin with a review to understand user-based cloud licensing, then move to mapping your existing licenses to the cloud users and plans.

    • Microsoft Dynamics 365: Understand the Transition to the Cloud – Phase 2: Licensing
    • Microsoft Dynamics 365 On-Premises License Transition Mapping Tool
    • Microsoft Dynamics 365 User License Assignment Tool
    • Microsoft Licensing Programs Brief Overview

    3. Cost review

    Use your cloud mapping activity as well your eligible discounts to estimate your cloud transition licensing costs.

    • Microsoft Dynamics 365: Understand the Transition to the Cloud – Phase 3: Cost Review
    • Microsoft Dynamics 365 Cost Estimator

    4. Analyze and decide

    Start by summarizing your choice license program, decide on the ideal time, then move on to total cost review.

    • Microsoft Dynamics 365: Understand the Transition to the Cloud – Phase 4: Analyze and Decide
    [infographic]

    Workshop: Microsoft Dynamics 365: Understand the Transition to the Cloud

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand What You Own and What You Can Transition to the Cloud

    The Purpose

    Understand what you own and what you can transition to the cloud.

    Learn which new cloud user licenses to transition.

    Key Benefits Achieved

    All your licenses in one summary.

    Eligible transition discounts.

    Mapping of on-premises to cloud users.

    Activities

    1.1 Validate your discount availability.

    1.2 Summarize agreements.

    1.3 Itemize your current license ownership.

    1.4 Review your timing options.

    1.5 Map your on-premises licenses to the cloud-based, user-based model.

    Outputs

    Current agreement summary

    On-premises to cloud user mapping summary

    Understanding of cloud app and plan features

    2 Transition License Cost Estimate and Additional Costs

    The Purpose

    Estimate cloud license costs and other associated expenses.

    Summarize and decide on the best timing, users, and program.

    Key Benefits Achieved

    Good cost estimate of equivalent cloud user-based licenses.

    Understanding of when and how to move your on-premises licensing to the new Dynamics 365 cloud model.

    Activities

    2.1 Estimate cloud user license costs.

    2.2 Calculate additional costs related to license transitions.

    2.3 Review all activities.

    2.4 Summarize and analyze your decision.

    Outputs

    Cloud user licensing cost modeling

    Summary of total costs

    Validation of costs and transition choices

    An informed decision on your Dyn365 timing, licensing, and costs

    Fast Track Your GDPR Compliance Efforts

    • Buy Link or Shortcode: {j2store}372|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $25,779 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Organizations often tackle compliance efforts in an ad hoc manner, resulting in an ineffective use of resources.
    • The alignment of business objectives, information security, and data privacy is new for many organizations, and it can seem overwhelming.
    • GDPR is an EU regulation that has global implications; it likely applies to your organization more than you think.

    Our Advice

    Critical Insight

    • Financial impact isn’t simply fines. A data controller fined for GDPR non-compliance may sue its data processor for damage.
    • Even day-to-day activities may be considered processing. Screen-sharing from a remote location is considered processing if the data shown onscreen contains personal data!
    • This is not simply an IT problem. Organizations that address GDPR in a siloed approach will not be as successful as organizations that take a cross-functional approach.

    Impact and Result

    • Follow a robust methodology that applies to any organization and aligns operational and situational GDPR scope. Info-Tech's framework allows organizations to tackle GDPR compliance in a right-sized, methodical approach.
    • Adhere to a core, complex GDPR requirement through the use of our documentation templates.
    • Understand how the risk of non-compliance is aligned to both your organization’s functions and data scope.
    • This blueprint will guide you through projects and steps that will result in quick wins for near-term compliance.

    Fast Track Your GDPR Compliance Efforts Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should fast track your GDPR compliance efforts, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand your compliance requirements

    Understand the breadth of the regulation’s requirements and document roles and responsibilities.

    • Fast Track Your GDPR Compliance Efforts – Phase 1: Understand Your Compliance Requirements
    • GDPR RACI Chart

    2. Define your GDPR scope

    Define your GDPR scope and prioritize initiatives based on risk.

    • Fast Track Your GDPR Compliance Efforts – Phase 2: Define Your GDPR Scope
    • GDPR Initiative Prioritization Tool

    3. Satisfy documentation requirements

    Understand the requirements for a record of processing and determine who will own it.

    • Fast Track Your GDPR Compliance Efforts – Phase 3: Satisfy Documentation Requirements
    • Record of Processing Template
    • Legitimate Interest Assessment Template
    • Data Protection Impact Assessment Tool
    • A Guide to Data Subject Access Requests

    4. Align your data breach requirements and security program

    Document your DPO decision and align security strategy to data privacy.

    • Fast Track Your GDPR Compliance Efforts – Phase 4: Align Your Data Breach Requirements & Security Program

    5. Prioritize your GDPR initiatives

    Prioritize any initiatives driven out of Phases 1-4 and begin developing policies that help in the documentation effort.

    • Fast Track Your GDPR Compliance Efforts – Phase 5: Prioritize Your GDPR Initiatives
    • Data Protection Policy
    [infographic]

    Workshop: Fast Track Your GDPR Compliance Efforts

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Your Compliance Requirements

    The Purpose

    Kick-off the workshop; understand and define GDPR as it exists in your organizational context.

    Key Benefits Achieved

    Prioritize your business units based on GDPR risk.

    Assign roles and responsibilities.

    Activities

    1.1 Kick-off and introductions.

    1.2 High-level overview of weekly activities and outcomes.

    1.3 Identify and define GDPR initiative within your organization’s context.

    1.4 Determine what actions have been done to prepare; how have regulations been handled in the past?

    1.5 Identify key business units for GDPR committee.

    1.6 Document business units and functions that are within scope.

    1.7 Prioritize business units based on GDPR.

    1.8 Formalize stakeholder support.

    Outputs

    Prioritized business units based on GDPR risk

    GDPR Compliance RACI Chart

    2 Define Your GDPR Scope

    The Purpose

    Know the rationale behind a record of processing.

    Key Benefits Achieved

    Determine who will own the record of processing.

    Activities

    2.1 Understand the necessity for a record of processing.

    2.2 Determine for each prioritized business unit: are you a controller or processor?

    2.3 Develop a record of processing for most-critical business units.

    2.4 Perform legitimate interest assessments.

    2.5 Document an iterative process for creating a record of processing.

    Outputs

    Initial record of processing: 1-2 activities

    Initial legitimate interest assessment: 1-2 activities

    Determination of who will own the record of processing

    3 Satisfy Documentation Requirements and Align With Your Data Breach Requirements and Security Program

    The Purpose

    Review existing security controls and highlight potential requirements.

    Key Benefits Achieved

    Ensure the initiatives you’ll be working on align with existing controls and future goals.

    Activities

    3.1 Determine the appetite to align the GDPR project to data classification and data discovery.

    3.2 Discuss the benefits of data discovery and classification.

    3.3 Review existing incident response plans and highlight gaps.

    3.4 Review existing security controls and highlight potential requirements.

    3.5 Review all initiatives highlighted during days 1-3.

    Outputs

    Highlighted gaps in current incident response and security program controls

    Documented all future initiatives

    4 Prioritize GDPR Initiatives

    The Purpose

    Review project plan and initiatives and prioritize.

    Key Benefits Achieved

    Finalize outputs of the workshop, with a strong understanding of next steps.

    Activities

    4.1 Analyze the necessity for a data protection officer and document decision.

    4.2 Review project plan and initiatives.

    4.3 Prioritize all current initiatives based on regulatory compliance, cost, and ease to implement.

    4.4 Develop a data protection policy.

    4.5 Finalize key deliverables created during the workshop.

    4.6 Present the GDPR project to key stakeholders.

    4.7 Workshop executive presentation and debrief.

    Outputs

    GDPR framework and prioritized initiatives

    Data Protection Policy

    List of key tools

    Communication plans

    Workshop summary documentation

    Build a Strategic IT Workforce Plan

    • Buy Link or Shortcode: {j2store}390|cart{/j2store}
    • member rating overall impact (scale of 10): 9.6/10 Overall Impact
    • member rating average dollars saved: $180,171 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Organizational Design
    • Parent Category Link: /organizational-design
    • Talent has become a competitive differentiator. To 46% of business leaders, workforce planning is a top priority – yet only 13% do it effectively.
    • CIOs aren’t sure what they need to give the organization a competitive edge or how current staffing line-ups fall short.

    Our Advice

    Critical Insight

    • A well defined strategic workforce plan (SWP) isn’t just a nice-to-have, it’s a must-have.
    • Integrate as much data as possible into your workforce plan to best prepare you for the future. Without knowledge of your future initiatives, you are filling hypothetical holes.
    • To be successful, you need to understand your strategic initiatives, workforce landscape, and external and internal trends.

    Impact and Result

    The workforce planning process does not need to be onerous, especially with help from Info-Tech’s solid planning tools. With the right people involved and enough time invested, developing an SWP will be easier than first thought and time well spent. Leverage Info-Tech’s client-tested 5-step process to build a strategic workforce plan:

    1. Build a project charter
    2. Assess workforce competency needs
    3. Identify impact of internal and external trends
    4. Identify the impact of strategic initiatives on roles
    5. Build and monitor the workforce plan

    Build a Strategic IT Workforce Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a strategic workforce plan for IT, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Initiate the project

    Assess the value of a strategic workforce plan and the IT department’s fit for developing one, and then structure the workforce planning project.

    • Build a Strategic Workforce Plan – Phase 1: Initiate the Project
    • IT Strategic Workforce Planning Project Charter Template
    • IT Strategic Workforce Planning Project Plan Template

    2. Analyze workforce needs

    Gather and analyze workforce needs based on an understanding of the relevant internal and external trends, and then produce a prioritized plan of action.

    • Build a Strategic Workforce Plan – Phase 2: Analyze Workforce Needs
    • Workforce Planning Workbook

    3. Build the workforce plan

    Evaluate workforce priorities, plan specific projects to address them, and formalize and integrate strategic workforce planning into regular planning processes.

    • Build a Strategic Workforce Plan – Phase 3: Build and Monitor the SWP
    [infographic]

    Workshop: Build a Strategic IT Workforce Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Project Goals, Metrics, and Current State

    The Purpose

    Develop a shared understanding of the challenges your organization is facing with regards to talent and workforce planning.

    Key Benefits Achieved

    An informed understanding of whether or not you need to develop a strategic workforce plan for IT.

    Activities

    1.1 Identify goals, metrics, and opportunities

    1.2 Segment current roles

    1.3 Identify organizational culture

    1.4 Assign job competencies

    1.5 Assess current talent

    Outputs

    Identified goals, metrics, and opportunities

    Documented organizational culture

    Aligned competencies to roles

    Identified current talent competency levels

    2 Assess Workforce and Analyze Trends

    The Purpose

    Perform an in-depth analysis of how internal and external trends are impacting the workforce.

    Key Benefits Achieved

    An enhanced understanding of the current talent occupying the workforce.

    Activities

    2.1 Assess environmental trends

    2.2 Identify impact on workforce requirements

    2.3 Identify how trends are impacting critical roles

    2.4 Explore viable options

    Outputs

    Complete internal trends analysis

    Complete external trends analysis

    Identified internal and external trends on specific IT roles

    3 Perform Gap Analysis

    The Purpose

    Identify the changing competencies and workforce needs of the future IT organization, including shortages and surpluses.

    Key Benefits Achieved

    Determined impact of strategic initiatives on workforce needs.

    Identification of roles required in the future organization, including surpluses and shortages.

    Identified projects to fill workforce gaps.

    Activities

    3.1 Identify strategic initiatives

    3.2 Identify impact of strategic initiatives on roles

    3.3 Determine workforce estimates

    3.4 Determine projects to address gaps

    Outputs

    Identified workforce estimates for the future

    List of potential projects to address workforce gaps

    4 Prioritize and Plan

    The Purpose

    Prepare an action plan to address the critical gaps identified.

    Key Benefits Achieved

    A prioritized plan of action that will fill gaps and secure better workforce outcomes for the organization.

    Activities

    4.1 Determine and prioritize action items

    4.2 Determine a schedule for review of initiatives

    4.3 Integrate workforce planning into regular planning processes

    Outputs

    Prioritized list of projects

    Completed workforce plan

    Identified opportunities for integration

    Optimize the IT Operations Center

    • Buy Link or Shortcode: {j2store}449|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Your team’s time is burned up by incident response.
    • Manual repetitive work uses up expensive resources.
    • You don’t have the visibility to ensure the availability the business demands.

    Our Advice

    Critical Insight

    • Sell the project to the business.
    • Leverage the Operations Center to improve IT Operations.

    Impact and Result

    • Clarify lines of accountability and metrics for success.
    • Implement targeted initiatives and track key metrics for continual improvement.

    Optimize the IT Operations Center Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should Optimize the IT Operations Center, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Lightning Phase: Pluck Low-Hanging Fruit for Quick Wins

    Get quick wins to demonstrate early value for investments in IT Operations.

    • Optimize the IT Operations Center – Lightning Phase: Pluck Low-Hanging Fruit for Quick Wins

    2. Get buy-in

    Get buy-in from business stakeholders by speaking their language.

    • Optimize the IT Operations Center – Phase 1: Get Buy-In
    • IT Operations Center Prerequisites Assessment Tool
    • IT Operations Center Stakeholder Buy-In Presentation
    • IT Operations Center Continual Improvement Tracker

    3. Define accountability and metrics

    Formalize process and task accountability and develop targeted metrics.

    • Optimize the IT Operations Center – Phase 2: Define Accountability and Metrics
    • IT Operations Center RACI Charts Template

    4. Assess gaps and prioritize initiatives

    Identify pain points and determine the top solutions.

    • Optimize the IT Operations Center – Phase 3: Assess Gaps and Prioritize Initiatives
    • IT Operations Center Gap and Initiative Tracker
    • IT Operations Center Initiative Prioritization Tool

    5. Launch initiatives and track metrics

    Lay the foundation for implementation and continual improvement.

    • Optimize the IT Operations Center – Phase 4: Launch Initiatives and Track Metrics
    [infographic]

    Workshop: Optimize the IT Operations Center

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Check Foundation

    The Purpose

    Ensure base maturity in IT Operations processes.

    Key Benefits Achieved

    Verify that foundation is in place to proceed with Operations Center project.

    Activities

    1.1 Evaluate base maturity.

    Outputs

    IT Operations Center Prerequisites Assessment Tool

    2 Define Accountabilities

    The Purpose

    Define accountabilities for Operations processes and tasks.

    Key Benefits Achieved

    Documented accountabilities.

    Activities

    2.1 Pluck low-hanging fruit for quick wins.

    2.2 Complete process RACI.

    2.3 Complete task RACI.

    Outputs

    Project plan

    Process RACI

    Task RACI

    3 Map the Challenge

    The Purpose

    Define metrics and identify accountabilities and gaps.

    Key Benefits Achieved

    List of initiatives to address pain points.

    Activities

    3.1 Define metrics.

    3.2 Define accountabilities.

    3.3 Identify gaps.

    Outputs

    IT Operations Center Gap and Initiative Tracker

    4 Build Action Plan

    The Purpose

    Develop an action plan to boost KPIs.

    Key Benefits Achieved

    Action plan and success criteria.

    Activities

    4.1 Prioritize initiatives.

    Outputs

    IT Operations Center Initiative Prioritization Tool

    5 Map Out Implementation

    The Purpose

    Build an implementation plan for continual improvement.

    Key Benefits Achieved

    Continual improvement against identified metrics and KPIs.

    Activities

    5.1 Build implementation plan.

    Outputs

    IT Operations Center Continual Improvement Tracker

    Further reading

    Optimize the IT Operations Center

    Stop burning budget on non-value-adding activities.

    ANALYST PERSPECTIVE

    The Network Operations Center is not in Kansas anymore.

    "The old-school Network Operations Center of the telecom world was heavily peopled and reactionary. Now, the IT Operations Center is about more than network monitoring. An effective Operations Center provides visibility across the entire stack, generates actionable alerts, resolves a host of different incidents, and drives continual improvement in the delivery of high-quality services.
    IT’s traditional siloed approach cannot provide the value the business demands. The modern Operations Center breaks down these silos for the end-to-end view required for a service-focused approach."

    Derek Shank,
    Research Analyst, Infrastructure & Operations
    Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • IT Operations Managers
    • IT Infrastructure Managers
    • CIOs

    This Research Will Help You:

    • Improve reliability of services.
    • Reduce the cost of incident response.
    • Reduce the cost of manual repetitive work (MRW).

    This Research Will Also Assist

    • Business Analysts
    • Project Managers
    • Business Relationship Managers

    This Research Will Help Them

    • Develop appropriate non-functional requirements.
    • Integrate non-functional requirements into solution design and project implementation.

    Executive Summary

    Situation

    • Your team’s time is burned up by incident response.
    • MRW burns up expensive resources.
    • You don’t have the visibility to ensure the availability the business demands.

    Complication

    • The increasing complexity of technology has resulted in siloed teams of specialists.
    • The business views IT Operations as a cost center and doesn’t want to provide resources to support improvement initiatives.

    Resolution

    • Pluck low-hanging fruit for quick wins.
    • Obtain buy-in from business stakeholders by speaking their language.
    • Clarify lines of accountability and metrics for success.
    • Implement targeted initiatives and track key metrics for continual improvement.

    Info-Tech Insight

    1. Sell the project to the business. Your first job is a sales job because executive sponsorship is key to project success.
    2. Worship the holy trinity of metrics: impact of downtime, cost of incident response, and time spent on manual repetitive work (MRW).
    3. Invest in order to profit. Improving the Operations Center takes time and money. Expect short-term pain to realize long-term gain.

    The role of the Network Operations Center has changed

    • The old approach was technology siloed and the Network Operations Center (NOC) only cared about the network.
    • The modern Operations Center is about ensuring high availability of end-user services, and requires cross-functional expertise and visibility across all the layers of the technology stack.
    A pie chart is depicted. The data displayed on the chart, in decreasing order of size, include: Applications; Servers; LAN; WAN; Security; Storage. Source: Metzler, n.d.

    Most organizations lack adequate visibility

    • The rise of hybrid cloud has made environments more complex, not less.
    • The increasing complexity makes monitoring and incident response more difficult than ever.
    • Only 31% of organizations use advanced monitoring beyond what is offered by cloud providers.
    • 69% perform no monitoring, basic monitoring, or rely entirely on the cloud provider’s monitoring tools.
    A Pie chart is depicted. Two data are represented on the chart. The first, representing 69% of the chart, is: Using no monitoring, basic monitoring, or relying only on the cloud vendor's monitoring. the second, representing 31% of the chart, is Using advanced monitoring beyond what cloud vendors provide. Source: InterOp ITX, 2018

    Siloed service level agreements cannot ensure availability

    You can meet high service level agreements (SLAs) for functional silos, but still miss the mark for service availability. The business just wants things to work!

    this image contains Info-Tech's SLA-compliance rating chart, which displays the categories: Available, behaving as expected; Slow/degraded; and Unavailable, for each of: Webserver; Database; Storage; Network; Application; and, Business Service

    The cost of downtime is massive

    Increasing reliance on IT makes downtime hurt more than ever.
    98% of enterprises lose $100,000+.
    81% of enterprises lose $300,000+ per hour of downtime.

    This is a bar graph, showing the cost per hour of downtime, against the percentage of enterprises.

    Source: ITIC, 2016

    IT is asked to do more with less

    Most IT budgets are staying flat or shrinking.

    57% of IT departments expect their budget to stay flat or to shrink from 2018 to 2019.

    This image contains a pie chart with two data, one is labeled: Increase; representing 43% of the chart. The other datum is labeled: Shrink or stay flat, and represents 57% of the chart.

    Unify and streamline IT Operations

    A well-run Operations Center ensures high availability at reasonable cost. Improving your Operations Center results in:

    • Higher availability
    • Increased reliability
    • Improved project capacity
    • Higher business satisfaction

    Measure success with the holy trinity of metrics

    Focus on reducing downtime, cost of incident response, and MRW.

    This image contains a Funnel Chart showing the inputs: Downtime; Cost of Incident Response; MRW; and the output: Reduce for continual improvement

    Start from the top and employ a targeted approach

    Analyze data to get buy-in from stakeholders, and use our tools and templates to follow the process for continual improvement in IT Operations.

    This image depicts a cycle, which includes: Data analysis; Executive Sponsorship; Success Criteria; Gap Assessment; Initiatives; Tracking & Measurement

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Optimize the IT Operations Center – project overview

    Launch the Project

    Identify Enterprise Services

    Identify Line of Business Services

    Complete Service Definitions

    Best-Practice Toolkit

    🗲 Pluck Low-Hanging Fruit for Quick Wins

    1.1 Ensure Base Maturity Is in Place

    1.2 Make the Case

    2.1 Define Accountabilities

    2.2 Define Metrics

    3.1 Assess Gaps

    3.2 Plan Initiatives

    4.1 Lay Foundation

    4.2 Launch and Measure

    Guided Implementations

    Discuss current state.

    Review stakeholder presentation.

    Review RACIs.

    Review metrics.

    Discuss gaps.

    Discuss initiatives.

    Review plan and metric schedule.

    Onsite Workshop Module 1:

    Clear understanding of project objectives and support obtained from the business.

    Module 2:

    Enterprise services defined and categorized.

    Module 3:

    LOB services defined based on user perspective.

    Module 4:

    Service record designed according to how IT wishes to communicate to the business.

    Phase 1 Results:

    Stakeholder presentation

    Phase 2 Results:
    • RACIs
    • Metrics
    Phase 3 Results:
    • Gaps list
    • Prioritized list of initiatives
    Phase 4 Results:
    • Implementation plan
    • Continual improvement tracker

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Pre-Workshop Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Activities

    Check Foundation

    Define Accountabilities

    Map the Challenge

    Build Action Plan

    Map Out Implementation

    1.1 Ensure base maturity.

    🗲 Pluck low-hanging fruit for quick wins.

    2.1 Complete process RACI.

    2.2 Complete task RACI.

    3.1 Define metrics.

    3.2 Define accountabilities.

    3.2 Identify gaps.

    4.1 Prioritize initiatives.

    5.1 Build implementation plan.

    Deliverables
    1. IT Operations Center Prerequisites Assessment Tool
    1. IT Operations Center RACI Charts Template
    1. IT Operations Center Gap and Initiative Tracker
    1. IT Operations Center Initiative Prioritization Tool
    1. IT Operations Center Continual Improvement Tracker

    PHASE 🗲

    Pluck Low-Hanging Fruit for Quick Wins

    Optimize the IT Operations Center

    Conduct a ticket-trend analysis

    Generate reports on tickets from your IT service management (ITSM) tool. Look for areas that consume the most resources, such as:

    • Recurring tickets.
    • Tickets that have taken a long time to resolve.
    • Tickets that could have been resolved at a lower tier.
    • Tickets that were unnecessarily or improperly escalated.

    Identify issues

    Analyze the tickets:

    • Look for recurring tickets that may indicate underlying problems.
    • Ask tier 2 and 3 technicians to flag tickets that could have been resolved at a lower tier.
    • Identify painful and/or time consuming service requests.
    • Flag any manual repetitive work.

    Write the issues on a whiteboard.

    Oil & Gas IT reduces manual repetitive maintenance work

    CASE STUDY
    Industry Oil & Gas
    Source Interview

    Challenge

    The company used a webserver to collect data from field stations for analytics. The server’s version did not clear its cache – it filled up its own memory and would not overwrite, so it would just lock up and have to be rebooted manually.

    Solution

    The team found out that the volumes and units of data would cause the memory to fill at a certain time of the month. They wrote a script to reboot the machine and set up a planned outage during the appropriate weekend each month.

    Results

    The team never had to do manual reboots again – though they did have to tweak their reboot script not to rely on their calendar, after a shift in production broke the pattern between memory consumption and the calendar.

    Rank the issues

    🗲.1.1 10 minutes

    1. Assign each participant five sticky dots to use for voting.
    2. Have each participant place any number of dots beside the issue(s) of their choice.
    3. Count the dots and rank the top three most important issues.

    INPUT

    • List of issues

    OUTPUT

    • Top three issues

    Materials

    • Whiteboard
    • Markers
    • Sticky dots

    Participants

    • Operations Manager
    • Infrastructure Manager
    • I&O team members

    Brainstorm solutions

    🗲.1.2 10 minutes

    1. Write the three issues at the top of a whiteboard, each at the head of its own column.
    2. Focusing on one issue at a time, brainstorm potential solutions for each issue. Have one person write all the proposed solutions on the board beneath the issue.

    Info-Tech Best Practice

    Do not censor or evaluate the proposed solutions at this time. During brainstorming, focus on coming up with as many potential solutions as possible, no matter how infeasible or outlandish.

    INPUT

    • Top three issues

    OUTPUT

    • Potential solutions

    Materials

    • Whiteboard
    • Markers

    Participants

    • Operations Manager
    • Infrastructure Manager
    • I&O team members

    Evaluate and rank potential solutions

    🗲.1.3 30 minutes

    1. Score the solutions from 1-5 on each of the two dimensions:
    • Attainability
    • Probable efficacy
  • Identify the top scoring solution for each issue. In the event of a tie, vote to determine the winner.
  • Info-Tech Insight

    Quick wins are the best of both worlds. To get a quick win, pick a solution that is both readily attainable and likely to have high impact.

    INPUT

    • Potential solutions

    OUTPUT

    • Ranked list of solutions

    Materials

    • Whiteboard
    • Markers

    Participants

    • Operations Manager
    • Infrastructure Manager
    • I&O team members

    Develop metrics to measure the effectiveness of solutions

    You should now have a top potential solution for each pain point.

    For each pain point and proposed solution, identify the metric that would indicate whether the solution had been effective or not. For example:

    • Pain point: Too many unnecessary escalations for SharePoint issues.
    • Solution: Train tier 1 staff to resolve SharePoint tickets.
    • Metric: % of SharePoint tickets resolved at tier 1.

    Design solutions

    • Some solutions explain themselves. E.g., hire an extra service desk person.
    • Others require more planning and design, as they involve a bespoke solution. E.g., improve asset management process or automate onboarding of new users.
    • For the solutions that require planning, take the time to design each solution fully before rushing to implement it.

    Build solutions

    • Build any of the solutions that require building. For example, any scripting for automations requires the writing of those scripts, and any automated ticket routing requires configuration of your ITSM tool.
    • Part of the build phase for many solutions should also involve designing the tests of those solutions.

    Test solutions – refine and iterate

    • Think about the expected outcome and results of the solutions that require testing.
    • Test each solution under production-like circumstances to see if the results and behavior are as expected.
    • Refine and iterate upon the solutions as necessary, and test again.

    Implement solutions and measure results

    • Before implementing each solution, take a baseline measurement of the metric that will measure success.
    • Implement the solutions using your change management process.
    • After implementation, measure the success of the solution using the appropriate metric.
    • Document the results and judge whether the solution has been effective.

    Use the top result as a case study to obtain buy-in

    Your most effective solution will make a great case study.

    Write up the results and input the case study into the IT Operations Center Stakeholder Buy-In Presentation.

    This image contains a screenshot of info-tech's default format for presenting case studies.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    🗲.1.2 This image contains a screenshot from section 🗲.1.2 of this blueprint.

    Identify issues

    Look for areas that aren’t working optimally.

    🗲.1.3 this image contains a screenshot from section 🗲.1.3 of this blueprint.

    Evaluate and rank potential solutions

    Sort the wheat from the chaff and plan for quick wins.

    PHASE 1

    Get Buy-In

    Optimize the IT Operations Center

    Step 1.1: Ensure Base Maturity Is in Place

    This step will walk you through the following activities:

    • Assess maturity of base IT Operations processes.

    Outcomes of this step

    • Completed IT Operations Center Prerequisites Assessment Tool

    Base processes underpin the Operations Center

    • Before you optimize your Operations Center, you should have foundational ITSM processes in place: service desk, and incident, problem, and change management.
    • Attempting to optimize Operations before it rests on a solid foundation can only lead to frustration.

    IT Operations Center

    • Service Desk
    • Incident Management
    • Problem Management
    • Change Management

    Info-Tech Insight

    ITIL isn’t dead. New technology such as cloud solutions and advanced monitoring tools have transformed how ITSM processes are implemented, but have not obviated them.

    Assess maturity of prerequisite processes

    1.1.1 IT Operations Center Prerequisites Assessment Tool

    • Don’t try to prematurely optimize your Operations Center.
    • Before undertaking this project, you should already have a base level of maturity in the four foundational IT Operations processes.
    • Complete the IT Operations Center Prerequisites Assessment Tool to assess your current level in service desk, incident management, problem management, and change management.
    this image contains a screenshot from Info-Tech's IT Operations Center Prerequisite Assessment

    Make targeted improvements on prerequisite processes if necessary

    If there are deficiencies in any of your foundational processes, take the time to remedy those first before proceeding with Optimize the IT Operations Center. See Info-Tech’s other blueprints:

    Standardize the Service Desk

    Strengthen your service desk to build a strong ITSM foundation.

    Incident and Problem Management

    Don’t let persistent problems govern your department.

    Optimize Change Management

    Turn and face the change with a right-sized change management process.

    Step 1.2: Make the Case

    This step will walk you through the following activities:

    • Estimate the impact of downtime for top five applications.
    • Estimate the cost of incident response.
    • Estimate the cost of MRW.
    • Set success metrics and estimate the ROI of the Operations Center project.
    • IT Operations Center Stakeholder Buy-In Presentation

    Obtaining buy-in is critical

    Buy-in from top-level stakeholders is critical to the success of the project.

    Before jumping into your initiatives, take the time to make the case and bring the business on board.

    Factors that “prevent us from improving the NOC”

    This image contains a graph of factors that prevent us from improving the NOC. In decreasing order, they include: Lack of strategic guidance from our vendors; The unwillingness of our management to accept new risk; Lack of adequate software tools; Our internal processes; Lack of management vision; Lack of funding; and Lack of personnel resources. There is a red circle drawn around the last three entries, with the words: Getting Buy-in Removes the Top Three Roadblocks to Improvement!. Source: Metzier, n.d

    List your top five applications

    List your top five applications for business criticality.

    Don’t agonize over decisions at this point.

    Generally, the top applications will be customer facing, end-user facing for the most critical business units, or critical for health and safety.

    Estimate impact of downtime

    • Come up with a rough, back-of-the-napkin estimate of the hourly cost of downtime for each application.
    • Complete page two of the IT Operations Center Stakeholder Buy-In Presentation.
    • Estimate loss of revenue per hour, loss of productivity per hour, and IT cost per incident resolution hour.
    • Pull a report on incident hours/outages in the past year from your ITSM tool. Multiply the total cost per incident hour by the incident hours per year to determine the current cost per year of service disruptions for each service.
    • Add up the cost for each of the top five services.
    • Now you can show the business a hard value number that quantifies your availability issues.

    Estimate salary cost of non-value-adding work

    Complete page three of the IT Operations Center Stakeholder Buy-In Presentation.

    • Estimate annual wage cost of incident response: multiply incident response hours per year (take from your ITSM tool) by the average hourly wage of incident responders.
    • Estimate annual cost of MRW: multiply MRW hours per year (take from ITSM tool or from time-keeping tool, or use best guess based on talking to staff members) by the average hourly wage of IT staff performing MRW.
    • Add the two numbers together to calculate the non-value-adding IT salary cost per year.
    • Express the previous number as a percentage of total IT salary. Everything that is not incident response or MRW is value-adding work.

    Now you have the holy trinity of metrics: set some targets

    The holy trinity of metrics:

    • Cost of downtime
    • % of salary on incident response
    • % of salary on MRW

    You want to reduce the above numbers. Set some back-of-the-napkin targets for percentage reductions for each of these areas. These are high-level metrics that business stakeholders will care about.

    Take your best guess at targets. Higher maturity organizations will have less potential for reduction from a percentage point of view (eventually you hit diminishing returns), while organizations just beginning to optimize their Operations Center have the potential for huge gains.

    Calculate the potential gains of targets

    Complete page five of the IT Operations Center Stakeholder Buy-In Presentation.

    • Multiply the targeted/estimated % reductions of the costs by your current costs to determine the potential savings/benefits.
    • Do a back-of-the napkin estimate of the cost of the Operations Center improvement project. Use reasonable numbers for cost of personnel time and cost of tools, and be sure to include ongoing personnel time costs – your time isn’t free and continual improvement takes work and effort.
    • Calculate the ROI.

    Fill out the case study

    • Complete page six of the IT Operations Center Stakeholder Buy-In Presentation. If you completed the lightning phase, use the results of your own quick win project(s) as an example of feasibility.
    • If you did not complete the lightning phase, delete this slide, or use an example of what other organizations have achieved to demonstrate feasibility.
    This image contains a screenshot of info-tech's default format for presenting case studies.

    Present to stakeholders

    • Deliver the presentation to key stakeholders.
    • Focus on the high-level story that the current state is costing real dollars and wages, and that these losses can be minimized through process improvements.
    • Be up front that many of the numbers are based on estimates, but be prepared to defend the reasonableness of the estimates.

    Gain buy-in and identify project sponsor

    • If the business is on board with the project, determine one person to be the executive sponsor for the project. This person should have a strong desire to see the project succeed, and should have some skin in the game.

    Formalize communication with the project sponsor

    • Establish how you will communicate with the sponsor throughout the project (e.g. weekly or monthly e-mail updates, bi-weekly meetings).
    • Set up a regular/recurring cadence and stick to it, so it can be put on auto-pilot. Be clear about who is responsible for initiating communication and sticking to the reporting schedule.

    Info-Tech Insight

    Tailor communication to the sponsor. The project sponsor is not the project manager. The sponsor’s role is to drive the project forward by allocating appropriate resources and demonstrating highly visible support to the broader organization. The sponsor should be kept in the loop, but not bothered with minutiae.

    Note the starting numbers for the holy trinity

    Use the IT Operations Center Continual Improvement Tracker:

    • Enter your starting numbers for the holy trinity of metrics.
    • After planning and implementing initiatives, this tracker will be used to update against the holy trinity to assess the success of the project on an ongoing basis and to drive continual improvement.

    PHASE 2

    Define Accountability and Metrics

    Optimize the IT Operations Center

    Step 2.1: Define Accountabilities

    This step will walk you through the following activities:

    • Formalize RACI for key processes.
    • Formalize RACI for key tasks.

    Outcomes of this step

    • Completed RACIs

    List key Operations Center processes

    Compile a list of processes that are key for the Operations Center.

    These processes should include the four foundational processes:

    • Service Desk
    • Incident Management
    • Problem Management
    • Change Management

    You may also want to include processes such as the following:

    • Event Management
    • Configuration Management

    Avoid listing processes you have yet to develop – stick with those already playing a role in your current state.

    Formalize RACI for key processes

    Use the IT Operations Center RACI Charts Template. Complete a RACI for each of the key processes involved in the IT Operations Center.

    RACI:

    • Responsible (does the work on a day-to-day basis)
    • Accountable (reviews, signs off, and is held accountable for outcomes)
    • Consulted (input is sought to feed into decision making)
    • Informed (is given notification of outcomes)

    As a best practice, no more than one person should be responsible or accountable for any given process. The same person can be both responsible and accountable for a given process, or it could be two different people.

    Avoid making someone accountable for a process if they do not have full visibility into the process for appropriate oversight, or do not have time to give the process sufficient attention.

    Formalize RACI for IT tasks

    Now think about the actual tasks or work that goes on in IT. Which roles and individuals are accountable for which tasks or pieces of work?

    In this case, more than one role/person can be listed as responsible or accountable in the RACI because we’re talking about types or categories of work. No conflict will occur because these individuals will be responsible or accountable for different pieces of work or individual tasks of the same type. (e.g. all service desk staff are responsible for answering phones and inputting tickets into the ITSM tool, but no more than one staff member is responsible for the input of any given ticket from a specific phone call).

    Step 2.2: Define Metrics

    This step will walk you through the following activities:

    • Cascade operational metrics from the holy trinity.
    • Evaluate metrics and identify key performance indicators (KPIs).
    • Cascade performance assessment (PA) metrics to support KPIs.
    • Build feedback loop for PA metrics.

    Outcomes of this step

    • KPIs
    • PA metrics

    Metrics must span across silos for shared accountability

    To adequately support the business goals of the organization, IT metrics should span across functional silos.

    Metrics that span across silos foster shared accountability across the IT organization.

    Metrics supported by all groups

    three grain silos are depicted. below, are the words IT Groups, with arrows pointing from the words to each of the three silos.

    Cascade operational metrics from the holy trinity

    Focus on the holy trinity of metrics.

    From these, cascade down to operational metrics that contribute to the holy trinity. It is possible that an operational metric may support more than one trinity metric. For example:

    a flow chart is depicted. two input circles point toward a central circle, and two output circles point away. the input circles include: Cost of Downtime; Cost of Incident Response. The central circle reads: Mean time to restore service. the output circles include the words: Tier 1 Resolution Rate; %% of Known Errors Captured in ITSM Tool.

    Evaluate metrics and identify KPIs

      • Evaluate your operational metrics and determine which ones are likely to have the largest impact on the holy trinity of metrics.
      • Identify the ten metrics likely to have the most impact: these will be your KPIs moving forward.
      • Enter these KPIs into the IT Operations Center Continual Improvement Tracker.
      this image depicts a cycle around the term KPI. The cycle includes: Objective; Measurement; optimization; strategy; performance; evaluation

    Beware how changing variables/context can affect metrics

    • Changes in context can affect metrics drastically. It’s important to keep the overall context in mind to avoid being led astray by certain numbers taken in isolation.
    • For example, a huge hiring spree might exhaust the stock of end-user devices, requiring time to procure hardware before the onboarding tickets can be completely fulfilled. You may have improved your onboarding process through automation, but see a large increase in average time to onboard a new user. Keep an eye out for such anomalies or fluctuations, and avoid putting too much stock in any single operational KPI.
    • Remember, operational KPIs are just a heuristic tool to support the holy trinity of metrics.

    Determine accountability for KPIs

    • For each operational KPI, assign one person to be accountable for that KPI.
    • Be sure the person in charge has the necessary authority and oversight over the processes and personnel that most affect that KPI – otherwise it makes little sense to hold the individual accountable.
    • Consulting your process RACIs is a good place to start.
    • Record the accountable person for each KPI in the IT Operations Center Continual Improvement Tracker.

    Info-Tech Best Practice

    Match accountability with authority. The person accountable for each KPI should be the one who has the closet and most direct control over the work and processes that most heavily impact that KPI.

    Cascade PA metrics to support KPIs

    KPIs are ultimately driven by how IT does its work, and how individuals work is driven by how their performance is assessed and evaluated.

    For the top KPIs, be sure there are individual PA metrics in place that support the KPI, and if not, develop the appropriate PA metrics.

    For example:

    • KPI: Mean time to resolve incidents
    • PA metric: % of escalations that followed SOP (e.g. not holding onto a ticket longer than supposed to)
    • KPI: Number of knowledge base articles written
    • PA metric: Number of knowledge base articles written/contributed to

    Communicate key changes in PA metrics

    Any changes from the previous step will take time and effort to implement and make stick.

    Changing people’s way of working is extremely difficult.

    Build a communication and implementation plan about rolling out these changes, emphasize the benefits for everyone involved, and get buy-in from the affected staff members.

    Build feedback loops for PA metrics

    Now that PA metrics support your Operations Center’s KPIs, you should create frequent feedback loops to drive and boost those PA metrics.

    Once per year or once per quarter is not frequent enough. Managers should meet with their direct reports at least monthly and review their reports’ performance against PA metrics.

    Use a “set it and forget it” implementation, such as a recurring task or meeting in your calendar.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    2.2.1 This image contains a screenshot from section 2.2.1 of this blueprint.

    Cascade operational metrics from the holy trinity

    Rank goals based on business impact and stakeholder pecking order.

    2.2.2 this image contains a screenshot from section 2.2.2 of this blueprint.

    Determine accountability for KPIs

    Craft a concise and compelling elevator pitch that will drive the project forward.

    PHASE 3

    Assess Gaps and Prioritize Initiatives

    Optimize the IT Operations Center

    Step 3.1: Assess Gaps

    This step will walk you through the following activities:

    • Assess visibility provided by monitoring.
    • Assess process workflows and identify areas for automation.
    • Assess requests and identify potential for automation.
    • Assess Operations Center staff capabilities.
    • Conduct a root cause analysis on the gaps/pain points.

    Outcomes of this step

    • List of gaps
    • List of root causes

    Measure current state of KPIs and identify lagging ones

    Take a baseline measurement of each operational KPI.

    If historical data is available, compare the present state measurement to data points collected over the last year or so.

    Review the measured KPIs.

    Identify any KPIs that seem lagging or low, or that may be particularly important to influence.

    Record lagging KPIs in the IT Operations Center Gap and Initiative Tracker tool.

    Assess visibility provided by monitoring

    List the top five most critical business services supported by IT.
    Assess the current state of your monitoring tools.

    For each business service, rate the level of visibility your monitoring tools allow from the following options:

    1. We have no visibility into the service, or lack visibility into crucial elements.
    2. We have basic visibility (up/down) into all the IT components that support the service.
    3. We have basic visibility (up/down) into the end service itself, in addition to all the IT components that make it up.
    4. We have some advanced visibility into some aspects of the service and/or its IT components.
    5. We have a full, end-to-end view of performance across all the layers of the stack, as well as the end business service itself.

    Identify where more visibility may be necessary

    For most organizations it isn’t practical to have complete visibility into everything. For the areas in which visibility is lacking into key services, think about whether more visibility is actually required or not. Consider some of the following questions:

    • How great is the impact of this service being unavailable?
    • Would greater visibility into the service significantly reduce the mean time to restore the service in the event of incidents?

    Record any deficiencies in the IT Operations CenterGap and Initiative Tracker tool.

    Assess alerting

    Assess alerting for your most critical services.

    Consider whether any of the following problems occur:

    • Often receive no alert(s) in the event of critical outages of key services (we find out about critical outages from the service desk).
    • We are regularly overwhelmed with too many alerts to investigate properly.
    • Our alerts are rarely actionable.
    • We often receive many false alerts.

    Identify areas for potential improvement in the managing of alerts. Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

    Assess process workflows and identify areas for automation

    Review your process flows for base processes such as Service Desk, Incident Management, Problem Management, and Change Management.

    Identify areas in the workflows where there may be defects, inefficiencies, or potential for improvement or automation.

    Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

    See the blueprint Prepare for Cognitive Service Management for process workflows and areas to look for automation possibilities.

    Prepare for Cognitive Service Management

    Make ready for AI-assisted IT operations.

    Assess requests and identify potential for automation

    • Assess the most common work orders or requests handled by the Operations Center group (i.e. this does not include requests fulfilled by the help desk).
    • Which work orders are the most painful? That is, what common work orders involve the greatest effort or the most manual work to fulfill?
    • Fulfillment of common, recurring work orders is MRW, and should be reduced or removed if possible.
    • Consider automation of certain work orders, or self-service delivery.
    • Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

    Assess Operations Center staff capabilities

    • Assess the skills and expertise of your team members.
    • Consider some of the following:
      • Are there team members who could perform their job more effectively by picking up certain skills or proficiencies?
      • Are there team members who have the potential to shift into more valuable or useful roles, given the appropriate training?
      • Are there individual team members whose knowledge is crucial for operations, and whose function cannot be taken up by others?

    Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

    Info-Tech Insight

    Train to avoid pain. All too often organizations expose themselves to significant key person risk by relying on the specialized skills and knowledge of one team member. Use cross training to remedy such single points of failure before the risk materializes.

    Brainstorm pain points

    Brainstorm any pain points not discussed in the previous areas.

    Pain points can be specific operational issues that have not yet been considered. For example:

    • Tom is overwhelmed with tickets.
    • Our MSP often breaches SLA.
    • We don’t have a training budget.

    Record any deficiencies in the IT Operations CenterGap and Initiative Tracker tool.

    Conduct a root cause analysis on the gaps/pain points

    • Pain points can often be symptoms of other deficiencies, or somewhat removed from the actual problem.
    • Using the 5 Whys, conduct a root cause analysis on the pain points for which the causes are not obvious.
    • For each pain point, ask “why” for a sequence of five times, attempting to proceed to the root cause of the issue. This root cause is the true gap that needs to be remedied to resolve the pain point.
    • For example:
      • The Wi-Fi network often goes down in the afternoon.
        • Why?: Its bandwidth gets overloaded.
        • Why?: Many people are streaming video.
        • Why?: There’s a live broadcast of a football game at that time.
      • Possible solutions:
        • Block access to the streaming services.
        • Project the game on a screen in a large conference room and encourage everyone to watch it there.

    Step 3.2: Plan Initiatives

    This step will walk you through the following activities:

    • Brainstorm initiatives to boost KPIs and address gaps.
    • Prioritize potential initiatives.
    • Decide which initiatives to include on the roadmap.

    Outcomes of this step

    • Targeted improvement roadmap

    Brainstorm initiatives to boost KPIs and address gaps

    Prioritize potential initiatives

    3.2.1 IT Operations Center Initiative Prioritization Tool

    • Use the IT Operations Center Initiative Prioritization Tool.
    • Enter the initiatives into the tool.
    • For each initiative, input the following ranking criteria:
      • The metric/KPI’s estimated degree of impact on the holy trinity.
      • The gap or pain point’s estimated degree of impact on the metric/KPI.
      • The initiative’s estimated degree of positive impact on the gap or pain point
      • The initiative’s attainability.
    • Estimate the resourcing capacity required for each initiative.
    • For accurate capacity assessment, input as “force include” all current in-flight projects handled by the Operations Center group (including those unrelated to the Operations Center project).

    Decide which initiatives to include on the roadmap

    • Not all initiatives will be worth pursuing – and especially not all at once.
    • Consider the results displayed on the final tab of the IT Operations CenterInitiative Prioritization Tool.
    • Based on the prioritization and taking capacity into account, decide which initiatives to include on your roadmap.
    • Sometimes, for operational or logistical reasons, it may make sense to schedule an initiative at a time other than its priority might dictate. Make such exceptions on a case-by-case basis.

    Assign an owner to each initiative, and provide resourcing

    • For each initiative, assign one person to be the owner of that initiative.
    • Be sure that person has the authority and the bandwidth necessary to drive the initiative forward.
    • Secure additional resourcing for any initiatives you want to include on your roadmap that are lacking capacity.

    Info-Tech Insight

    You must invest resources in order to reduce the time spent on non-value-adding work.

    "The SRE model of working – and all of the benefits that come with it – depends on teams having ample capacity for engineering work. If toil eats up that capacity, the SRE model can’t be launched or sustained. An SRE perpetually buried under toil isn’t an SRE, they are just a traditional long-suffering SysAdmin with a new title."– David N. Blank-Edelman

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    3.1.1 This image contains a screenshot from section 3.1.1 of this blueprint.

    Conduct a root cause analysis on the gaps/pain points

    Find out the cause, so you can come up with solutions.

    3.2.1 this image contains a screenshot from section 3.2.1 of this blueprint.

    Prioritize potential initiatives

    Don’t try to boil the ocean. Target what’s manageable and what will have the most impact.

    PHASE 4

    Launch Initiatives and Track Metrics

    Optimize the IT Operations Center

    Step 4.1: Lay Foundation

    This step will walk you through the following activities:

    • Build initiative communication plan.
    • Develop a testing plan for each technical initiative.

    Outcomes of this step

    • Communication plan
    • Testing plan(s)

    Expect resistance to change

    • It’s not as simple as rolling out what you’ve designed.
    • Anything that affects people’s way of working will inevitably be met with suspicion and pushback.
    • Be prepared to fight the battle.
    • "The hardest part is culture. You must get people to see the value of automation. Their first response is ‘We've been doing it this way for 10 years, why do we need to do it another way?’ It's hard to get someone out of their comfort zone to learn something new, especially when they've been at an organization for 20 years. You need to give them incentives."– Cyrus Kalatbari, Senior IT Architect, Infrastructure/Cloud

    Communicate changes in advance, along with their benefits!

    • Communicate changes well in advance of the date(s) of implementation.
    • Emphasize the benefits of the changes – not just for the organization, but for employees and staff members.
    • Advance communication of changes helps make them more palatable, and builds trust in employees by making them feel informed of what’s going on.

    Involve IT staff in design and implementation of changes

    • As you communicate the coming changes, take the opportunity to involve any affected staff members who have not yet participated in the project.
    • Solicit their feedback and get them to help design and implement the initiatives that involve significant changes to their roles.

    Develop a testing plan for each technical initiative

    • Some initiatives, such as appointing a new change manager or hiring a new staff member, do not make sense to test.
    • On the other hand, technical initiatives such as automation scripts, new monitoring tools or dashboards, and changed alert thresholds should be tested thoroughly before implementation.
    • For each technical initiative, think about the expected results and performance if it were to run in production, and build a test plan to ensure it behaves as expected and there are no corner cases.

    Test technology initiatives and iterate if necessary

    • Test each technical initiative under a variety of circumstances, with as close an environment to production as possible.
    • Try to develop corner cases or unusual or unexpected situations, and see if any of these will break the functionality or produce unintended or unexpected results.
    • Document the results of the testing, and iterate on the initiative and test again if necessary.

    "The most important things – and the things that people miss – are prerequisites and expected results. People jump out and build scripts, then the scripts go into the ditch, and they end up debugging in production." – Darin Stahl, Research Director, Infrastructure & Operations

    Step 4.2: Launch and Measure

    This step will walk you through the following activities:

    • Launch initiatives and track adoption and effectiveness.
    • Investigate initiatives that appear ineffective.
    • Measure success with the holy trinity.

    Outcomes of this step

    • Continual improvement roadmap

    Establish a review cycle for each metric

    Info-Tech Best Practice

    Don’t measure what doesn’t matter. If a metric is not going to be reviewed or reported on for informational or decision-making purposes, it should not be tracked.

    Launch initiatives and track adoption and effectiveness

    • Launch the initiatives.
    • Some initiatives will need to proceed through your change management process in order to roll out, but others will not.
    • Track the adoption of initiatives that require it.
      • Some initiatives will require tracking of adoption, whereas others will not.
      • For example, hiring a new service desk staff member does not require tracking of adoption, but implementing a new process for ticket handling does.
      • The implementation plan should include a way to measure the adoption of such initiatives, and regularly review the numbers to see if the implementation has been successful.
    • For all initiatives, measure their effectiveness by continuing to track the KPI/metric that the initiative is intended to influence.

    Assess metrics according to review cycle for continual improvement

    • Assess metrics according to the review cycle.
    • Note whether metrics are improving in the right direction or not.
    • Correlate changes in the metrics with measures of the adoption of the initiatives – see whether initiatives that have been adopted are moving the needle on the KPIs they are intended to.

    Investigate initiatives that appear ineffective

    • If the adoption of an initiative has succeeded, but the expected impact of that initiative on the KPI has not taken place, investigate further and conduct a root causes analysis to determine why this is the case.
    • Sometimes, anomalies or fluctuations will occur that cause the KPI not to move in accordance with the success of the initiative. In this case, it’s just a fluke and the initiative can still be successful in influencing the KPI over the long term.
    • Other times, the initiative may prove mostly or entirely ineffective, either due to misdesign of the initiative itself, a change of circumstances, or other compounding factors or complexities. If the initiative proves ineffective, consider iterating modifications of the initiative and continuing to measure the effect on KPIs – or perhaps killing the initiative altogether.
    • Remember that experimentation is not a bad thing – it’s okay that not every initiative will always prove worthwhile.

    Measure success with the holy trinity

    • Report to business stakeholders on the effect on the holy trinity of metrics at least annually.
    • Calculate the ROI of the project after two years and compare the results to the targeted ROI you initially presented in the IT Operations Center Stakeholder Buy-In Presentation.
    This image contains a Funnel Chart showing the inputs: Downtime; Cost of Incident Response; MRW; and the output: Reduce for continual improvement

    Iterate on the Operations Center process for continual improvement

    This image depicts a cycle, which includes: Data analysis; Executive Sponsorship; Success Criteria; Gap Assessment; Initiatives; Tracking & Measurement

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    4.1.1This image contains a screenshot from section 3.1.1 of this blueprint.

    Communicate changes in advance, along with their benefits!

    Rank goals based on business impact and stakeholder pecking order.

    4.1.2 this image contains a screenshot from section 3.2.1 of this blueprint.

    Develop a testing plan for each technical initiative

    Craft a concise and compelling elevator pitch that will drive the project forward.

    Research contributors and experts
    This is a picture of Cyrus Kalatbari, IT infrastructure/cloud architect

    Cyrus Kalatbari, IT Infrastructure/Cloud Architect

    Cyrus’ in-depth knowledge cutting across I&O and service delivery has enhanced the IT operations of multiple enterprise-class clients.

    This is a picture of Derek Cullen, Chief Technology Officer

    Derek Cullen, Chief Technology Officer

    Derek is a proven leader in managing enterprise-scale development, deployment, and integration of applications, platforms, and systems, with a sharp focus on organizational transformation and corporate change.

    This is a picture of Phil Webb, Senior Manager

    Phil Webb, Senior Manager – Unified Messaging and Mobility

    Phil specializes in service delivery for cloud-based and hybrid technology solutions, spanning requirements gathering, solution design, new technology introduction, development, integration, deployment, production support, change/release delivery, maintenance, and continuous improvement.

    This is a picture of Richie Mendoza, IT Services Delivery Consultant

    Richie Mendoza, IT Services Delivery Consultant

    Ritchie’s accomplishments include pioneering a cloud capacity management process and presenting to the Operations team and to higher management, while providing a high level of technical leadership in all phases of capacity management activities.

    This is a picture of Rob Thompson, Solutions Architect

    Rob Thomson, Solutions Architect

    Rob is an IT leader with a track record of creating and executing digital transformation initiatives to achieve the desired outcomes by integrating people, process, and technology into an efficient and effective operating model.

    Related Info-Tech research

    Create a Configuration Management Roadmap

    Right-size your CMDB to improve IT operations.

    Harness Configuration Management Superpowers

    Build a CMDB around the IT services that are most important to the organization.

    Develop an IT Infrastructure Services Playbook

    Automation, SDI, and DevOps – build a cheat sheet to manage a changing Infrastructure & Operations environment.

    Develop an Availability and Capacity Management Plan

    Manage capacity to increase uptime and reduce costs.

    Establish a Program to Enable Effective Performance Monitoring

    Maximize the benefits of infrastructure monitoring investments by diagnosing and assessing transaction performance, from network to server to end-user interface.

    Bibliography

    Baker, Dan, and Hal Baylor. “How Benchmarking & Streamlining NOC Operations Can Lower Costs & Boost Effectiveness.” Top Operator, Mar. 2017. Web.

    Blank-Edelman, David. Seeking SRE: Conversations About Running Production Systems at Scale. O'Reilly, 2018. Web.

    CA Technologies. “IT Transformation to Next-Generation Operations Centers: Assure Business Service Reliability by Optimizing IT Operations.” CA Technologies, 2014. Web.

    Ditmore, Jim. “Improving Availability: Where to Start.” Recipes for IT, n.d. Web.

    Ennis, Shawn. “A Phased Approach for Building a Next-Generation Network Operations Center.” Monolith Software, 2009. Web.

    Faraclas, Matt. “Why Does Infrastructure Operations Still Suck?” Ideni, 25 Feb. 2016. Web.

    InterOp ITX. “2018 State of the Cloud.” InterOp ITX, Feb. 2018. Web.

    ITIC. “Cost of Hourly Downtime Soars: 81% of Enterprises Say it Exceeds $300K On Average.” ITIC, 2 Aug. 2016. Web.

    Joe the IT Guy. “Availability Management Is Harder Than it Looks.” Joe the IT Guy, 10 Feb. 2016. Web.

    ---. “Do Quick Wins Exist for Availability Management?” Joe the IT Guy, 15 May 2014. Web.

    Lawless, Steve. “11 Top Tips for Availability Management.” Purple Griffon, 4 Jan. 2019. Web.

    Metzler, Jim. “The Next Generation Network Operations Center: How the Focus on Application Delivery is Redefining the NOC.” Ashton, Metzler & Associates, n.d. Web.

    Nilekar, Shirish. “Beyond Redundancy: Improving IT Availability.” Network Computing, 28 Aug. 2015. Web.

    Slocum, Mac. “Site Reliability Engineering (SRE): A Simple Overview.” O’Reilly, 16 Aug. 2018. Web.

    Spiceworks. “The 2019 State of IT.” Spiceworks, 2019. Web

    Cost and Budget Management

    • Buy Link or Shortcode: {j2store}8|cart{/j2store}
    • Related Products: {j2store}8|crosssells{/j2store}
    • Up-Sell: {j2store}8|upsells{/j2store}
    • member rating overall impact (scale of 10): 9.5/10
    • member rating average dollars saved: $2,000
    • member rating average days saved: 5
    • Parent Category Name: Financial Management
    • Parent Category Link: /financial-management

    The challenge

    • IT is seen as a cost center in most organizations. Your IT spend is fuelled by negative sentiment instead of contributing to business value.

    • Budgetary approval is difficult, and in many cases, the starting point is lowering the cost-income ratio without looking at the benefits.
    • Provide the right amount of detail in your budgets to tell your investment and spending story. Align it with the business story. Too much detail only increases confusion, too little suspicion.

    Our advice

    Insight

    An effective IT budget complements the business story with how you will achieve the expected business targets.

    • Partner with the business to understand the strategic direction of the company and its future needs.
    • Know your costs and the value you will deliver.
    • Present your numbers and story clearly and credibly. Excellent delivery is part of good communication.
    • Guide your company by clearly explaining the implications of different choices they can make.

    Impact and results 

    • Get a head-start on your IT forecasting exercise by knowing the business strategy and what initiatives they will launch.
    • The coffee corner works! Pre-sell your ideas in quick chats.
    • Do not make innovation budgets bigger than they need to be. It undermines your credibility.
    • You must know your history to accurately forecast your IT operations cost and how it will evolve based on expected business changes.
    • Anticipate questions. IT discretionary proposals are often challenged. Think ahead of time about what areas your business partners will focus on and be ready with researched and credible responses.
    • When you have an optimized budget, tie further cost reductions to consequences in service delivery or deferred projects, or a changed operating model.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief shows you why you should develop a budget based on value delivery. We'll show you our methodology and the ways we can help you in completing this.

    Plan for budget success

    • Build an IT Budget That Demonstrates Value Delivery – Phase 1: Plan (ppt)
    • IT Budget Interview Guide (doc)

    Build your budget.

    • Build an IT Budget That Demonstrates Value Delivery – Phase 2: Build (ppt)
    • IT Cost Forecasting Tool (xls)

    Sell your budget

    • Build an IT Budget That Demonstrates Value Delivery – Phase 3: Sell (ppt)
    • IT Budget Presentation (ppt)

     

    Evolve Your Business Through Innovation

    • Buy Link or Shortcode: {j2store}330|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Innovation teams are tasked with the responsibility of ensuring that their organizations are in the best position to succeed while the world is in a period of turmoil, chaos, and uncertainty.
    • CIOs have been expected to help the organization transition to remote work and collaboration instantaneously.
    • CEOs are under pressure to redesign, and in some cases reinvent, their business model to cope with and compete in a new normal.

    Our Advice

    Critical Insight

    It is easy to get swept up during a crisis and cling to past notions of normal. Unfortunately, there is no controlling the fact that things have changed fundamentally, and it is now incumbent upon you to help your organization adapt and evolve. Treat this as an opportunity because that is precisely what this is.

    Impact and Result

    There are some lessons we can learn from innovators who have succeeded through past crises and from those who are succeeding now.

    There are a number of tactics an innovation team can employ to help their business evolve during this time:

    1. Double down on digital transformation (DX)
    2. Establish a foresight capability
    3. Become a platform for good

    Evolve Your Business Through Innovation Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evolve your business through innovation

    Download our guide to learn what you can do to evolve your business and innovate your way through uncertainty.

    • Evolve Your Business Through Innovation Storyboard
    [infographic]

    Define Service Desk Metrics That Matter

    • Buy Link or Shortcode: {j2store}491|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Consolidate your metrics and assign context and actions to ones currently tracked.
    • Establish tension metrics to see and tell the whole story.
    • Split your metrics for each stakeholder group. Assign proper cadences for measurements as a first step to building an effective dashboard.

    Our Advice

    Critical Insight

    • Identify the metrics that serve a real purpose and eliminate the rest. Establish a formal review process to ensure metrics are still valid, continue to provide the answers needed, and are at a manageable and usable level.

    Impact and Result

    • Tracking goal- and action-based metrics allows you to make meaningful, data-driven decisions for your service desk. You can establish internal benchmarks to set your own baselines.
    • Predefining the audience and cadence of each metric allows you to construct targeted dashboards to aid your metrics analysis.

    Define Service Desk Metrics That Matter Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define Service Desk Metrics That Matter Storyboard – A deck that shows you how to look beyond benchmarks and rely on internal metrics to drive success.

    Deciding which service desk metrics to track and how to analyze them can be daunting. Use this deck to narrow down your goal-oriented metrics as a starting point and set your own benchmarks.

    • Define Service Desk Metrics That Matter Storyboard

    2. Service Desk Metrics Workbook – A tool to organize your service desk metrics.

    For each metric, consider adding the relevant overall goal, audience, cadence, and action. Use the audience and cadence of the metric to split your tracked metrics into various dashboards. Your final list of metrics and reports can be added to your service desk SOP.

    • Service Desk Metrics Workbook
    [infographic]

    Further reading

    Define Service Desk Metrics That Matter

    Look beyond benchmarks and rely on internal metrics to drive success.

    Analyst Perspective

    Don’t get paralyzed by benchmarks when establishing metrics

    When establishing a suite of metrics to track, it’s tempting to start with the metrics measured by other organizations. Naturally, benchmarking will enter the conversation. While benchmarking is useful, measuring you organization against others with a lack of context will only highlight your failures. Furthermore, benchmarks will highlight the norm or common practice. It does not necessarily highlight best practice.

    Keeping the limitations of benchmarking in mind, establish your own metrics suite with action-based metrics. Define the audience, cadence, and actions for each metric you track and pair them with business goals. Measure only what you need to.

    Slowly improve your metrics process over time and analyze your environment using your own data as your benchmark.

    Benedict Chang

    Research Analyst, Infrastructure & Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Measure the business value provided by the service desk.
    • Consolidate your metrics and assign context and actions to ones currently tracked.
    • Establish tension metrics to see and tell the whole story.
    • Split your metrics for each stakeholder group. Assign proper cadences for measurements as a first step to building an effective dashboard or effective dashboards.

    Common Obstacles

    • Becoming too focused on benchmarks or unidimensional metrics (e.g. cost, first-contact resolution, time to resolve) can lead to misinterpretation of the data and poorly informed actions.
    • Sifting through the many sources of data post hoc can lead to stalling in data analysis or slow reaction times to poor metrics.
    • Dashboards can quickly become cluttered with uninformative metrics, thus reducing the signal-to-noise ratio of meaningful data.

    Info-Tech's Approach

    • Use metrics that drive productive change and improvement. Track only what you need to report on.
    • Ensure each metric aligns with the desired business goal, is action-based, and includes the answers to what, why, how, and who.
    • Establish internal benchmarks by analyzing the trends from your own data to set baselines.
    • Act on the results of your metrics by adjusting targets and measuring success.

    Info-Tech Insight

    Identify the metrics that serve a real purpose and eliminate the rest. Establish a formal review process to ensure metrics are still valid, continue to provide the answers needed, and are at a manageable and usable level.

    Improve your metrics to align IT with strategic business goals

    The right metrics can tell the business how hard IT works and how well they perform.

    • Only 19% of CXOs feel that their organization is effective at measuring the success of IT projects with their current metrics.
    • Implementing the proper metrics can facilitate communication between the business division and IT practice.
    • The proper metrics can help IT know what issues the business has and how the CEO and CIO should tackle them.
    • If the goals above resonate with your organization, our blueprint Take Control of Infrastructure and Operations Metrics will take you through the right steps.

    Current Metrics Suite

    19% Effective

    36% Some Improvement Necessary

    45% Significant Improvement Necessary

    Source: Info-Tech Research Group’s CEO/CIO Alignment Diagnostic, 2019; N=622

    CXOs stress that value is the most critical area for IT to improve in reporting

    • You most likely have to improve your metrics suite by addressing business value.
    • Over 80% of organizations say they need improvement to their business value metrics, with 32% of organizations reporting that significant improvement is needed.
    • Of course, measuring metrics for service desk operations is important, but don’t forget business-oriented metrics such as measuring knowledgebase articles written for shift-left enablement, cost (time and money) of service desk tickets, and overall end-user satisfaction.

    The image shows a bar graph with percentages on the Y-Acis, and the following categories on the X-Axis: Business value metrics; Stakeholder satisfaction reporting; Risk metrics; Technology performance & operating metrics; Cost & Salary metrics; and Ad hoc feedback from executives and staff. Each bar is split into two sections, with the blue section marked a Significant Improvement Necessary, and the purple section labelled Some Improvement necessary. Two sections are highlighted with red circles: Business Value metrics--32% blue; 52% purple; and Technology performance & operating metrics--23% blue and 51% purple.

    Source: Info-Tech Research Group’s CEO/CIO Alignment Diagnostic, 2019; N=622

    Benchmarking used in isolation will not tell the whole story

    Benchmarks can be used as a step in the metrics process

    They can be the first step to reach an end goal, but if benchmarks are observed in isolation, it will only highlight your failures.

    Benchmarking relies on standardized models

    This does not account for all the unique variables that make up an IT organization.

    For example, benchmarks that include cost and revenue may include organizations that prioritize first-call resolution (FCR), but the variables that make up this benchmark model will be quite different within your own organization.

    Info-Tech Insight

    Benchmarks reflect the norm and common practice, not best practice.

    Benchmarks are open to interpretation

    Taking the time to establish proper metrics is often more valuable time spent than going down the benchmark rabbit hole.

    Being above or below the norm is neither a good nor a bad thing.

    Determining what the results mean for you depends on what’s being measured and the unique factors, characteristics, and priorities in your organization.

    If benchmark data is a priority within your IT organization, you may look up organizations like MetricNet, but keep the following in mind:

    Review the collected benchmark data

    See where IT organizations in your industry typically stand in relation to the overall benchmark.

    Assess the gaps

    Large gaps between yourself and the overall benchmark could indicate areas for improvement or celebration. Use the data to focus your analysis, develop deeper self-awareness, and prioritize areas for potential concern.

    Benchmarks are only guidelines

    The benchmark source data may not come from true peers in every sense. Each organization is different, so always explore your unique context when interpreting any findings.

    Rely on internal metrics to measure and improve performance

    Measure internal metrics over time to define goals and drive real improvement

    • Internally measured metrics are more reliable because they provide information about your actual performance over time. This allows for targeted improvements and objective measurements of your milestones.
    • Whether a given metric is the right one for your service desk will depend on several different factors, including:
      • The maturity and capability of your service desk processes
      • The volume of service requests and incidents
      • The complexity of your environment when resolving tickets
      • The degree to which your end users are comfortable with self-service

    Take Info-Tech’s approach to metrics management

    Use metrics that drive productive change and improvement. Track only what you need to report on.

    Ensure each metric aligns with the desired business goal, is action-based, and includes the answers to what, why, how, and who.

    Establish internal benchmarks by analyzing the trends from your own data to set baselines.

    Act on the results of your metrics by adjusting targets and measuring success.

    Define action-based metrics to cut down on analysis paralysis

    Every metric needs to be backed with the following criteria:

    • Defining audience, cadence, goal, and action for each metric allows you to keep your tracked metrics to a minimum while maximizing the value.
    • The audience and cadence of each metric may allow you to define targeted dashboards.

    Audience - Who is this metric tracked for?

    Goal - Why are you tracking this metric? This can be defined along with the CSFs and KPIs.

    Cadence - How often are you going to view, analyze, and action this metric?

    Action - What will you do if this metric spikes, dips, trends up, or trends down?

    Activity 1. Define your critical success factors and key performance indicators

    Critical success factors (CSFs) are high-level goals that help you define the direction of your service desk. Key performance indicators (KPIs) can be treated as the trend of metrics that will indicate that you are moving in the direction of your CSFs. These will help narrow the data you have to track and action (metrics).

    CSFs, or your overall goals, typically revolve around three aspects of the service desk: time spent on tickets, resources spent on tickets, and the quality of service provided.

    1. As a group, brainstorm the CSFs and the KPIs that will help narrow your metrics. Use the Service Desk Metrics Workbook to record the results.
    2. Look at the example to the right as a starting point.

    Example metrics:

    Critical success factor Key performance indicator
    High End-User Satisfaction Increasing CSAT score on transactional surveys
    High end-user satisfaction score
    Proper resolution of tickets
    Low time to resolve
    Low Cost per Ticket Decreasing cost per ticket (due to efficient resolution, FCR, automation, self-service, etc.)
    Improve Access to Self-Service (tangential to improve customer service) High utilization of knowledgebase
    High utilization of portal

    Download the Service Desk Metrics Workbook

    Activity 2. Define action-based metrics that align with your KPIs and CSFs

    1. Now that you have defined your goals, continue to fill the workbook by choosing metrics that align with those goals.
    2. Use the chart below as a guide. For every metric, define the cadence of measurement, audience of the metric, and action associated with the metric. There may be multiple metrics for each KPI.
    3. If you find you are unable to define the cadence, audience, or action associated with a metric, you may not need to track the metric in the first place. Alternatively, if you find that you may action a metric in the future, you can decide to start gathering data now.

    Example metrics:

    Critical success factor Key performance indicator Metric Cadence Audience Action
    High End-User Satisfaction Increasing CSAT score on transactional surveys Monthly average of ticket satisfaction scores Monthly Management Action low scores immediately, view long-term trends
    High end-user satisfaction score Average end-user satisfaction score from annual survey Annually IT Leadership View IT satisfaction trends to align IT with business direction
    Proper resolution of tickets Number of tickets reopened Weekly Service Desk Technicians Action reopened tickets, look for training opportunities
    SLA breach rate Daily Service Desk Technicians Action reopened tickets, look for training opportunities
    Low time to resolve Average TTR (incidents) Weekly Management Look for trends to monitor resources
    Average TTR by priority Weekly Management Look for TTR solve rates to align with SLA
    Average TTR by tier Weekly Management Look for improperly escalated tickets or shift-left opportunities

    Download the Service Desk Metrics Workbook

    Activity 3. Define the data ownership, metric viability, and dashboards

    1. For each metric, define where the data is housed. Ideally, the data is directly in the ticketing tool or ITSM tool. This will make it easy to pull and analyze.
    2. Determine how difficult the metric will be to pull or track. If the effort is high, decide if the value of tracking the metric is worth the hassle of gathering it.
    3. Lastly, for each metric, use the cadence and audience to place the metric in a reporting dashboard. This will help divide your metrics and make them easier to report and action.
    4. You may use the output of this exercise to add your tracked metrics to your service desk SOP.
    5. A full suite of metrics can be found in our Infrastructure & Operations Metrics Library in the Take Control of Infrastructure Metrics Storyboard. The metrics have been categorized by low, medium, and advanced capabilities for you.

    Example metrics:

    Metric Who Owns the Data? Efforts to Track? Dashboards
    Monthly average of ticket satisfaction scores Service Desk Low Monthly Management Meeting
    Average end-user satisfaction score Service Desk Low Leadership Meeting
    Number of tickets reopened Service Desk Low Weekly Technician Standup
    SLA breach rate Service Desk Low Daily Technician Standup
    Average TTR (incidents) Service Desk Low Weekly Technician Standup
    Average TTR by priority Service Desk Low Weekly Technician Standup
    Average TTR by tier Service Desk Low Weekly Technician Standup
    Average TTR (SRs) Service Desk Low Weekly Technician Standup
    Number of tickets reopened Service Desk Low Daily Technician Standup

    Download the Service Desk Metrics Workbook

    Keep the following considerations in mind when defining which metrics matter

    Keep the customer in mind

    Metrics are typically focused on transactional efficiency and process effectiveness and not what was achieved against the customers’ need and satisfaction.

    Understand the relationships between performance and metrics management to provide the end-to-end service delivery picture you are aiming to achieve.

    Don’t settle for tool defaults

    ITSM solutions offer an abundance of metrics to choose from. The most common ones are typically built into the reporting modules of the tool suite.

    Do not start tracking everything. Choose metrics that are specifically aligned to your organization’s desired business outcomes.

    Establish tension metrics to achieve balance

    Don’t ignore the correlation and context between the suites of metrics chosen and how one interacts and affects the other.

    Measuring metrics in isolation may lead to an incomplete picture or undesired technician behavior. Tension metrics help complete the picture and lead to proper actions.

    Adjust those targets

    An arbitrary target on a metric that is consistently met month over month is useless. Each metric should inform the overall performance by combining capable service level management and customer experience programs to prove the value IT is providing to the organization.

    Related Info-Tech Research

    Standardize the Service Desk

    This project will help you build and improve essential service desk processes, including incident management, request fulfillment, and knowledge management, to create a sustainable service desk.

    Take Control of Infrastructure and Operations Metrics

    Make faster decisions and improve service delivery by using the right metrics for the job.

    Analyze Your Service Desk Ticket Data

    Take a data-driven approach to service desk optimization.

    IT Diagnostics: Build a Data-Driven IT Strategy

    Our data-driven programs ask business and IT stakeholders the right questions to ensure you have the inputs necessary to build an effective IT strategy.

    Modernize Your SDLC

    • Buy Link or Shortcode: {j2store}148|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $30,263 Average $ Saved
    • member rating average days saved: 39 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Today’s rapidly scaling and increasingly complex products create mounting pressure on delivery teams to release new features and changes quickly and with sufficient quality.
    • Many organizations lack the critical capabilities and resources needed to satisfy their growing backlog, jeopardizing product success.

    Our Advice

    Critical Insight

    • Delivery quality and throughput go hand in hand. Focus on meeting minimum process and product quality standards first. Improved throughput will eventually follow.
    • Business integration is not optional. The business must be involved in guiding delivery efforts, and ongoing validation and verification product changes.
    • The software development lifecycle (SDLC) must deliver more than software. Business value is generated through the products and services delivered by your SDLC. Teams must provide the required product support and stakeholders must be willing to participate in the product’s delivery.

    Impact and Result

    • Standardize your definition of a successful product. Come to an organizational agreement of what defines a high-quality and successful product. Accommodate both business and IT perspectives in your definition.
    • Clarify the roles, processes, and tools to support business value delivery and satisfy stakeholder expectations. Indicate where and how key roles are involved throughout product delivery to validate and verify work items and artifacts. Describe how specific techniques and tools are employed to meet stakeholder requirements.
    • Focus optimization efforts on most affected stages. Reveal the health of your SDLC from the value delivery, business and technical practice quality standards, discipline, throughput, and governance perspectives with a diagnostic. Identify and roadmap the solutions to overcome the root causes of your diagnostic results.

    Modernize Your SDLC Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should modernize your SDLC, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set your SDLC context

    State the success criteria of your SDLC practice through the definition of product quality and organizational priorities. Define your SDLC current state.

    • Modernize Your SDLC – Phase 1: Set Your SDLC Context
    • SDLC Strategy Template

    2. Diagnose your SDLC

    Build your SDLC diagnostic framework based on your practice’s product and process objectives. Root cause your improvement opportunities.

    • Modernize Your SDLC – Phase 2: Diagnose Your SDLC
    • SDLC Diagnostic Tool

    3. Modernize your SDLC

    Learn of today’s good SDLC practices and use them to address the root causes revealed in your SDLC diagnostic results.

    • Modernize Your SDLC – Phase 3: Modernize Your SDLC
    [infographic]

    Workshop: Modernize Your SDLC

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Set Your SDLC Context

    The Purpose

    Discuss your quality and product definitions and how quality is interpreted from both business and IT perspectives.

    Review your case for strengthening your SDLC practice.

    Review the current state of your roles, processes, and tools in your organization.

    Key Benefits Achieved

    Grounded understanding of products and quality that is accepted across the organization.

    Clear business and IT objectives and metrics that dictate your SDLC practice’s success.

    Defined SDLC current state people, process, and technologies.

    Activities

    1.1 Define your products and quality.

    1.2 Define your SDLC objectives.

    1.3 Measure your SDLC effectiveness.

    1.4 Define your current SDLC state.

    Outputs

    Product and quality definitions.

    SDLC business and technical objectives and vision.

    SDLC metrics.

    SDLC capabilities, processes, roles and responsibilities, resourcing model, and tools and technologies.

    2 Diagnose Your SDLC

    The Purpose

    Discuss the components of your diagnostic framework.

    Review the results of your SDLC diagnostic.

    Key Benefits Achieved

    SDLC diagnostic framework tied to your SDLC objectives and definitions.

    Root causes to your SDLC issues and optimization opportunities.

    Activities

    2.1 Build your diagnostic framework.

    2.2 Diagnose your SDLC.

    Outputs

    SDLC diagnostic framework.

    Root causes to SDLC issues and optimization opportunities.

    3 Modernize Your SDLC

    The Purpose

    Discuss the SDLC practices used in the industry.

    Review the scope and achievability of your SDLC optimization initiatives.

    Key Benefits Achieved

    Knowledge of good practices that can improve the effectiveness and efficiency of your SDLC.

    Realistic and achievable SDLC optimization roadmap.

    Activities

    3.1 Learn and adopt SDLC good practices.

    3.2 Build your optimization roadmap.

    Outputs

    Optimization initiatives and target state SDLC practice.

    SDLC optimization roadmap, risks and mitigations, and stakeholder communication flow.

    Implement Crisis Management Best Practices

    • Buy Link or Shortcode: {j2store}415|cart{/j2store}
    • member rating overall impact (scale of 10): 9.7/10 Overall Impact
    • member rating average dollars saved: $50,532 Average $ Saved
    • member rating average days saved: 42 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • There’s a belief that you can’t know what crisis will hit you next, so you can’t prepare for it. As a result, resilience planning stops at more-specific planning such as business continuity planning or IT disaster recovery planning.
    • Business contingency and IT disaster recovery plans focus on how to resume normal operations following an incident. The missing piece is the crisis management plan – the overarching plan that guides the organization’s initial response, assessment, and action.
    • Organizations without a crisis management plan are far less able to minimize the impact of other crises such as a security breach, health & safety incident, or attacks on their reputation.

    Our Advice

    Critical Insight

    • Effective crisis management has a long-term demonstrable impact on your organization, long after the crisis is resolved. While all organizations can expect a short-term negative impact when a crisis hits, if the crisis is managed well, the research shows that your market capitalization can actually increase long term.
    • Crisis communication is more science than art and should follow a structured approach. Crisis communication is about more than being a good writer or having a social media presence. There are specific messages that must be included, and specific audiences to target, to get the results you need.
    • IT has a critical role in non-IT crises (as well as IT crises). Many crises are IT events (e.g. security breach). For non-IT events, IT is critical in supporting crisis communication and the operational response (e.g. COVID-19 and quickly ramping up working-from-home).

    Impact and Result

    • You can anticipate the types of crisis your organization may face in the future and build flexible plans that can be adapted in a crisis to meet the needs of the moment.
    • Identify potential crises that present a high risk to your organization.
    • Document emergency response and crisis response plans that provide a framework for addressing a range of crises.
    • Establish crisis communication guidelines to avoid embarrassing and damaging communications missteps.

    Implement Crisis Management Best Practices Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement crisis management best practices, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify potential crises and your crisis management team

    Identify, analyze, and prioritized potential crises based on risk to the organization. Set crisis management team roles and responsibilities. Adopt a crisis management framework.

    • Example Crisis Management Process Flowcharts (Visio)
    • Example Crisis Management Process Flowcharts (PDF)
    • Business Continuity Teams and Roles Tool

    2. Document your emergency and crisis response plans

    Document workflows for notification, situational assessment, emergency response, and crisis response.

    • Emergency Response Plan Checklist
    • Emergency Response Plan Summary
    • Emergency Response Plan Staff Instructions
    • Pandemic Response Plan Example
    • Pandemic Policy

    3. Document crisis communication guidelines

    Develop and document guidelines that support the creation and distribution of crisis communications.

    • Crisis Communication Guidelines and Templates

    4. Complete and maintain your crisis management plan

    Summarize your crisis management and response plans, create a roadmap to implement potential improvement projects, develop training and awareness initiatives, and schedule maintenance to keep the plan evergreen.

    • Crisis Management Plan Summary Example
    • BCP Project Roadmap Tool
    • Organizational Learning Guide
    [infographic]

    Workshop: Implement Crisis Management Best Practices

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Potential Crises and Your Crisis Management Team

    The Purpose

    Identify and prioritize relevant potential crises.

    Key Benefits Achieved

    Enable crisis management pre-planning and identify gaps in current crisis management plans.

    Activities

    1.1 Identify high-risk crises.

    1.2 Assign roles and responsibilities on the crisis management team.

    1.3 Review Info-Tech’s crisis management framework.

    Outputs

    List of high-risk crises.

    CMT membership and responsibilities.

    Adopt the crisis management framework and identify current strengths and gaps.

    2 Document Emergency Response and Crisis Management Plans

    The Purpose

    Outline emergency response and crisis response plans.

    Key Benefits Achieved

    Develop and document procedures that enable rapid, effective, and reliable crisis and emergency response.

    Activities

    2.1 Develop crisis notification and assessment procedures.

    2.2 Document your emergency response plans.

    2.3 Document crisis response plans for potential high-risk crises.

    Outputs

    Documented notification and assessment workflows.

    Emergency response plans and checklists.

    Documented crisis response workflows.

    3 Document Crisis Communication Guidelines

    The Purpose

    Define crisis communication guidelines aligned with an actionable crisis communications framework.

    Key Benefits Achieved

    Document workflows and guidelines support crisis communications.

    Activities

    3.1 Establish the elements of baseline crisis communications.

    3.2 Identify audiences for the crisis message.

    3.3 Modify baseline communication guidelines based on audience and organizational responsibility.

    3.4 Create a vetting process.

    3.5 Identify communications channels.

    Outputs

    Baseline communications guidelines.

    Situational modifications to crisis communications guidelines.

    Documented vetting process.

    Documented communications channels

    4 Complete and Maintain Your Crisis Management Plan

    The Purpose

    Summarize the crisis management plan, establish an organizational learning process, and identify potential training and awareness activities.

    Key Benefits Achieved

    Plan ahead to keep your crisis management practice evergreen.

    Activities

    4.1 Review the CMP Summary Template.

    4.2 Create a project roadmap to close gaps in the crisis management plan.

    4.3 Outline an organizational learning process.

    4.4 Schedule plan reviews, testing, and updates.

    Outputs

    Long-term roadmap to improve crisis management capabilities.

    Crisis management plan maintenance process and awareness program.

    Security Strategy

    • Buy Link or Shortcode: {j2store}42|cart{/j2store}
    • Related Products: {j2store}42|crosssells{/j2store}
    • member rating overall impact (scale of 10): 9.4/10
    • member rating average dollars saved: $33,431
    • member rating average days saved: 29
    • Parent Category Name: Security and Risk
    • Parent Category Link: /security-and-risk

    The challenge

    You may be experiencing one or more of the following:

    • You may not have sufficient security resources to handle all the challenges.
    • Security threats are prevalent. Yet many businesses struggle to embed systemic security thinking into their culture.
    • The need to move towards strategic planning of your security landscape is evident. How to get there is another matter.

    Our advice

    Insight

    To have a successful information security strategy, take these three factors into account:

    • Holistic: your view must include people, processes, and technology.
    • Risk awareness: Base your strategy on the actual risk profile of your company. And then add the appropriate best practices.
    • Business-aligned: When your strategic security plan demonstrates alignment with the business goals and supports it, embedding will go much more straightforward.

    Impact and results 

    • We have developed a highly effective approach to creating your security strategy. We tested and refined this for more than seven years with hundreds of different organizations.
    • We ensure alignment with business objectives.
    • We assess organizational risk and stakeholder expectations.
    • We enable a comprehensive current state assessment.
    • And we prioritize initiatives and build out a right-sized security roadmap.

     

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get up to speed

    Read up on why you should build your customized information security strategy. Review our methodology and understand the four ways we can support you.

    Assess the security requirements

    It all starts with risk appetite, yes, but security is something you want to get right. Determine your organizations' security pressures and business goals, and then determine your security program's goals.

    • Build an Information Security Strategy – Phase 1: Assess Requirements
    • Information Security Requirements Gathering Tool (xls)
    • Information Security Pressure Analysis Tool (xls)

    Build your gap initiative

    Our best-of-breed security framework makes you perform a gap analysis between where you are and where you want to be (your target state). Once you know that, you can define your goals and duties.

    • Build an Information Security Strategy – Phase 2: Assess Gaps
    • Information Security Program Gap Analysis Tool (xls)

    Plan the implementation of your security strategy 

    With your design at this level, it is time to plan your roadmap.

    • Build an Information Security Strategy – Phase 3: Build the Roadmap

    Let it run and continuously improve. 

    Learn to use our methodology to manage security initiatives as you go. Identify the resources you need to execute the evolving strategy successfully.

    • Build an Information Security Strategy – Phase 4: Execute and Maintain
    • Information Security Strategy Communication Deck (ppt)
    • Information Security Charter (doc)

     

    Plan Your Digital Transformation on a Page

    • Buy Link or Shortcode: {j2store}81|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: $34,649 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • Digital investments often under deliver on expectations of return, and there is no cohesive approach to managing the flow of capital into digital.
    • The focus of the business has historically been to survive technological disruption rather than to thrive in it.
    • Strategy is based mostly on opinion rather than an objective analysis of the outcomes customers want from the organization.
    • Digital is considered a buzzword – nobody has a clear understanding of what it is and what it means in the organization’s context.

    Our Advice

    Critical Insight

    • The purpose of going digital is getting one step closer to the customer. The mark of a digital organization lies in how they answer the question, “How does what we’re doing contribute to what the customer wants from us?”
    • The goal of digital strategy is digital enablement. An organization that is digitally enabled no longer needs a digital strategy, it’s just “the strategy.”

    Impact and Result

    • Focus strategy making on delivering the digital outcomes that customers want.
      • Leverage the talent, expertise, and perspectives within the organization to build a customer-centric digital strategy.
    • Design a balanced digital strategy that creates value across the five digital value pools:
      • Digital marketing, digital channels, digital products, digital supporting capabilities, and business model innovation.
    • Ask how disruption can be leveraged, or even become the disruptor.
      • Manage disruption through quick-win approaches and empowering staff to innovate.
    • Use a Digital Strategy-on-a-Page to spark the digital transformation.
      • Drive awareness and alignment on the digital vision and spark your organization’s imagination around digital.

    Plan Your Digital Transformation on a Page Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand how digital disruption is driving the need for transformation, and how Info-Tech’s methodology can help.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Scope the digital transformation

    Learn how to apply the Digital Value Pools thought model and scope strategy around them.

    • Plan Your Digital Transformation on a Page – Phase 1: Scope the Digital Transformation

    2. Design the digital future state vision

    Identify business imperatives, define digital outcomes, and define the strategy’s guiding principles.

    • Plan Your Digital Transformation on a Page – Phase 2: Design the Digital Future State Vision
    • Digital Strategy on a Page

    3. Define the digital roadmap

    Define, prioritize, and roadmap digital initiatives and plan contingencies.

    • Plan Your Digital Transformation on a Page – Phase 3: Define the Digital Roadmap

    4. Sustain digital transformation

    Create, polish, and socialize the Digital Strategy-on-a-Page.

    • Plan Your Digital Transformation on a Page – Phase 4: Sustain Digital Transformation
    [infographic]

    Workshop: Plan Your Digital Transformation on a Page

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Scope the Digital Transformation

    The Purpose

    Identify the need for and use of digital strategy and determine a realistic scope for the digital strategy.

    Key Benefits Achieved

    The digital strategy project is planned and scoped around a subset of the five digital value pools.

    Activities

    1.1 Introduction to digital strategy.

    1.2 Establish motivation for digital.

    1.3 Discuss in-flight digital investments.

    1.4 Define the scope of digital.

    1.5 Identify stakeholders.

    1.6 Perform discovery interviews.

    1.7 Select two value pools to focus day 2, 3, and 4 activities.

    Outputs

    Business model canvas

    Stakeholder power map

    Discovery interview results

    Two value pools for focus throughout the workshop

    2 Design the Digital Future State Vision

    The Purpose

    Create guiding principles to help define future digital initiatives. Generate the target state with the help of strategic goals.

    Key Benefits Achieved

    Establish the basis for planning out the initiatives needed to achieve the target state from the current state.

    Activities

    2.1 Identify digital imperatives.

    2.2 Define key digital outcomes.

    2.3 Create a digital investment thesis.

    2.4 Define digital guiding principles.

    Outputs

    Corporate strategy analysis, PESTLE analysis, documented operational pain points (value streams)

    Customer needs assessment (journey maps)

    Digital investment thesis

    Digital guiding principles

    3 Define the Digital Roadmap

    The Purpose

    Understand the gap between the current and target state. Create transition options and assessment against qualitative and quantitative metrics to generate a list of initiatives the organization will pursue to reach the target state. Build a roadmap to plan out when each transition initiative will be implemented.

    Key Benefits Achieved

    Finalize the initiatives the organization will use to achieve the target digital state. Create a roadmap to plan out the timing of each initiative and generate an easy-to-present document for digital strategy approval.

    Activities

    3.1 Identify initiatives to achieve digital outcomes.

    3.2 Align in-flight initiatives to digital initiatives.

    3.3 Prioritize digital initiatives.

    3.4 Document architecturally significant requirements for high-priority initiatives.

    Outputs

    Digital outcomes and KPIs

    Investment/value pool matrix

    Digital initiative prioritization

    Architecturally significant requirements for high-priority initiatives

    4 Define the Digital Roadmap

    The Purpose

    Plan your approach to socializing the digital strategy to help facilitate the cultural changes necessary for digital transformation.

    Key Benefits Achieved

    Plant the seed of digital and innovation to start making digital a part of the organization’s DNA.

    Activities

    4.1 Review and refine Digital Strategy on a Page.

    4.2 Assess company culture.

    4.3 Define high-level cultural changes needed for successful transformation.

    4.4 Define the role of the digital transformation team.

    4.5 Establish digital transformation team membership and desired outcomes.

    Outputs

    Digital Strategy on a Page

    Strategyzer Culture Map

    Digital transformation team charter

    IT Talent Trends 2022

    • Buy Link or Shortcode: {j2store}541|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: People & Leadership
    • Parent Category Link: /people-and-leadership

    Business and IT leaders aiming to build and keep successful teams in 2022 must:

    • Optimize IT in the face of a competitive labor market.
    • Build or maintain a culture of diversity, equity, and inclusion.
    • Manage the monumental shift to the new normal of remote work.
    • Weather the Great Resignation and come out on top.
    • Correctly assess development areas for their teams.
    • Justify investing in IT talent.

    Our Advice

    Critical Insight

    • If 2021 was about beginning to act on employee needs, 2022 will be about strategically examining each trend to ensure that the organization's promises to take action are more than lip service.
    • Employees have always been able to see through disingenuous attempts to engage them, but in 2022 the stakes are higher due to increased talent mobility.

    Impact and Result

    This report includes:

    • A concise, executive-ready trend report.
    • Data and insights from IT organizations from around the world.
    • Steps to take for each of the trends depending on your current maturity level.
    • Examples and case studies.
    • Links to in-depth Info-Tech research and tools.

    IT Talent Trends 2022 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. IT Talent Trends Report for 2022 – A report to help you incorporate new ways of working into your business to build and keep the best team.

    Discover Info-Tech’s 2022 talent trends for IT leaders, which will provide insight into taking a strategic approach to navigate the post-pandemic IT talent landscape.

    • IT Talent Trends Report for 2022

    Infographic

    Further reading

    IT Talent Trends 2022

    The last two years have been a great experiment … but it’s not over yet.

    Incorporate new ways of working into your business to build and keep the best team.

    Over the past two years, organizations have ventured into unprecedented ways of working and supporting their employees, as they tried to maintain productivity through the pandemic. This experiment has made lasting changes to both business models and employee expectations, and these effects will continue to be seen long after we return to a “new normal.”

    While the pandemic forced us to work differently for the past two years, looking forward, successful organizations will incorporate new ways of working into their business models – beyond simply having a remote work policy.

    How we work, source roles, and develop talent continue to evolve as we navigate a different world with employees being more vocal in their desires, and leaders continue to play a key role.

    The IT talent market will never be the same, and organizations must reevaluate their employee experience from the bottom up to successfully weather the shift to the new normal.

    IT Talent Trends 2022

    Strategic Recruiting Finds Good Talent

    Finding talent in a strained talent market requires a marketing approach. Posting a job description isn’t enough.

    The (Not So) Great Resignation

    IT is faring better than other functions; however, specific industries need to pay attention.

    Grow Your DEI Practices Into Meaningful Actions

    Good intentions are not enough.

    Remote Work Is Here – Can Your Culture Adapt?

    The Great Experiment is over. Are leaders equipped to capitalize on its promises?

    Management Skills Drive Success in a Remote World

    Despite the need for remote team management training, it is still not happening.

    The pandemic has clarified employees’ needs and amplified their voices

    If 2021 was about beginning to act on employee needs, 2022 will be about strategically examining each trend to ensure that the actions taken by the organization are more than lip service.

    Employees have always been able to see through disingenuous attempts to engage them, but in 2022 the stakes are higher due to increased talent mobility.

    Trends that were just starting to come into focus last year have established themselves as critical determinants of the employee experience in 2022.

    2021

    DEI: A Top Talent ObjectiveRemote Work Is Here to StayUncertainty Unlocks PerformanceA Shift in Skills PrioritiesA Greater Emphasis on Wellbeing
    Arrow pointing down.Joiner pointing down.Joiner pointing down.

    2022

    Strategic Recruiting Finds Good Talent

    Finding talent in a strained talent market requires a marketing approach. Posting a job description isn’t enough.

    The (Not So) Great Resignation

    IT is faring better than other functions; however, specific industries need to pay attention.

    Grow Your DEI Practices Into Meaningful Actions

    Good intentions are not enough.

    Remote Work Is Here – Can Your Culture Adapt?

    The Great Experiment is over. Are leaders equipped to capitalize on its promises?

    Management Skills Drive Success in a Remote World

    Despite the need for remote team management training, it is still not happening.

    What employees are looking for is changing

    Superficial elements of traditional office culture were stripped away by the quick shift to a remote environment, giving employees the opportunity to reevaluate what truly matters to them in a job.

    The biggest change from 2019 (pre-pandemic) to today is increases in the importance of culture, flexible/remote work, and work-life balance.

    Organizations that fail to keep up with this shift in priorities will see the greatest difficulty in hiring and retaining staff.

    As an employee, which of the following would be important to you when considering a potential employer?

    2019 2021
    Flexible Work Pie graph representing response percentages from employees regarding importance of these factors. Flexible Work: 2019, Very 46%, Somewhat 49%, Not at All 5%.
    n=275
    Arrow pointing right. Pie graph representing response percentages from employees regarding importance of these factors. Flexible Work: 2021, Very 76%, Somewhat 21%, Not at All 2%.
    n=206
    Work-Life Balance Pie graph representing response percentages from employees regarding importance of these factors. Work-Life Balance: 2019, Very 67%, Somewhat 30%, Not at All 3%.
    n=277
    Arrow pointing right. Pie graph representing response percentages from employees regarding importance of these factors. Work-Life Balance: 2021, Very 80%, Somewhat 18%, Not at All 1%.
    n=206
    Culture Pie graph representing response percentages from employees regarding importance of these factors. Culture: 2019, Very 68%, Somewhat 31%, Not at All 1%.
    n=277
    Arrow pointing right. Pie graph representing response percentages from employees regarding importance of these factors. Culture: 2021, Very 81%, Somewhat 19%, Not at All 0%.
    n=206
    Source: Info-Tech Talent Trends Survey data collected in 2019 and 2021 Purple Very Important
    Blue Somewhat Important
    Green Not at All Important

    IT’s top talent priorities in 2022

    IT’s top Talent priorities reflect a post-pandemic focus on optimizing talent to fulfill strategic objectives: Top challenges for IT departments, by average rank, with 1 being the top priority.

    Important

    In the 2022 IT Talent Trends Survey, IT departments’ top priorities continue to be learning and innovation in support of organizational objectives. —› Enabling leaning and development within IT
    —› Enabling departmental innovation
    5.01
    5.54
    With employees being clearer and more vocal about their needs than ever before, employee experience has risen to the forefront of IT’s concern as a key enabler of strategic objectives. —› Providing a great employee experience for IT 5.66
    Supporting departmental change 6.01
    With organizations finally on the way to financial stability post pandemic, recruiting is a major focus. —› Recruiting (e.g. quickly filling vacant roles in IT with quality external talent) 6.18
    However, IT’s key efforts are threatened by critical omissions: Fostering a positive employee relations climate in the department 6.32
    Despite a focus on learning and development, leadership skills are not yet a top focus. —› Developing the organization's IT leaders 6.33
    Rapidly moving internal IT employees to staff strategic priorities 6.96
    Facilitating data-driven people decisions within IT 7.12
    Controlling departmental labor costs and maximizing the value of the labor spend 7.13
    Despite the need to provide a great employee experience, the focus on diversity, equity, and inclusion is low. —› Fostering an environment of diversity, equity, and inclusion in the department 7.31
    Despite prioritizing recruiting, IT departments see candidate experience as a last priority, either not focusing on it or relegating it to HR. —› Providing a great candidate experience for IT candidates 8.43
    (n=227)

    IT Talent Trends 2022

    Look beneath the surface of the trends to navigate them successfully

    Above Ground
    Focusing on what you see 'Above the line" won't solve the problem.

    Talent isn't a checklist.

    Strategic Recruiting Finds Good Talent

    Finding talent in a strained talent market requires a marketing approach. Posting a job description isn't enough.
    • The number of job openings increased to 11.4 million on the last business day of October, up from 10.6 million in September (US Bureau of Labor Statistics, Dec. 2021)

    The (Not So) Great Resignation

    IT is faring better than other functions; however, specific industries need to pay attention.
    • In September, in the US, 4.4 million people left their jobs. That number dropped to 4.2 million in October. (US Labor Stats, Dec. 2021)
    • 30% of workers will likely switch jobs if they have to return to the office full time. (McKinsey, Dec. 2021)

    Grow Your DEI Practices Into Meaningful Actions

    Good intentions are not enough.
    • 95% of organizations are focusing on DEI. (2022 HR Trends Report)
    • 48% of IT departments have delivered training on DEI over the past year.

    Remote Work is Here. Can Your Culture Adapt?

    The Great Experiment is over. Are you equipped to capitalize on its promises?
    • 85% of organizations saw the same or higher productivity during the pandemic.
    • 91% of organizations are continuing remote work.

    Management Skills Drive Success in a Remote World

    Despite the need for remote team management training, it is still not happening.
    • 72% of IT departments report high effectiveness at managing remote staff.
    • Learning and development is IT's top priority.
    Cross-section of the Earth and various plants with their root systems, highlighting the world above ground and below.
    Beneath the Surface
    For each trend, a strategic approach to get "under the line" will help form your response.

    Talent needs a holistic approach, as under the line everything is connected. If you are experiencing challenges in one area, analyzing data (e.g. engagement, exit surveys, effectiveness of DEI program and leader training) can help drive overall experience.

    • 100% of job seekers cite culture as somewhat to very important.
    • Only 40% of employers advertise culture in job postings.
    • 70% of IT departments state voluntary turnover is less than 10%
    • Top reasons for resignation are salary, development, and opportunity for innovative work.
    • Resignation rates were higher in fields that had experienced extreme stress due to the pandemic (HBR, Dec. 2021)
    • Senior leadership is overestimating their own commitment to DEI.
    • Most IT departments are not driving their own DEI initiatives.
    • Without effectively measuring DEI practices, organizations will see 1.6x more turnover. (2022 HR Trends Report)
    • Senior leadership is not open to remote work in 23% of organizations.
    • Without leadership support, employees will not buy into remote work initiatives.
    • A remote work policy will not bring organizational benefits without employee buy-in.
    • 75% of senior managers believe remote team management is highly effective, but only 60% of frontline staff agree.
    • Training focuses on technical skills, to the exclusion of soft skills, including management and leadership.
    Solutions
    Recommendations depending on your department's maturity level.
    Attention is required for candidate experience underpinned by a realistic employee value proposition. Gather and review existing data (e.g. early retirements, demographics) to understand your turnover rate. Use employee engagement tools to gauge employee sentiment among impacted groups and build out an engagement strategy to meet those needs. Conduct a cultural assessment to reveal hidden biases that may stand in the way of remote work efficacy. Provide management training on performance management and development coaching.

    Logo for Info-Tech.Logo for ITRG.

    This report is based on organizations just like yours

    Survey timeline = October 2021
    Total respondents = 245 IT professionals

    Geospatial map of survey responses shaded in accordance with the percentages listed below.
    01 United States 45% 08 Middle East 2%
    02 Canada 23% 09 Other (Asia) 2%
    03 Africa 8% 10 Germany 1%
    04 Great Britain 6% 11 India 1%
    05 Latin America, South America or Caribbean 4% 12 Netherlands 1%
    06 Other (Europe) 4% 13 New Zealand 1%
    07 Australia 2% (N-245)

    A bar chart titled 'Please estimate your organization's revenue in US$ (Use operating budget if you are a public-sector organization)' measuring survey responses. '$0 - less than 1M, 7%', '$1M - less than 5M, 4%', '$5M - less than 10M, 4%', '$10M - less than 25M, 6%', '$25M - less than 50M, 5%', '$50M - less than 100M, 13%', '$100M - less than 500M, 24%', '$500M - less than 1B, 9%', '1B - less than 5B, 22%', '$5B+, 8%'. (n=191)

    This report is based on organizations just like yours

    Industry

    Bar chart measuring percentage of survey respondents by industry. The largest percentages are from 'Government', 'Manufacturing', 'Media, information, Telecom & Technology', and 'Financial Services (including banking & insurance)'.

    Info-Tech IT Maturity Model

    Stacked bar chart measuring percentage of survey respondents by IT maturity level. Innovator is 7.11%, Business Partner is 16.44%, Trusted Operator is 24.89%, Firefighter is 39.11%, and Unstable is 12.44%.
    (n=225)

    Innovator – Transforms the Business
    Reliable Technology Innovation

    Business Partner – Expands the Business
    Effective Execution Projects, Strategic Use of Analytics and Customer Technology

    Trusted Operator – Optimizes Business
    Effective Fulfillment of Work Orders, Functional Business Applications, and Reliable Data Quality

    Firefighter – Supports the Business
    Reliable Infrastructure and IT Service Desk

    Unstable – Struggles to Support
    Inability to Provide Reliable Business Services

    This report is based on people just like you

    Which of the following ethnicities (ethnicity refers to a group with a shared or common identity, culture, and/or language) do you identify with? Select all that apply. What gender do you identify most with?
    A pie chart measuring percentage of survey respondents by ethnicity. Answers are 'White (e.g. European, North America), 59%', 'Asian (e.g. Japan, India, Philippines, Uzbekistan), 12%', 'Black (e.g. Africa, Caribbean, North America), 12%', 'Latin/Hispanic (e.g. Cuba, Guatemala, Spain, Brazil), 7%', 'Middle Eastern (e.g. Lebanon, Libya, Iran), 4%', 'Indigenous (e.g. First Nations, Inuit, Metis, Maori), 3%', 'Indo-Caribbean (e.g. Trinidad & Tobago, Guyana, St. Vincent), 3%'.
    (N=245)
    A pie chart measuring percentage of survey respondents by gender. Answers are 'Male, 67%', 'Female, 24%', 'Prefer not to answer, 5%', 'No Specification, 4%', 'Intersex, 0%'.
    (n=228)

    This report is based on people just like you

    What is your sub-department of IT? Which title best describes your position?
    Bar chart measuring percentage of survey respondents by sub-department. The top three answers are 'Senior Leadership', 'Infrastructure and Operations', and 'Application Development'.
    (n=227)
    Bar chart measuring percentage of survey respondents by title. The top four answers are 'Director-level, 29%', 'Manager, 22%', 'C-Level Officer, 18%', and 'VP-level, 11%.'
    (N=245)

    IT Talent Trends 2022

    Each trend is introduced with key questions you can ask yourself to see how your department fares in that area.

    The report is based on statistics from a survey of 245 of your peers.

    It includes recommendations of next steps and a key metric to track your success.

    It lists Info-Tech resources that you, as a member, can leverage to begin your journey to improve talent management in your department.

    Strategic Recruiting Finds Good Talent

    Finding talent in a strained talent market requires a marketing approach. Posting a job description isn’t enough.

    The (Not So) Great Resignation

    IT is faring better than other functions; however, specific industries need to pay attention.

    Grow Your DEI Practices Into Meaningful Actions

    Good intentions are not enough.

    Remote Work Is Here – Can Your Culture Adapt?

    The Great Experiment is over. Are leaders equipped to capitalize on its promises?

    Management Skills Drive Success in a Remote World

    Despite the need for remote team management training, it is still not happening.

    The report is based on data gathered from Info-Tech Research Group’s 2022 IT Talent Trends Survey. The data was gathered in September and October of 2021.

    Strategic Recruiting Finds Good Talent

    Trend 1 | The Battle to Find and Keep Talent

    As the economy has stabilized, more jobs have become available, creating a job seeker’s market. This is a clear sign of confidence in the economy, however fragile, as new waves of the pandemic continue.

    Info-Tech Point of View

    Recruiting tactics are an outcome of a well-defined candidate experience and employee value proposition.

    Introduction

    Cross-section of a plant and its roots, above and below ground. During our interviews, members that focused on sharing their culture with a strong employee value proposition were more likely to be successful in hiring their first-choice candidates.
    Questions to ask yourself
    • Do you have a well-articulated employee value proposition?
    • Are you using your job postings to market your company culture?
    • Have you explored multiple channels for posting jobs to increase your talent pool of candidates?

    47% of respondents are hiring external talent to fill existing gaps, with 40% using external training programs to upgrade current employees. (Info-Tech IT Talent Trends 2022 Survey)

    In October, the available jobs (in the USA) unexpectedly rose to 11 million, higher than the 10.4 million experts predicted. (CNN Business, 2021)

    Where has all the talent gone?

    IT faces multiple challenges when recruiting for specialized talent

    Talent scarcity is focused in areas with specialized skill sets such as security and architecture that are dynamic and evolving faster than other skill sets.

    “It depends on what field you work in,” said ADP chief economist Nela Richardson. “There were labor shortages in those fields pre-pandemic and two years forward, there is even more demand for people with those skills” (CNBC, 19 Nov. 2021).

    37% of IT departments are outsourcing roles to fill internal skill shortages. (Info-Tech Talent Trends 2022 Survey)

    Roles Difficult to Fill

    Horizontal bar chart measuring percentage of survey responses about which roles are most difficult to fill. In order from most difficult to least they are 'Security (n=177)', 'Enterprise Architecture (n=172)', 'Senior Leadership (n=169)', 'Data & Business Intelligence (n=171)', 'Applications Development (n=177)', 'Infrastructure & Operations (n=181)', 'Business Relationship Management (n=149)', 'Project Management (n=175)', 'Vendor Management (n=133)', 'Service Desk (n=184)'.(Info-Tech Talent Trends 2022 Survey)

    Case Study: Using culture to drive your talent pool

    This case study is happening in real time. Please check back to learn more as Goddard continues to recruit for the position.

    Recruiting at NASA

    Goddard Space Center is the largest of NASA’s space centers with approximately 11,000 employees. It is currently recruiting for a senior technical role for commercial launches. The position requires consulting and working with external partners and vendors.

    NASA is a highly desirable employer due to its strong culture of inclusivity, belonging, teamwork, learning, and growth. Its culture is anchored by a compelling vision, “For the betterment of Humankind,” and amplified by a strong leadership team that actively lives their mission and vision daily.

    Firsthand lists NASA as #1 on the 50 most prestigious internships for 2022.

    Rural location and no flexible work options add to the complexity of recruiting

    The position is in a rural area of Eastern Shore Virginia with a population of approximately 60,000 people, which translates to a small pool of candidates. Any hire from outside the area will be expected to relocate as the senior technician must be onsite to support launches twice a month. Financial relocation support is not offered and the position is a two-year assignment with the option of extension that could eventually become permanent.

    Photo of Steve Thornton, Acting Division Chief, Solutions Division, Goddard Space Flight Center, NASA.

    “Looking for a Talent Unicorn; a qualified, experienced candidate with both leadership skills and deep technical expertise that can grow and learn with emerging technologies.”

    Steve Thornton
    Acting Division Chief, Solutions Division,
    Goddard Space Flight Center, NASA

    Case Study: Using culture to drive your talent pool

    A good brand overcomes challenges

    Culture takes the lead in NASA's job postings, which attract a high number of candidates. Postings begin with a link to a short video on working at NASA, its history, and how it lives its vision. The video highlights NASA's diversity of perspectives, career development, and learning opportunities.

    NASA's company brand and employer brand are tightly intertwined, providing a consistent view of the organization.

    The employer vision is presented in the best place to reach NASA's ideal candidate: usajobs.gov, the official website of the United States Government and the “go-to” for government job listings. NASA also extends its postings to other generic job sites as well as LinkedIn and professional associations.

    Photo of Robert Leahy, Chief Information Officer, Goddard Space Flight Center, NASA.

    Interview with Robert Leahy
    Chief Information Officer
    Goddard Space Flight Center, NASA

    “Making sure we have the tools and mechanisms are two hiring challenges we are going to face in the future as how we work evolves and our work environment changes. What will we need to consider with our job announcements and the criteria for selecting employees?”

    Liteshia Dennis,
    Office Chief, Headquarter IT Office, Goddard Space Flight Center, NASA

    The ability to attract and secure candidates requires a strategy

    Despite prioritizing recruiting, IT departments see candidate experience as THE last Priority, either not focusing on it or relegating it to HR

    Candidate experience is listed as one of the bottom IT challenges, but without a positive experience, securing the talent you want will be difficult.

    Candidate experience starts with articulating your unique culture, benefits, and opportunities for development and innovative work as well as outlining flexible working options within an employer brand. Defining an employee value proposition is key to marketing your roles to potential employees.

    81% of respondents' rate culture as very important when considering a potential employer. (Info-Tech IT Talent Trends 2022 Survey)

    Tactics Used in Job Postings to Position the Organization Favorably as a Potential Employer

    Horizontal bar chart measuring percentage of survey responses about tactics used in job postings. The top tactics are 'Culture, 40%', 'Benefits, 40%', 'Opportunity for Innovative Work, 30%', and 'Professional Development, 30%'.(Info-Tech IT Talent Trends 2022 Survey)

    Case Study: Increasing talent pool at Info-Tech Research Group

    Strong sales leads to growth in operation capacity

    Info-Tech Research Group is an IT research & advisory firm helping IT leaders make strategic, timely, and well-informed decisions. Our actionable tools and analyst guidance ensure IT organizations achieve measurable results.

    The business has grown rapidly over the last couple of years, creating a need to recruit additional talent who were highly skilled in technical applications and approaches.

    In response, approval was given to expand headcount within Research for fiscal year 2022 and to establish a plan for continual expansion as revenue continues to grow.

    Looking for deep technical expertise with a passion for helping our members

    Hiring for our research department requires talent who are typically subject matter experts within their own respective IT domains and interested in and capable of developing research and advising clients through calls and workshops.

    This combination of skills, experience, and interest can be challenging to find, especially in an IT labor market that is more competitive than ever.

    Photo of Tracy-Lynn Reid, Practice Lead.

    Interview with Practice Lead Tracy-Lynn Reid

    Focus on Candidate Experience increases successful hire rate

    The senior leadership team established a project to focus on recruiting for net-new and open roles. A dedicated resource was assigned and used guidance from our research to enhance our hiring process to reduce time to hire and expand our candidate pool. Senior leaders stayed actively involved to provide feedback.

    The hiring process was improved by including panel interviews with interview protocols and a rubric to evaluate all candidates equitably.

    The initial screening conversation now includes a discussion on benefits, including remote and flexible work offerings, learning and development budget, support for post-secondary education, and our Buy-a-Book program.

    As a result, about 70% of the approved net-new headcount was hired within 12 weeks, with recruitment ongoing.

    2020 Security Priorities Report

    • Buy Link or Shortcode: {j2store}245|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting

    Use this deck to learn what projects security practitioners are prioritizing for 2020. Based on a survey of 460 IT security professionals, this report explains what you need to know about the top five priorities, including:

    • Signals and drivers
    • Benefits
    • Critical uncertainties
    • Case study
    • Implications

    While the priorities should in no way be read as prescriptive, this research study provides a high-level guide to understand that priorities drive the initiatives, projects, and responsibilities that make up organizations' security strategies.

    Our Advice

    Critical Insight

    There is always more to do, and if IT leaders are to grow with the business, provide meaningful value, and ascend the ladder to achieve true business partner and innovator status, aggressive prioritization is necessary. Clearly, security has become a priority across organizations, as security budgets have continued to increase over the course of 2019. 2020’s priorities highlight that data security has become the thread that runs through all other security priorities, as data is now the currency of the modern digital economy. As a result, data security has reshaped organizations’ priorities to ensure that data is always protected.

    Impact and Result

    Ultimately, understanding how changes in technology and patterns of work stand to impact the day-to-day lives of IT staff across seniority and industries will allow you to evaluate what your priorities should be for 2020. Ensure that you’re spending your time right. Use data to validate. Prioritize and implement.

    2020 Security Priorities Report Research & Tools

    Start here – read the Executive Brief

    This storyboard will help you understand what projects security practitioners are prioritizing for 2020.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Data security

    Data security often rubs against other organizational priorities like data quality, but organizations need to understand that the way they store, handle, and dispose of data is now under regulatory oversight.

    • 2020 Security Priorities Report – Priority 1: Data Security

    2. Cloud security

    Cloud security means that organizations can take advantage of automation tools not only for patching and patch management but also to secure code throughout the SDLC. It is clear that cloud will transform how security is performed.

    • 2020 Security Priorities Report – Priority 2: Cloud Security

    3. Email security

    Email security is critical, since email continues to be one of the top points of ingress for cyberattacks from ransomware to business email compromise.

    • 2020 Security Priorities Report – Priority 3: Email Security

    4. Security risk management

    Security risk management requires organizations to make decisions based on their individual risk tolerance on such things as machine learning and IoT devices.

    • 2020 Security Priorities Report – Priority 4: Security Risk Management

    5. Security awareness and training

    Human error continues to be a security issue. In 2020, organizations should tailor their security awareness and training to their people so that they are more secure not only at work but also in life.

    • 2020 Security Priorities Report – Priority 5: Security Awareness and Training
    [infographic]

    Deliver a Customer Service Training Program to Your IT Department

    • Buy Link or Shortcode: {j2store}484|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $4,339 Average $ Saved
    • member rating average days saved: 6 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • The scope of service that the service desk must provide has expanded. With the growing complexity of technologies to support, it becomes easy to forget the customer service side of the equation. Meanwhile, customer expectations for prompt, frictionless, and exceptional service from anywhere have grown.
    • IT departments struggle to hire and retain talented service desk agents with the right mix of technical and customer service skills.
    • Some service desk agents don’t believe or understand that customer service is an integral part of their role.
    • Many IT leaders don’t ask for feedback from users to know if there even is a customer service problem.

    Our Advice

    Critical Insight

    • There’s a common misconception that customer service skills can’t be taught, so no effort is made to improve those skills.
    • Even when there is a desire to improve customer service, it’s hard for IT teams to make time for training and improvement when they’re too busy trying to keep up with tickets.
    • A talented service desk agent with both great technical and customer service skills doesn’t have to be a rare unicorn, and an agent without innate customer service skills isn’t a lost cause. Relevant and impactful customer service habits, techniques, and skills can be taught through practical, role-based training.
    • IT leaders can make time for this training through targeted, short modules along with continual on-the-job coaching and development.

    Impact and Result

    • Good customer service is critical to the success of the service desk. How a service desk treats its customers will determine its customers' satisfaction with not only IT but also the company as a whole.
    • Not every technician has innate customer service skills. IT managers need to provide targeted, practical training on what good customer service looks like at the service desk.
    • One training session is not enough to make a change. Leaders must embed the habits, create a culture of engagement and positivity, provide continual coaching and development, regularly gather customer feedback, and seek ways to improve.

    Deliver a Customer Service Training Program to Your IT Department Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should deliver customer service training to your team, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Deliver a Customer Service Training Program to Your IT Department – Executive Brief
    • Deliver a Customer Service Training Program to Your IT Department Storyboard

    1. Deliver customer service training to your IT team

    Understand the importance of customer service training, then deliver Info-Tech's training program to your IT team.

    • Customer Service Training for the Service Desk – Training Deck
    • Customer Focus Competency Worksheet
    • Cheat Sheet: Service Desk Communication
    • Cheat Sheet: Service Desk Written Communication
    [infographic]

    Set Meaningful Employee Performance Measures

    • Buy Link or Shortcode: {j2store}597|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Manage & Coach
    • Parent Category Link: /manage-coach
    • Despite the importance of performance measures, most organizations struggle with choosing appropriate metrics and standards of performance for their employees.
    • Performance measures are often misaligned with the larger strategy, gamed by employees, or too narrow to provide an accurate picture of employee achievements.
    • Additionally, many organizations track too many metrics, resulting in a bureaucratic nightmare with little payoff.

    Our Advice

    Critical Insight

    • Focus on what matters by aligning your departmental goals with the enterprise's mission and business goals. Break down departmental goals into specific goals for each employee group.
    • Employee engagement, which results in better performance, is directly correlated with employees’ understanding what is expected of them on the job and with their performance reviews reflecting their actual contributions.
    • Shed unnecessary metrics in favor of a lean, holistic approach to performance measurement. Include quantitative, qualitative, and behavioral dimensions in each goal and set appropriate measures for each dimension to meet simple targets. This encourages well-rounded behaviors and discourages rogue behavior.
    • Get rid of the stick-and-carrot approach to management. Use performance measurement to inspire and engage employees, not punish them.

    Impact and Result

    • Learn about and leverage the McLean & Company framework and process to effective employee performance measurement setting.
    • Plan effective communications and successfully manage departmental employee performance measurement by accurately recording goals, measures, and requirements.
    • Find your way through the maze of employee performance management with confidence.

    Set Meaningful Employee Performance Measures Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set Meaningful Employee Performance Measures Storyboard – This deck provides a comprehensive framework for setting, communicating, and reviewing employee performance measures that will drive business results

    This research will help you choose an appropriate measurement framework, set effective measures. and communicate and review your performance measures. Use Info-Tech's process to set meaningful measures that will inspire employees and drive performance.

    • Set Meaningful Employee Performance Measures Storyboard

    2. Employee Performance Measures Goals Cascade – A tool to assist you in turning your organizational goals into meaningful individual employee performance measures.

    This tool will help you set departmental goals based on organizational mission and business goals and choose appropriate measures and weightings for each goal. Use this template to plan a comprehensive employee measurement system.

    • Employee Performance Measures Goals Cascade

    3. Employee Performance Measures Template – A template for planning and tracking your departmental goals, employee performance measures, and reporting requirements.

    This tool will help you set departmental goals based on your organizational mission and business goals, choose appropriate measures and weightings for each goal, and visualize you progress toward set goals. Use this template to plan and implement a comprehensive employee measurement system from setting goals to communicating results.

    • Employee Performance Measures Template

    4. Feedback and Coaching Guide for Managers – A tool to guide you on how to coach your team members.

    Feedback and coaching will improve performance, increase employee engagement, and build stronger employee manager relationships. Giving feedback is an essential part of a manger's job and if done timely can help employees to correct their behavior before it becomes a bigger problem.

    • Feedback and Coaching Guide for Managers

    Infographic

    Workshop: Set Meaningful Employee Performance Measures

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Source and Set Goals

    The Purpose

    Ensure that individual goals are informed by business ones.

    Key Benefits Achieved

    Individuals understand how their goals contribute to organizational ones.

    Activities

    1.1 Understand how your department contributes to larger organizational goals.

    1.2 Determine the timelines you need to measure employees against.

    1.3 Set Business aligned department, team, and individual goals.

    Outputs

    Business-aligned department and team goals

    Business-aligned individual goals

    2 Design Measures

    The Purpose

    Create holistic performance measures.

    Key Benefits Achieved

    Holistic performance measures are created.

    Activities

    2.1 Choose your employee measurement framework: generic or individual.

    2.2 Define appropriate employee measures for preestablished goals.

    2.3 Determine employee measurement weightings to drive essential behaviors.

    Outputs

    Determined measurement framework

    Define employee measures.

    Determined weightings

    3 Communicate to Implement and Review

    The Purpose

    Learn how to communicate measures to stakeholders and review measures.

    Key Benefits Achieved

    Learn how to communicate to stakeholders and coach employees through blockers.

    Activities

    3.1 Learn how to communicate selected performance measures to stakeholders.

    3.2 How to coach employees though blockers.

    3.3 Reviewing and updating measures.

    Outputs

    Effective communication with stakeholders

    Coaching and feedback

    When to update

    4 Manager Training

    The Purpose

    Train managers in relevant areas.

    Key Benefits Achieved

    Training delivered to managers.

    Activities

    4.1 Deliver Build a Better Manager training to managers.

    4.2

    Outputs

    Manager training delivered

    Further reading

    Set Meaningful Employee Performance Measures

    Set holistic measures to inspire employee performance.

    EXECUTIVE BRIEF

    Set employees up for success by implementing performance measures that inspire great performance, not irrelevant reporting.

    Executive Summary

    Your Challenge

    In today’s competitive environment, managers must assess and inspire employee performance in order to assess the achievement of business goals.

    Despite the importance of performance measures, many leaders struggle with choosing appropriate metrics.

    Performance measures are often misaligned with the larger strategy, gamed by employees, or are too narrow to provide an accurate picture of employee achievements.

    Common Obstacles

    Managers who invest time in creating more effective performance measures will be rewarded with increased employee engagement and better employee performance.

    Too little time setting holistic employee measures often results in unintended behaviors and gaming of the system.

    Conversely, too much time setting employee measures will result in overreporting and underperforming employees.

    Info-Tech’s Approach

    Info-Tech helps managers translate organizational goals to employee measures. Communicating these to employees and other stakeholders will help managers keep better track of workforce productivity, maintain alignment with the organization’s business strategy, and improve overall results.

    Info-Tech Insight

    Performance measures are not about punishing bad performance, but inspiring higher performance to achieve business goals.

    Meaningful performance measures drive employee engagement...

    Clearly defined performance measures linked to specific goals bolster engagement by showing employees the importance of their contributions.

    Significant components of employee engagement are tied to employee performance measures.

    A diagram of employee engagement survey and their implications.

    Which, in turn, drives business success.

    Improved employee engagement is proven to improve employee performance. Setting meaningful measures can impact your bottom line.

    Impact of Engagement on Performance

    A diagram that shows Percent of Positive Responses Among Engaged vs. Disengaged
    Source: McLean & Company Employee Engagement Survey Jan 2020-Jan 2023; N=5,185 IT Employees; were either Engaged or Disengaged (Almost Engaged and Indifferent were not included)

    Engaged employees don’t just work harder, they deliver higher quality service and products.

    Engaged employees are significantly more likely to agree that they regularly accomplish more than what’s expected of them, choose to work extra hours to improve results, and take pride in the work they do.

    Without this sense of pride and ownership over the quality-of-service IT provides, IT departments are at serious risk of not being able to deliver quality service, on-time and on-budget.

    Create meaningful performance measures to drive employee engagement by helping employees understand how they contribute to the organization.

    Unfortunately, many employee measures are meaningless and fail to drive high-quality performance.

    Too many ineffective performance measures create more work for the manager rather than inspire employee performance. Determine if your measures are worth tracking – or if they are lacking.

    Meaningful performance measures are:

    Ineffective performance measures are:

    Clearly linked to organizational mission, values, and objectives.

    Based on a holistic understanding of employee performance.

    Relevant to organizational decision-making.

    Accepted by employees and managers.

    Easily understood by employees and managers.

    Valid: relevant to the role and goals and within an employee’s control.

    Reliable: consistently applied to assess different employees doing the same job.

    Difficult to track, update, and communicate.

    Easily gamed by managers or employees.

    Narrowly focused on targets rather than the quality of work.

    The cause of unintended outcomes or incentive for the wrong behaviors.

    Overly complex or elaborate.

    Easily manipulated due to reliance on simple calculations.

    Negotiable without taking into account business needs, leading to lower performance standards.

    Adopt a holistic approach to create meaningful performance measurement

    A diagram that shows a holistic approach to create meaningful performance measurement, including inputs, organizational costs, department goals, team goals, individual goals, and output.

    Info-Tech’s methodology to set the stage for more effective employee measures

    1. Source and Set Goals

    Phase Steps
    1.1 Create business-aligned department and team goals
    1.2 Create business-aligned individual goals

    Phase Outcomes
    Understand how your department contributes to larger organizational goals.
    Determine the timelines you need to measure employees against.
    Set business-aligned department, team, and individual goals.

    2. Design Measures

    Phase Steps
    1.1 Choose measurement framework
    1.2 Define employee measures
    1.3 Determine weightings

    Phase Outcomes
    Choose your employee measurement framework: generic or individual.
    Define appropriate employee measures for preestablished goals.
    Determine employee measurement weightings to drive essential behaviors.
    Ensure employee measures are communicated to the right stakeholders.

    3. Communicate to Implement and Review

    Phase Steps
    1.1 Communicate to stakeholders
    1.2 Coaching and feedback
    1.3 When to update

    Phase Outcomes
    Communicate selected performance measure to stakeholders.
    Learn how to coach employees though blockers.
    Understand how to review and when to update measures.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is four to six calls over the course of two to four months.

    What does a typical GI on this topic look like?

    A diagram that shows Guided Implementation in 3 phases.

    Integrate Threat Intelligence Into Your Security Operations

    • Buy Link or Shortcode: {j2store}320|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: 2 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Organizations have limited visibility into their threat landscape, and as such are vulnerable to the latest attacks, hindering business practices, workflow, revenue generation, and damaging their public image.
    • Organizations are developing ad hoc intelligence capabilities that result in operational inefficiencies, the misalignment of resources, and the misuse of their security technology investments.
    • It is difficult to communicate the value of a threat intelligence solution when trying to secure organizational buy-in and the appropriate resourcing.
    • There is a vast array of “intelligence” in varying formats, often resulting in information overload.

    Our Advice

    Critical Insight

    1. Information alone is not actionable. A successful threat intelligence program contextualizes threat data, aligns intelligence with business objectives, and then builds processes to satisfy those objectives.
    2. Your security controls are diminishing in value (if they haven’t already). As technology in the industry evolves, threat actors will inevitably adopt new tools, tactics, and procedures; a threat intelligence program can provide relevant situational awareness to stay on top of the rapidly-evolving threat landscape.
    3. Your organization might not be the final target, but it could be a primary path for attackers. If you exist as a third-party partner to another organization, your responsibility in your technology ecosystem extends beyond your own product/service offerings. Threat intelligence provides visibility into the latest threats, which can help you avoid becoming a backdoor in the next big data breach.

    Impact and Result

    • Assess the needs and intelligence requirements of key stakeholders.
    • Garner organizational buy-in from senior management.
    • Identify organizational intelligence gaps and structure your efforts accordingly.
    • Understand the different collection solutions to identify which best supports your needs.
    • Optimize the analysis process by leveraging automation and industry best practices.
    • Establish a comprehensive threat knowledge portal.
    • Define critical threat escalation protocol.
    • Produce and share actionable intelligence with your constituency.
    • Create a deployment strategy to roll out the threat intelligence program.
    • Integrate threat intelligence within your security operations.

    Integrate Threat Intelligence Into Your Security Operations Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement a threat intelligence program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Plan for a threat intelligence program

    Assess current capabilities and define an ideal target state.

    • Integrate Threat Intelligence Into Your Security Operations – Phase 1: Plan for a Threat Intelligence Program
    • Security Pressure Posture Analysis Tool
    • Threat Intelligence Maturity Assessment Tool
    • Threat Intelligence Project Charter Template
    • Threat Intelligence RACI Tool
    • Threat Intelligence Management Plan Template
    • Threat Intelligence Policy Template

    2. Design an intelligence collection strategy

    Understand the different collection solutions to identify which best supports needs.

    • Integrate Threat Intelligence Into Your Security Operations – Phase 2: Design an Intelligence Collection Strategy
    • Threat Intelligence Prioritization Tool
    • Threat Intelligence RFP MSSP Template

    3. Optimize the intelligence analysis process

    Begin analyzing and acting on gathered intelligence.

    • Integrate Threat Intelligence Into Your Security Operations – Phase 3: Optimize the Intelligence Analysis Process
    • Threat Intelligence Malware Runbook Template

    4. Design a collaboration and feedback program

    Stand up an intelligence dissemination program.

    • Integrate Threat Intelligence Into Your Security Operations – Phase 4: Design a Collaboration and Feedback Program
    • Threat Intelligence Alert Template
    • Threat Intelligence Alert and Briefing Cadence Schedule Template
    [infographic]

    IT Governance

    • Buy Link or Shortcode: {j2store}22|cart{/j2store}
    • Related Products: {j2store}22|crosssells{/j2store}
    • Up-Sell: {j2store}22|upsells{/j2store}
    • member rating overall impact (scale of 10): 9.2/10
    • member rating average dollars saved: $124,127
    • member rating average days saved: 37
    • Parent Category Name: Strategy and Governance
    • Parent Category Link: /strategy-and-governance
    Read our concise Executive Brief to find out why you may want to redesign your IT governance, Review our methodology, and understand how we can support you in completing this process.

    Modernize Your Applications

    • Buy Link or Shortcode: {j2store}178|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Application modernization is essential to stay competitive and productive in today’s digital environment. Your stakeholders have outlined their digital business goals that IT is expected to meet.
    • Your application portfolio cannot sufficiently support the flexibility and efficiency the business needs because of legacy challenges.
    • Your teams do not have a framework to illustrate, communicate, and justify the modernization effort and organizational changes in the language your stakeholders understand.

    Our Advice

    Critical Insight

    • Build your digital applications around continuous modernization. End-user needs, technology, business direction, and regulations rapidly change in today’s competitive and fast-paced industry. This reality will quickly turn your modern applications into shelfware. Build continuous modernization at the center of your digital application vision to keep up with evolving business, end-user, and IT needs.
    • Application modernization is organizational change management. If you build and modernize it, they may not come. The crux of successful application modernization is centered on the strategic, well-informed, and onboarded adoption of changes in key business areas, capabilities, and processes. Organizational change management must be front and center so that applications are fit for purpose and are something that end users want and need to use.
    • Business-IT collaboration is not optional. Application modernization will not be successful if your lines of business (LOBs) and IT are not working together. IT must empathize how LOBs operate and proactively support the underlying operational systems. LOBs must be accountable for all products leveraging modern technologies and be able to rationalize the technical feasibility of their digital application vision.

    Impact and Result

    • Establish the digital application vision. Gain a grounded understanding of the digital application construct and prioritize these attributes against your digital business goals.
    • Define your modernization approach. Obtain a thorough view of your business and technical complexities, risks, and impacts. Employ the right modernization techniques based on your organization’s change tolerance.
    • Build your roadmap. Clarify the organizational changes needed to support modernization and adoption of your digital applications.

    Modernize Your Applications Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should strategically modernize your applications, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set your vision

    Describe your application vision and set the right modernization expectations with your stakeholders.

    • Modernize Your Applications – Phase 1: Set Your Vision

    2. Identify your modernization opportunities

    Focus your modernization efforts on the business opportunities that your stakeholders care about.

    • Modernize Your Applications – Phase 2: Identify Your Modernization Opportunities

    3. Plan your modernization

    Describe your modernization initiatives and build your modernization tactical roadmap.

    • Modernize Your Applications – Phase 3: Plan Your Modernization
    [infographic]

    Workshop: Modernize Your Applications

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Set Your Vision

    The Purpose

    Discuss the goals of your application modernization initiatives

    Define your digital application vision and priorities

    List your modernization principles

    Key Benefits Achieved

    Clear application modernization objectives and high priority value items

    Your digital application vision and attributes

    Key principles that will guide your application modernization initiatives

    Activities

    1.1 State Your Objectives

    1.2 Characterize Your Digital Application

    1.3 Define Your Modernization Principles

    Outputs

    Application modernization objectives

    Digital application vision and attributes definitions

    List of application modernization principles and guidelines

    2 Identify Your Modernization Opportunities

    The Purpose

    Identify the value streams and business capabilities that will benefit the most from application modernization

    Conduct a change tolerance assessment

    Build your modernization strategic roadmap

    Key Benefits Achieved

    Understanding of the value delivery improvements modernization can bring

    Recognizing the flexibility and tolerance of your organization to adopt changes

    Select an approach that best fits your organization’s goals and capacity

    Activities

    2.1 Identify the Opportunities

    2.2 Define Your Modernization Approach

    Outputs

    Value streams and business capabilities that are ideal modernization opportunities

    Your modernization strategic roadmap based on your change tolerance and modernization approach

    3 Plan Your Modernization

    The Purpose

    Identify the most appropriate modernization technique and the scope of changes to implement your techniques

    Develop an actionable tactical roadmap to complete your modernization initiatives

    Key Benefits Achieved

    Clear understanding of what must be changed to the organization and application considering your change tolerance

    An achievable modernization plan

    Activities

    3.1 Shortlist Your Modernization Techniques

    3.2 Roadmap Your Modernization Initiatives

    Outputs

    Scope of your application modernization initiatives

    Your modernization tactical roadmap

    Equip Managers to Effectively Manage Virtual Teams

    • Buy Link or Shortcode: {j2store}600|cart{/j2store}
    • member rating overall impact (scale of 10): 9.7/10 Overall Impact
    • member rating average dollars saved: $20,240 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Manage & Coach
    • Parent Category Link: /manage-coach
    • Virtual team members must rely upon collaboration technology to communicate and collaborate.
    • Management practices and approaches that work face to face do not always translate effectively in virtual contexts.
    • Managers cannot rely upon spontaneous social interactions that happen organically when people are colocated to build meaningful and trusting relationships. Space and time need to be created in a virtual environment for this to happen.
    • Observing an employee’s performance or development can be more difficult, and relying on others’ feedback becomes more critical for managing performance and development.

    Our Advice

    Critical Insight

    • Managing virtual teams does not require developing new manager competencies. Instead, managers need to “dial up” competencies they already have and adjust their approaches.
    • Setting clear expectations with virtual teams creates the foundation needed to manage them effectively.
    • Virtual employees crave more meaningful interactions about performance and development with their managers.

    Impact and Result

    • Create a solid foundation for managing virtual teams by setting clear expectations and taking a more planful approach to managing performance and employee development.
    • Dial up key management competencies that you already have. Managers do not need to develop new competencies; they just need to adjust and refocus their approaches.

    Equip Managers to Effectively Manage Virtual Teams Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Equip managers to effectively manage virtual teams

    Equip managers to become more effective with managing remote teams.

    The workbook serves as a reference guide participants will use to support formal training.

    • Training Deck: Equip Managers to Effectively Manage Virtual Teams
    • Workbook: Equip Managers to Effectively Manage Virtual Teams
    • Standard Participant Training Session Evaluation Template

    2. Additional Resources

    Many organizations are developing plans to allow employees more flexible work options, including remote work. Use these resources to help managers and employees make the most of remote work arrangements.

    • Work-From-Home Tips for Managers
    • Work-From-Home Tips for Employees
    • Health & Safety at Home Infographic
    • Wellness and Working From Home
    • Ergonomic Workspaces Infographic
    [infographic]

    Further reading

    Equip Managers to Effectively Manage Virtual Teams

    Learning objectives

    Describe the benefits of virtual teams.

    Create a plan for adopting effective management practices and setting clear expectations with virtual teams.

    Identify potential solutions to the challenges of managing performance and developing members of virtual teams.

    Create an action plan to increase effectiveness in managing virtual teams.

    Target audience

    People managers who manage or plan to manage virtual teams.

    Training length

    Two three-hour sessions

    Training material

    • Use the speaker’s notes in the notes pane section of each slide to plan and practice the training session.
    • Activity slides are scattered throughout this training deck and are clearly numbered in the slide title.
    • Notes in italics are written to the facilitator and are not meant to be read aloud.
    • Download the Workbook for participants to use.

    Suggested materials for activities:

    • Index cards or sticky notes
    • Markers
    • Whiteboard/large table space/flip chart

    Agenda & activities

    Section 1

    Section 2

    10 min

    Welcome: Overview & Introductions

    • Introductions
    10 min

    Welcome: Overview & Introductions

    • Session 1 Review
    • Session 2 Overview
    50 min

    1.1 Introduction to virtual teams

    • What kind of virtual team do you lead?
    • Virtual team benefits and challenges
    55 min

    2.1 Managing wellbeing in a virtual team context

    • Share current practices and challenges regarding wellbeing in virtual teams
    • Identify and discuss proposed solutions
    • Develop draft action plan for managing wellbeing in a virtual team context
    5 min

    Break

    5 min Break
    45 min

    1.2 Laying the foundation for a virtual team

    • Identify behaviors to better inform, interact with, and involve team members
    60 min

    2.2 Managing performance in a virtual team context

    • Share current performance management practices for virtual teams
    • Identify challenges of current practices and propose solutions
    • Develop draft action plan for managing performance in a virtual team context
    10 min

    Break

    10 min Break
    55 min

    1.2 Laying the foundation for a virtual team

    • Identify and share ways you prefer to communicate for different activities
    • Develop draft action plan for laying the foundation for a virtual team
    40 min

    Action planning & conclusion

    • Refine consolidated action plan (three parts) and commit to implementing it
    • Key takeaways
    5 min

    Session 1 Wrap-Up

    Recommended Customization

    Review all slides and adjust the language or content as needed to suit your organizational context and culture.

    The pencil icon to the left denotes slides requiring customization of the slide and/or the speaker’s notes, e.g. adding in an organization-specific process.

    Customization instructions are found in the notes pane.

    Tips

    • Adjust the speaker’s notes on the slides before (or after) any slides you modify or delete to ensure logical transitions between slides.
    • Update the agenda to reflect new timings if major modifications are made.
    • Even seasoned leaders need to be reminded of the basics now and again. Rather than delete more basic slides, cut back on the amount of time spent covering them and frame the content as a refresher.
    • Participant Workbooks
    • Relevant organization-specific documents (see side panel)
    • Training Session Feedback Form

    Required Information

    • Communication guidelines for managers (e.g. cadence of manager interactions)
    • Performance management process and guidelines
    • Employee development guidelines
    • List of available resources (e.g. social collaboration tools)

    Effectively Manage Virtual Teams

    Section 1.1

    Practical foundations for managing teams in a remote environment

    Feasibility of virtual IT teams

    Most organizations are planning some combination of remote and onsite work in 2022.

    This is an image of a bar graph demonstrating the percentage of companies who have the following plans for return to work: Full work-from-home (All employees WFH permanently) - 4% ; No work-from-home permitted	9% ; Partial work-from-home team (Eligible employees can WFH for a certain portion of their work week)	23% ; Balanced work-from-home team (All employees can WFH for a certain portion of their work week)	28% ; Hybrid work-from-home team (Eligible employees WFH on a full-time basis)	37%

    Source: IT Talent Trends, 2022; n=199

    Speaker’s Notes:

    Most organizations are planning some combination of remote and onsite work in 2022 – the highest reported plans for WFH were hybrid, balanced, and partial work-from-home. This builds on our findings in the IT Talent Trends 2022 report.

    Feasibility of virtual IT teams

    What percentage of roles in IT are capable of being performed remotely permanently?

    Approximately what percentage of roles in IT are capable of being performed remotely permanently?

    0% to less than 10%: 3%; 10% to less than 25%: 5%; 25% to less than 50%: 12%; 50% to less than 75%: 30%; 75% to 100%L 50%.

    IT Talent Trends, 2022; n=207

    Speaker’s Notes:

    80% of respondents estimated that 50 to 100% of IT roles can be performed remotely.

    Virtual teams take all kinds of forms

    A virtual team is any team that has members that are not colocated and relies on technology for communications.

    This image depicts the three levels of virtual teams, Municipal; National; Global.

    Speaker’s Notes:

    Before we start, it will be useful to review what we mean by the term “virtual team.” For our purposes we will be defining a virtual team as any team that has members that are not colocated and relies on technology for communications.

    There are a wide variety of virtual work arrangements and a variety of terms used to describe them. For example, some common terms include:

    • “Flexible work arrangements”: Employees have the option to work where they see fit (within certain constraints). They may choose to work from the office, home, a shared office space, the road, etc.
    • “Remote work,” “work from home,” and “telecommuting”: These are just various ways of describing how or where people are working virtually. They all share the idea that these kinds of employees are not colocated.
    • “Multi-office team”: the team members all work in office environments, but they may not always be in the same office as their team members or manager.

    Our definition of virtual work covers all of these terms. It is also distance neutral, meaning that it applies equally to teams that are dispersed globally or regionally or even those working in the same cities but dispersed throughout different buildings. Our definition also applies whether virtual employees work full time or part time.

    The challenges facing managers arise as soon as some team members are not colocated and have to rely on technology to communicate and coordinate work. Greater distances between employees can complicate challenges (e.g. time zone coordination), but the core challenges of managing virtual teams are the same whether those workers are merely located in different buildings in the same city or in different buildings on different continents.

    1.1 What kind of virtual team do you lead?

    15 Minutes

    Working on your own, take five minutes to figure out what kind of virtual team you lead.

    1. How many people on your team work virtually (all, most, or a small percentage)?
    2. How often and how regularly do they tend to work virtually (full time, part time regularly, or part time as needed)?
    3. What kinds of virtual work arrangements are there on your team (multi-site, work from home, mobile employees)?
    4. Where do your workers tend to be physically located (different offices but in the same city/region or globally dispersed)?
    5. Record this information in your workbook.
    6. Discuss as a group.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Size of virtual team
    • Current remote work practices

    Output

    • Documented list of current state of remote work

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Advantages

    Benefits to the organization

    Benefits to employees

    Operational continuity in disaster situations that prevent employees from coming into the office.

    Cost savings: Employees who WFH half the time can save $2,500 to $4,000 per year (Global Workplace Analytics, 2021).

    Cost savings: Organizations save ~$11,000 annually per employee working from home half the time (Global Workplace Analytics, 2021).

    Time savings: Employees who WFH half the time save on average 11 workdays per year (Global Workplace Analytics, 2021).

    Increased attraction: 71% of employees would likely choose one employer over another based on WFH offerings (Owl Labs, 2021).

    Improved wellbeing:

    83% employees agree that WFH would make them happier.

    80% agree that WFH would decrease their stress.

    81% agree that WFH would improve their ability to manage their work-life balance.

    (Owl Labs, 2021)

    Increased retention: 74% of employees would be less likely to leave their employer if they could WFH (Owl Labs, 2021).

    Increased flexibility: 32% of employees rated the “ability to have a flexible schedule” as the biggest benefit of WFH (OWL Labs, 2021).

    Increased productivity: 50% of employees report they would maintain or increase their productivity while working from home (Glassdoor Team, 2020).

    Increased engagement: Offsite employees tend to have higher overall engagement than onsite employees (McLean & Company Engagement Survey, 2020).

    Speaker’s Notes:

    Remote work arrangements are becoming more and more common, and for good reason: there are a lot of benefits to the organization – and to employees.

    #1: Save Money

    Perhaps one of the most common reasons for opting for remote-work arrangements is the potential cost savings. One study found that organizations could save about $11,000 per employee working from home half the time (Global Workplace Analytics, 2021).

    #2 Increased Attraction

    In addition, supporting remote-work arrangements can attract employees. One study found that 71% of employees would likely choose one employer over another based on WFH offerings (Owl Labs, 2019).

    #3 Improve productivity.

    There are also improvements to productivity. Fifty percent of employees report they would maintain or increase their productivity while working from home (Glassdoor Team, 2020).

    Remote work also has benefits to employees.

    #1: Save Money

    As with organizations, employees also benefit financially from remote work arrangements, saving between $2,500 and $4,000 and on average 11 working days while working from home half of the time.

    #2: Improved Wellbeing

    Most employees agree that working from home makes them happier, reduces stress, and provides an improved work-life balance through increased flexibility.

    Challenges

    Organizations

    • Concerns that WFH may stifle innovation (Scientific American, 2021), likely due to the potential lack of collaboration and knowledge sharing.
    • Fewer organic opportunities for informal interaction between employees working from home means active efforts are required to foster organizational culture.

    Leaders

    • 42% of managers believe that monitoring the productivity of their direct reports is a top challenge of WFH (Ultimate Software, 2019).
    • The lack of in-person supervision compounded with a lack of trust in employees leads many leaders to believe that WFH will result in a drop in productivity.

    Employees

    • 20% of employees report collaboration/communication as their top struggle with WFH (Owl Labs, 2021).
    • Employees often experience burnout from working longer hours due to the lack of commute, blurring of work and home life, and the perceived need to prove their productivity.

    Many of these barriers can be addressed by changing traditional mindsets and finding alternative ways of working, but the traditional approach to work is so entrenched that it has been hard to make the shift.

    Speaker’s Notes:

    Many organizations are still grappling with the challenges of remote work. Some are just perceived challenges, while others are quite real.

    Limited innovation and a lack of informal interaction are a potential consequence of failing to properly adapt to the remote-work environment.

    Leaders also face challenges with remote work. Losing in-person supervision has led to the lack of trust and a perceived drop in productivity.

    A study conducted 2021 asked remote workers to identify their biggest struggle with working remotely. The top three struggles remote workers report facing are unplugging after work, loneliness, and collaborating and/or communicating.

    Seeing the struggles remote workers identify is a good reminder that these employees have a unique set of challenges. They need their managers to help them set boundaries around their work; create feelings of connectedness to the organization, culture, and team; and be expert communicators.

    1.2 Virtual teams: benefits and challenges

    20 Minutes

    1. Discuss and list:
      1. Any positives you’ve experienced since managing virtual employees.
      2. Any challenges you’ve had to manage connected to managing virtual employees.
    2. Record information in the workbook.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Personal experiences managing remote teams

    Output

    • List of benefits and challenges of remote work

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Effectively Manage Virtual Teams

    Section 1.2

    Laying the foundations for a virtual team

    The 3i’s: Inform, interact, and involve your way to effective management:

    Inform

    Interact Involve

    ↓ Down

    Connect

    ↑ Up

    Tell employees the whys

    Get to know employees

    Solicit input from employees

    Speaker’s Notes:

    Effectively managing a virtual team really comes down to adopting management approaches that will engage virtual employees.

    Managing a virtual team does not actually require a new management style. The basics of effective management are the same in both colocated and virtual teams; however, the emphasis on certain behaviors and actions we take often differs. Managing a virtual team requires much more thoughtfulness and planning in our everyday interactions with our teams as we cannot rely on the relative ease of face-to-face interactions available to colocated teams.

    The 3i’s Engaging Management Model is useful when interacting with all employees and provides a handy framework for more planful interactions with virtual employees.

    Think of your management responsibilities in these three buckets – they are the most important components of being an effective manager. We’re first going to look at inform and involve before moving on to interact.

    Inform: Relay information down from senior management and leaders to employees. Communicate the rationale behind decisions and priorities, and always explain how they will directly affect employees.

    Why is this important? According to McLean & Company’s Engagement Survey data, employees who say their managers keep them well informed about decisions that affect them are 3.4 times more likely to be engaged (Source: McLean & Company, 2020; N=77,363). Your first reaction to this might be “I already do this,” which may very well be the case. Keep in mind, though, we sometimes tend to communicate on a “need-to-know basis,” especially when we are stressed or short on time. Engaging employees takes more. Always focus on explaining the “why?” or the rationale behind business decisions.

    It might seem like this domain should be the least affected, since important company announcements probably continue in a remote environment. But remember that information like that also flows informally. And even in formal settings, there are question-and-answer opportunities. Or maybe your employee might come to your office to ask for more details. Virtual team members can’t gather around the watercooler. They don’t have the same opportunities to hear information in passing as people who are colocated do, so managers need to make a concerted effort to share information with virtual team members in a clear and timely way.

    Swinging over to the other end, we have involve: Involve your employees. Solicit information and feedback from employees and collaborate with them.

    However, it’s not enough to just solicit their feedback and input; you also need to act on it.

    Make sure you involve your employees in a meaningful way. Such collaboration makes employees feel like a valued part of the team. Not to mention that they often have information and perspectives that can help make your decisions stronger!

    Employees who say their department leaders act on feedback from them are 3.9 times more likely to be engaged than those whose leaders don’t. (Source: McLean & Company, 2020; N=59,779). That is a huge difference!

    Keeping virtual employees engaged and feeling connected and committed to the organization requires planful and regular application of the 3i’s model.

    Finally, Interact: Connect with employees on a personal level; get to know them and understand who they are on a personal and professional level.

    Why? Well, over and above the fact that it can be rewarding for you to build stronger relationships with your team, our data shows that human connection makes a significant difference with employees. Employees who believe their managers care about them as a person are 3.8 times more likely to be engaged than those who do not (Source: McLean & Company, 2017; N=70,927).

    And you might find that in a remote environment, this is the area that suffers the most, since a lot of these interactions tend to be unscripted, unscheduled, and face to face.

    Typically, if we weren’t in the midst of a pandemic, we’d emphasize the importance of allocating some budget to travel and get some face-to-face time with your staff. Meeting and interacting with team members face to face is crucial to building trusting relationships, and ultimately, an effective team, so given the context of our current circumstances, we recommend the use of video when interacting with your employees who are remote.

    Relay information down from senior management to employees.

    Ensure they’ve seen and understand any organization-wide communication.

    Share any updates in a timely manner.

    Connect with employees on a personal level.
    Ask how they’re doing with the new work arrangement.
    Express empathy for challenges (sick family member, COVID-19 diagnosis, etc.).
    Ask how you can support them.
    Schedule informal virtual coffee breaks a couple of times a week and talk about non-work topics.

    Get information from employees and collaborate with them.
    Invite their input (e.g. have a “winning remotely” brainstorming session).
    Escalate any challenges you can’t address to your VP.
    Give them as much autonomy over their work as possible – don’t micromanage.

    1.3 Identify behaviors to inform, interact with, and involve team members

    20 Minutes

    Individually:

    1. Identify one behavior for each of Inform, Interact, and Involve to improve.
    2. Record information in the workbook.

    As a group:

    1. Discuss behaviors to improve for each of Inform, Interact, and Involve and record new ideas to incorporate into your leadership practice.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • 3i's Model
    • Current leadership behaviors to improve

    Output

    • List of behaviors to better inform, interact, and involve team members

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Laying the foundation: Set clear expectations

    Tasks

    • What are the daily and weekly team activities? How do they affect one another?

    Goals

    • Clarify any adjustments to strategy based on the situation; clarify metrics.

    Communication

    • How often and when will you check in? What should they come to you for? What modalities will you use and when?

    Roadblocks

    • Involve your team in deciding how to handle roadblocks and challenges.

    Speaker’s Notes:

    Clear expectations are important in any environment, remote or not. But it is much harder to do in a remote environment. The barrier to seeking clarification is so much higher (For example, email vs. catching someone in hallway, or you can’t notice that a colleague is struggling without them asking).

    Communication – This is one area where the importance actually changes in a remote context. We’ve been talking about a lot of practices that are the same in importance whether you’re in an office or remote, and maybe you just enact them differently. But clarity around communication processes is actually tremendously more important in a remote environment.

    Adopt a five-step process to set specific and documented expectations

    1. Check in with how your team member is doing on a daily basis. Don’t forget to ask how they are doing personally.
    2. Follow up on previously set expectations. Ask how things are going. Discuss if priorities or expectations have changed and update expectations accordingly.
    3. Ask if they are experiencing any roadblocks and collaborate to find solutions.
    4. Provide feedback and recognition as appropriate.
    5. Document newly set expectations – either through a collaboration tool or through email.

    Speaker’s Notes:

    Suggested best practices: Hold daily team check-ins and hold separate individual check-ins. Increase frequency of these.

    During Check-in
    1. Set up a running Teams chat for your team.
    • This is your community. You must be the biggest cheerleader and keep the team feeling like they are contributing. Make sure everyone is involved.
  • Start each workday with a video scrum to discuss what’s coming today for your team.
    • Ask: What are you planning to work on today? Are there any roadblocks I can help with? Technology working OK?
  • Right after your team meeting, set up an “every morning video call” one-on-one meeting with each team member (5-10 minutes max).
    • Ask: What are you working on today? What will your momentum metrics be? What do you need from me?
  • Set up a separate video call at the end of the afternoon to review what everyone did (5 minutes max).
    • Ask: What went well? What went poorly? How can we improve?
  • After a Check-in
    1. Be accessible:
      • Ensure your team knows the best way to get in touch with you.
      • Email is not ideal for informal, frequent contact – use messaging instead.
    2. Be available:
      • Keep a running conversation going in Teams.
      • Respond in a timely manner; address issues quickly so that your team has what they need to succeed.
      • Let your team know if you’ll be away/offline for longer than an hour during the workday and ask them to do the same (e.g. for an appointment).
      • Help address roadblocks, answer questions, clarify priorities, etc.

    Define communication requirements

    • Set up an ongoing communication with your team.
      • E.g. a running conversation on Slack or Teams
    • Schedule daily virtual meetings and check-ins.
      • This can help to maintain a sense of normalcy and conduct a pulse check on your team.
    • Use video for important conversations.
      • Video chat creates better rapport, shows body language, and lessens feelings of isolation, but it can be taxing.
    • Set expectations about communication.
      • Differentiate between day-to-day communication and updates on the state of events.
    • Clearly communicate the collaboration toolkit.
      • What do we have available? What is the purpose of each?

    Speaker’s Notes:

    With organizational expectations set, we need to establish team expectations around how we collaborate and communicate.

    Today there is no lack of technology available to support our virtual communication. We can use the phone, conference calls, videoconferencing, Skype, instant messaging, [insert organization-specific technological tools.], etc.

    However, it is important to have a common understanding of which tools are most appropriate when and for what.

    What are some of the communication channel techniques you’ve found useful in your informal interactions with employees or that you’ve seen work well between employees?

    [Have participants share any technological tools they find useful and why.]

    Check in with your team on communication requirements

    • Should we share our calendars, hours of availability, and/or IM status?
    • How often should we meet as a team and one on one? Should we institute a time when we should not communicate virtually?
    • Which communication channel should we use in what context? How should we decide which communication method to use?
    • Should I share guidelines for email and meeting etiquette (or any other communication methods)?
    • Should we establish a new team charter?
    • What feedback does the team have regarding how we’ve been communicating?

    Speaker’s Notes:

    Whenever we interact, we make the following kinds of social exchanges. We exchange:

    • Information: Data or opinions
    • Emotions: Feelings and evaluations about the data or opinions
    • Motivations: What we feel like doing in response to data or opinions

    We need to make sure that these exchanges are happening as each team member intends. To do this, we have to be sensitive to what information is being conveyed, what emotions are involved in the interaction, and how we are motivating each other to act through the interaction. Every interaction will have intended and unintended effects on others. No one can pay attention to all of these aspects of communication all the time, but if we develop habits that are conducive to successful exchanges in all three areas, we can become more effective.

    In addition to being mindful of the exchange in our communication, as managers it is critical to build trusting relationships and rapport with employees as we saw in the 3i's model. However, in virtual teams we cannot rely on running into someone in the kitchen or hallway to have an informal conversation. We need to be thoughtful and deliberate in our interactions with employees. We need to find alternative ways to build these relationships with and between employees that are both easy and accepted by ourselves and employees. Because of that, it is important to set communication norms and really understand each other’s preferences. For example:

    • Timing of responses. Set the expectation that emails should be responded to within X hours/days unless otherwise noted in the actual email.
    • When it’s appropriate to send an email vs. using instant messaging.
    • A team charter – the team’s objectives, individual roles and responsibilities, and communication and collaboration guidelines.

    1.4 Identify and share ways you prefer to communicate for different activities

    20 Minutes

    1. Brainstorm and list the different types of exchanges you have with your virtual employees and they have with each other.
    2. List the various communication tools in use on your team.
    3. Assign a preferred communication method for each type of exchange

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Current types of exchanges on team
    • Communication methods used

    Output

    • Defined ways to communicate for each communication method

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Effectively Manage Virtual Teams

    Section 2.1
    Balancing wellbeing and performance in a virtual team context

    The pandemic has taken a significant toll on employees’ mental wellbeing

    44% of employees reported declined mental wellbeing since the start of the pandemic.

    • 44% of those who work from home.
    • 34% of those who have other work arrangements (i.e. onsite).
      (Qualtrics, 2020)

    "If one of our colleagues were to fall, break their leg, and get a cast, colleagues would probably rally around that person signing their cast. But, really, we don’t view the health of our brain the same as we do the health of our body."
    – Centre for Addiction and Mental Health (CAMH) Employee

    Speaker’s Notes:

    Despite being over two years into the pandemic, we are still seeing its effect on the physical and mental health of employees.

    The mental health aspect has been often overlooked by organizations, but in order to have a safe, happy, and productive team, you need to give mental health the same level of focus as physical heath. This requires a change in mindset in order for you as a leader to support your team's mental wellbeing during the pandemic and beyond.

    Employees are reporting several key mental wellbeing challenges

    Stress: 67%

    Employees report increasingly high levels of stress from the onset of COVID-19, stating that it has been the most stressful time in their careers.
    (Qualtrics, 2020)

    Anxiety: 57%

    Similarly, employees’ anxiety levels have peaked because of the pandemic and the uncertainty it brings.
    (Qualtrics, 2020)

    Four main themes surrounding stress & anxiety

    • Fear of contracting COVID-19
    • Financial pressures
    • Job security and uncertainty
    • Loneliness caused by social isolation

    Speaker’s Notes:

    The stress and uncertainty about the future caused by the pandemic and its fallout are posing the biggest challenges to employees.

    Organizations shutting down operations, moving to fully remote, or requiring some of their employees to be on site based on the current situation causes a lot of anxiety as employees are not able to plan for what is coming next.

    Adding in the loss of social networks and in-person interactions exacerbates the problem employees are facing. As leaders, it is your job to understand and mitigate these challenges wherever possible.

    Re-examine your workplace barriers to mental wellbeing

    New Barriers

    Old Barriers

    • Childcare/eldercare responsibilities
    • Fear of workplace health risks
    • Work location
    • Lost support networks
    • Changed work schedules
    • Social distancing
    • Workload
    • Fear of stigma
    • Benefits limits
    • Limits to paid time off
    • Lack of manager knowledge

    Key considerations:

    • Work Environment
      • Accessibility of mental wellbeing programs and initiatives
    • Organizational Culture
      • Modeling of wellbeing
      • Paid time off
      • Discussions around mental wellbeing
    • Total Rewards
      • Benefits coverage
      • Employee assistance programs (EAPs)
      • Manager knowledge

    Speaker’s Notes:

    Organizational barriers to mental wellbeing are sadly not new. Workloads, stigma around mental health, lack of sick days, and limits to benefits for mental health supports were challenges before the pandemic. Adding in the new barriers can very easily result in a tipping point for many employees who are simply not equipped to deal with or supported in dealing with the added burden of remote work in a post-pandemic world.

    To provide the needed support to your employees, it’s important to be mindful of the key considerations.

    Holistic employee wellbeing has never been more critical than it is right now

    Employee Wellbeing

    Physical

    The physical body; ensuring a person has the freedom, opportunities, and resources needed to sustainably maintain bodily health.

    Mental

    The psychological ability to cope with information, emotions, desires, and stressors (e.g. change, threats, etc.) in a healthy and balanced way. Essential for day-to-day living and functioning.

    Social

    The state of personal and professional relationships, including personal and community engagement. The capability for genuine, authentic, and mutually affirming interactions with others.

    Financial

    The state of a person’s finances; ensuring that a person feels capable to handle their financial situation and behaviors. The ability to live productively without the weight of financial stress.

    Speaker’s Notes:

    As a manager, you need to be mindful of all of these. Create an atmosphere where people are able to come to you for help if they are struggling in one of these areas. For example, some people might be more comfortable raising physical safety or comfort concerns (personal protective equipment, ergonomics) than concerns about mental health. Or they might feel like their feelings of loneliness are not appropriate to bring into their professional life.

    Wellbeing is a delicate subject, and most of the time, people are reluctant to talk about it. It requires vulnerability. And here’s the thing about it: Your staff will not drive a change in your team around making these topics more acceptable. It has to be the manager. You have to be the one to not just tell but show them that it’s OK to talk about this

    Encourage human-centered workplace behaviors

    Promote empathy as a focus value

    • Listen and show compassion.
    • Allow room for emotions.

    Encourage social connection

    • Leverage networks.
    • Infuse fun where possible.
    • Encourage community and sense of joint purpose.

    Cultivate a growth mindset

    • Encourage mindfulness and resilience.
    • Express gratitude.

    Empower others

    • Ask employees what they need and co-create solutions.
    • Integrate needs of personal and family life with work life.
    • Be clear on accountability.

    Speaker’s Notes:

    As a leader, your focus should be on encouraging the right behaviors on your team and in yourself.
    Show empathy; allowing room for emotion and showing you are willing and able to listen goes a long way to establishing trust.

    A growth mindset applies to resilience too. A person with a growth mindset is more likely to believe that even though they’re struggling now, they will get through it.

    Infuse fun – schedule social check-ins. This is not wasted time, or time off work – it is an integral part of the workday. We have less of it now organically, so you must bring it back deliberately. Remember that theme? We are deliberately reinfusing important organic elements into the workday.

    The last item, empowerment, is interesting – being clear on accountability. Have clear performance expectations. It might sound like telling people what to do would be disempowering, but it’s the opposite. By clarifying the goals of what they need to achieve, you empower them to invent their own “how,” because you and they are both sure they will arrive at the place that you agreed on. We will talk more about this in performance management.

    Emphasize the importance of wellbeing by setting the tone for the team

    Managers must…

    • LEAD BY EXAMPLE
      • Employees look to their managers for cues about how to react in a crisis. If the manager reacts with stress and fear, the team will follow.
    • ENCOURAGE OPEN COMMUNICATION
      • Frequent check-ins and transparent communication are essential during a time of crisis, especially when working remotely.
    • ACKNOWLEDGE THE SITUATION
      • Recognizing the stress that teams may be facing and expressing confidence in them goes a long way.
    • PROMOTE WELLBEING
      • Managers who take care of themselves can better support their teams and encourage them to practice good self-care too.
    • REDUCE STIGMA
      • Reducing stigma around mental health encourages people to come forward with their struggles and get the support they need.

    Speaker’s Notes:

    Emphasize the importance of wellbeing with what you do. If you do not model self-care behavior, people will follow what you do, not what you say.

    Lead by example – Live the behaviors you want to see in your employees. If you show confidence, positivity, and resiliency, it will filter down to your team.

    Encourage open communication – Have regular meetings where your team is able to set the agenda, or allow one-on-ones to be guided by the employee. Make sure these are scheduled and keep them a priority.

    Acknowledge the situation – Pretending things are normal doesn’t help the situation. Talk about the stress that the team is facing and express confidence that you will get through it together.

    Promote wellbeing – Take time off, don’t work when you’re sick, and you will be better able to support your team!

    Reduce stigma – Call it out when you see it and be sure to remind people of and provide access to any supports that the organization has.

    Conduct dedicated conversations around wellbeing

    1. Check in with how each team member is doing frequently and ask how they are doing personally.
    2. Discuss how things are going. Ask: “How is your work situation working out for you so far? Do you feel supported? How are you taking care of yourself in these circumstances?”
    3. Ask if there are any stressors or roadblocks that they have experienced and collaborate to find solutions.
    4. Provide reassurance of your support and confidence in them.
    5. Document the plan for managing stressors and roadblocks – either through a collaboration tool or through email.

    Speaker’s Notes:

    Going back to the idea of a growth mindset – this may be uncomfortable for you as a manager. So here’s a step-by-step guide that over time you can morph into your own style.

    With your team – be prepared to share first and to show it is OK to be vulnerable and address wellbeing seriously.

    1. Make sure you make time for the personal. Ask about their lives and show compassion.
    2. Give opportunities for them to bring up things that might stay hidden otherwise. Ask questions that show you care.
    3. Help identify areas they are struggling with and work with them to move past those areas.
    4. Make sure they feel supported in what they are going through and reassured of their place on the team.
    5. Roll wellbeing into your planning process. This signals to team that you see wellbeing as important, not just a checklist to cover during a team meeting, and are ready to follow through on it.

    Recognize when professional help is needed

    SIGNS OF BURNOUT: Overwhelmed; Frequent personal disclosure; Trouble sleeping and focusing; Frequent time off; Strained relationships; Substance abuse; Poor work performance

    Speaker’s Notes:

    As a leader, it is important to be on the lookout for warning signs of burnout and know when to step in and direct individuals to professional help.

    Poor work performance – They struggle to maintain work performance, even after you’ve worked with them to create coping strategies.

    Overwhelmed – They repeatedly tell you that they feel overwhelmed, very stressed, or physically unwell.

    Frequent personal disclosure – They want to discuss their personal struggles at length on a regular basis.

    Trouble sleeping and focusing – They tell you that they are not sleeping properly and are unable to focus on work.

    Frequent time off – They feel the need to take time off more frequently.

    Strained relationships – They have difficulty communicating effectively with coworkers; relationships are strained.

    Substance abuse – They show signs of substance abuse (e.g. drunk/high while working, social media posts about drinking during the day).

    Keeping an eye out for these signs and being able to step in before they become unmanageable can mean the difference between keeping and losing an employee experiencing burnout.

    Remember: Managers also need support

    • Added burden
    • Lead by example
    • Self-care

    Speaker’s Notes:

    If you’ve got managers under you, be mindful of their unique stressors. Don’t forget to check in with them, too.

    If you are a manager, remember to take care of yourself and check in with your own manager about your own wellbeing.

    2.1 Balance wellbeing and performance in a virtual team context

    30 Minutes

    1. Brainstorm and list current practices and challenges connected to wellbeing on your teams.
    2. Choose one or two wellbeing challenges that are most relevant for your team.
    3. Discuss as a group and identify one solution for each challenge that you can put into action with your own virtual team. Document this under “Action plan to move forward” on the workbook slide “2.1 Balancing wellbeing and performance in a virtual team context.”

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Current practices and challenges connected to wellbeing

    Output

    • Action plan for each challenge listed

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Effectively Manage Virtual Teams

    Section 2.2

    Managing performance in a virtual team context

    Virtual employees are craving more meaningful interactions with their managers

    A survey indicated that, overall, remote employees showed less satisfaction with manager interactions compared to other non-remote employees.

    1. 16% less likely to strongly agree their manager involves them in setting goals at work.
    2. 28% less likely to strongly agree they continually work with their manager to clarify work priorities.
    3. 29% less likely to strongly agree they have reviewed their greatest successes with their manager in the last six months.
    4. 30% less likely to strongly agree they have talked with their manager about progress toward goals in the last six months.

    Speaker’s Notes:

    In many cases, we have put people into virtual roles because they are self-directed and self-motivated workers who can thrive with the kind of autonomy and flexibility that comes with virtual work. As managers, we should expect many of these workers to be proactively interested in how they are performing and in developing their careers.

    It would be a mistake to take a hands-off approach when managing virtual workers. A recent survey indicated that, overall, remote employees showed less satisfaction with manager interactions compared to other non-remote employees. It was also one of the aspects of their work experience they were least satisfied with overall (Gallup, State of the American Workplace, 2017). Simply put, virtual employees are craving more meaningful conversations with their managers.

    While conversations about performance and development are important for all employees (virtual or non-virtual), managers of remote teams can have a significant positive impact on their virtual employees’ experience and engagement at work by making efforts to improve their involvement and support in these areas.

    During this module we will work together to identify ways that each of us can improve how we manage the performance of our virtual employees. At the end of the module everyone will create an action plan that they can put in place with their own teams. In the next module, we go through a similar set of activities to create an action plan for our interactions with employees about their development.

    Building blocks of performance management

    • Goal Setting

    • Setting Expectations

    • Measuring Progress

    • Feedback & Coaching

    Speaker’s Notes:

    [Include a visualization of your existing performance management process in the slide. Walk the participants through the process to remind them of what is expected. While the managers participating in the training should know this, there may be different understandings of it, or it might just be the case that it’s been a while since people looked at the official process. The intention here is merely to ensure everyone is on the same page for the purposes of the activities that follow.]

    Now that we’ve reviewed performance management at a high level, let’s dive into what is currently happening with the performance management of virtual teams.

    I know that you have some fairly extensive material at your organization around how to manage performance. This is fantastic. And we’re going to focus mainly on how things change in a virtual context.

    When measuring progress, how do you as a manager make sure that you are comfortable not seeing your team physically at their desks? This is the biggest challenge for remote managers.

    2.2 Share current performance management practices for virtual teams

    30 Minutes

    1. Brainstorm and list current high-level performance management practices connected to each building block. Record in your workbook.
    2. Discuss current challenges connected to implementing the building blocks with virtual employees.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Current performance management practices
    • Challenges surrounding performance management

    Output

    • Current state of virtual performance management defined

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Communicate the “why”: Cascade organizational goals

    This image depicts the Cascade of Why- organizational goals. Organizational Mission; Organizational Values; Organizational Goals; Department Goals; Team Goals; Individual Goals

    Speaker’s Notes:

    When assisting your employees with their goals, think about the organization’s overall mission and goals to help you determine team and individual goals.

    • Organizational goals: Employee goals should align with organizational goals. Goals may cascade down through the organization.
    • Department or team goals: Create a clear strategy based on high-level goals for the year so employees can link short-term goals to the larger picture.
    • Individual goals: Employees should draw on their individual development plan to help set performance goals.

    Sometimes it’s difficult to get employees thinking about goals and they need assistance from managers. It’s also important to be clear on team goals to help guide employees in setting individual ones.

    The basic idea is to show people how their individual day-to-day work contributes to the overall success of the organization. It gives them a sense of purpose and a rationale, which translates to motivation. And also helps them problem solve with more autonomy.

    You’re giving people a sense of the importance of their own contribution.

    How to set clear expectations for job performance

    Ensure employees have a clear understanding of what’s expected for their role:

    1. Review their metrics so they understand how they’re being evaluated.
    2. Outline daily, weekly, monthly, and quarterly goals.
    3. If needed, help them plan when and how each part of their job should be done and what to prioritize.
    4. Ask them to come to you early if they experience a roadblock so that you can help rather than having them flounder on their own.
    5. Document instances where employees aren’t meeting role or performance expectations.

    Speaker’s Notes:

    Tailor performance goals to address any root causes of poor performance.

    For example:

    • If personal factors are getting in the way, work with the employee (and HR if necessary) to create a strategy to address any impediments to performing in the role.

    Tips for managing performance remotely

    • Reflect on one key question: What needs to happen for my direct reports to continue their work while working remotely?
    • Manage for results – not employee visibility at the office.
    • Use metrics to measure performance. If you don’t have any, define tasks and deliverables as clearly as possible and conduct regular check-ins.
    • Work with the employee to set goals and metrics to measure progress.

    Focus on results: Be flexible about how and when work gets done, as long as team members are hitting their targets.

    • For example, if they have childcare duties from 3 to 5pm during school closures and want to work later in the evening to make up the time, that’s fine – as long as the work gets done.
    • Set clear expectations about which work must be done during normal work hours (e.g. attend team meetings, client calls) and which can be done at other hours.
    • Team members must arrange with you any nonstandard working hours before they start using an altered schedule. It is your responsibility to keep track of hours and any alternate arrangements.
    • Don’t make team members feel constantly monitored (i.e. “Where were you from 10 to 11am?”); trust them until you have reason not to.

    Encourage your team members to unplug: If they’re sending you emails late at night and they haven’t made an alternate work hours agreement with you, encourage them to take time away from work.

    • It’s harder to unplug when working at home, and everyone needs a break to stay productive.

    Avoid micromanagement with holistic performance measures

    Quality

    How well tasks are accomplished

    Behavior

    Related to specific employee actions, skills, or attitudes

    Quantity

    How much work gets done

    Holistic measures demonstrate all the components required for optimal performance. This is the biggest driver in having comfort as a manager of a remote team and avoiding micromanagement. Typically these are set at the organizational level. You may need to adjust for individual roles, etc.

    Speaker's Notes:

    Metrics come in different types. One way to ensure your metrics capture the full picture is to use a mix of different kinds of metrics.

    Some metrics are quantitative: they describe quantifiable or numerical aspects of the goal. This includes timeliness. On the other hand, qualitative metrics have to do with the final outcome or product. And behavioral metrics have to do with employees' actions, skills, or attitudes. Using different kinds of metrics together helps you set holistic measures, which capture all the components of optimal performance toward your goal and prevent gaming the system.

    Let's take an example:

    A courier might have an objective to do a good job delivering packages. An example of a quantitative measure might be that the courier is required to deliver X number of packages per day on time. The accompanying metrics would be the number of packages delivered per day and the ratio of packages delivered on time vs. late.

    Can you see a problem if we use only these quantitative measures to evaluate the courier's performance?

    Wait to see if anyone volunteers an answer. Discuss suggestions.

    That's right, if the courier's only goal is to deliver more packages, they might start to rush, may ruin the packages, and may offer poor customer service. We can help to guard against this by implementing qualitative and behavioral measures as well. For example, a qualitative measure might be that the courier is required to deliver the packages in mint condition. And the metric would be the number of customer complaints about damaged packages or ratings on a satisfaction survey related to package condition.

    For the behavioral aspect, the courier might be required to provide customer-centric service with a positive attitude. The metrics could be ratings on customer satisfaction surveys related to the courier's demeanor or observations by the manager.

    Managing poor performance virtually: Look for key signs

    It’s crucial to acknowledge that an employee might have an “off week” or need time to balance work and life – things that can be addressed with performance management (PM) techniques. Managers should move into the process for performance improvement when:

    1. Performance fluctuates frequently or significantly.
    2. Performance has dropped for an extended period of time.
    3. Expectations are consistently not being met.

    Key signs to look for:

    • PM data/performance-related assessments
    • Continual absences
    • Decreased quality or quantity of output
    • Frequent excuses (e.g. repeated internet outages)
    • Lack of effort or follow-through
    • Missed deadlines
    • Poor communication or lack of responsiveness
    • Failure to improve

    Speaker’s notes:

    • Let’s talk more about identifying low performance.
    • Everybody has off days or weeks. And what if they are new to the role or new to working remotely? Their performance may be low because they need time to adjust. These sort of situations should be managed, but they don’t require moving into the process for performance improvement.
    • When managing employees who are remote or working in a hybrid situation, it is important to be alert to these signs and check in with your employees on a regular basis. Aim to identify and work with employees on addressing performance issues as they arise rather than waiting until it’s too late. Depending on your availability, the needs of the employee, and the complexity of their role, check-ins could occur daily, weekly, and/or monthly. As I mentioned, for remote employees, it’s often better to check-in more frequently but for a shorter period of time.
    • You want to be present in their work life and available to help them manage through roadblocks and stay on track, but try to avoid over-monitoring employees. Micromanaging can impact the manager-employee relationship and lead to the employee feeling that there is a lack of trust. Remember, the employee needs to be responsible for their own performance and improvement.
    • Check-ins should not just be about the work either. Take some time to check in personally. This is particularly important when managing remotely. It enables you to build a personal relationship with the employee and also keeps you aware if there are other personal issues at play that are impacting their work.
    • So, how do you know what does require performance improvement? There are three key things that you should look for that are clear signals that performance improvement is necessary:
      1. Their performance is fluctuating frequently or significantly.
      2. Their performance has dropped for an extended period of time.
      3. Expectations are consistently not being met.
    • What do you think are some key signs to look for that indicate a performance issue is occurring?

    Managing poor performance virtually: Conducting remote performance conversations

    Video calling

    Always use video calls instead of phone calls when possible so that you don’t lose physical cues and body language.

    Meeting invitations

    Adding HR/your leader to a meeting invite about performance may cause undue stress. Think through who needs to participate and whether they need to be included in the invite itself.

    Communication

    Ensure there are no misunderstandings by setting context for each discussion and having the employee reiterate the takeaways back to you.

    Focus on behavior

    Don’t assume the intent behind the behavior(s) being discussed. Instead, just focus on the behavior itself.

    Policies

    Be sure to adhere to any relevant HR policies and support systems. Working with HR throughout the process will ensure none are overlooked.

    Speaker’s notes:

    There are a few best practices you should follow when having performance conversations:

    • First, if you are in a different work environment than your employee, always use video calls instead of phone calls whenever possible so that you don’t miss out on physical cues and body language. If videoconferencing isn’t the norm, encourage them to turn on their video. Be empathic that it can feel awkward but explain the benefits, and you will both have an easier time communicating and understanding each other.
    • As I’ve mentioned, be considerate of the environment they are in. If they are in the office and you are working remotely, be sure to book a private meeting room for them to go to for the conversation. If they are working from home, be sure to check that they are prepared and able to focus on the conversation.
    • Next, carefully consider who you are adding to the meeting invite and whether it’s necessary for them to be there. Adding HR or your leader to a meeting invite may cause undue stress for the employee.
    • Consider the timing of the invite. Don’t send it out weeks in advance. When a performance problem exists, you’ll want to address it as soon as possible. A day or two of notice would be an ideal approach because it gives them a heads up but will not cause them extended stress or worrying.
    • Be considerate about the timing of the meeting and what else they may have scheduled. For example, a Friday afternoon before they are heading off on vacation or right before they are leading an important client call would not be appropriate timing.
    • As we just mentioned clear communication is critical. Ensure there are no misunderstandings by setting context for each discussion and having the employee reiterate takeaways back to you.
    • Focus on the behavior and don’t assume their intent. It can be tempting to say, “I know you didn’t mean to miss the deadline,” but you don’t know what they intended. Often people are not aware of the impact their behavior can have on others.
    • Lastly, be sure to adhere to any relevant HR policies and support systems. Working with HR throughout the process will ensure nothing is overlooked.

    2.3 Identify challenges of current practices and propose solutions

    30 Minutes

    1. Select one or two challenges from the previous activity.
    2. Identify one solution for each challenge that you can put into action with your own virtual team. Document in the workbook.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Current performance management practices
    • Challenges surrounding performance management

    Output

    • Action plan to move forward

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Effectively Manage Virtual Teams

    Optional Section

    Employee development in a virtual team setting

    There are three main development approaches for both colocated and virtual employees

    Formal Training; Relational Learning; Experimental Learning

    Speaker’s Notes:

    As we have seen, our virtual employees crave more meaningful interactions with their managers. In addition to performance conversations, managers should also be having regular discussions with their employees about their employee development plans. One key component of these discussions is career planning. Whether you are thinking shorter term – how to become better at their current role – or longer term – how to advance beyond their current role – discussions about employee development are a great way to engage employees. Employees are ultimately responsible for creating and executing their own development plans, but managers are responsible for making sure that employees have thought through these plans and helping employees identify opportunities for executing those plans.

    To help us think about our own employee development practices, identify challenges they pose when working with virtual employees, and create solutions to these challenges, it is useful to think about employee development opportunities according to three types:

    1. The first kind of development opportunity is formal training. Formal training is organized and has a clearly defined curriculum and desired outcome. It usually takes the form of a group training session (like this one) or training videos or materials that employees can watch individually and on their own time. These opportunities usually end with a test or assignment that can be used to evaluate the degree to which the participant achieved the desired learning outcomes.
    2. The second kind of development opportunity is relational learning. Perhaps the most common form of this type of learning is coaching or mentoring. By establishing a long-term work relationship, checking in with employees about their daily work and development goals, and sharing their own experiences and knowledge, mentors help employees reflect and draw out learning from everyday, on-the-job development activities. Other examples include a peer support group or communities of practice. In these group settings peers share best practices and work together to overcome challenges.
    3. The third kind of development opportunity is experiential learning. This kind of opportunity provides employees the chance to work on real work problems, and the output of the development work can directly benefit the organization. Most people learn best by doing. On-the-job experiences that are challenging or new can force people to use and develop new skills and knowledge based on what worked effectively and what failed. Examples of experiential learning are on-the-job learning for new hires, stretch assignments, or special projects that take the employee beyond their daily routine and allow them to try new activities and develop competencies that they would not have the chance to develop as part of their regular job.

    According to McLean & Company, organizations should use the “70-20-10” rule as a rough guideline when working with employees to create their development plans: 10% of the plan should be dedicated to formal training opportunities, 20% to relational learning, and 70% to experiential learning. Managers should work with employees to identify their performance and career goals, ensure that their development plans are aligned with these goals, and include an appropriate mixture of all three kinds of development opportunities.

    To help identify challenges and solutions, think about how virtual work arrangements will impact the employee’s ability to leverage each type of opportunity at our organization.

    Here are some examples that can help us start thinking about the kinds of challenges virtual employees on our team face:

    Career Planning

    • One challenge can be identifying a career path that is consistent with working virtually. If switching from a virtual arrangement to an onsite arrangement is not a viable option for an employee, some career paths may not feasibly be open to them (at least as the company is currently organized). For example, if an employee would eventually like to be promoted to a senior leadership role in their business function but all senior leaders are required to work onsite at corporate headquarters, the employee will need to consider whether such a move is possible for them. In some cases employees may be willing to do this, but in others they may not. The important thing is to have these conversations with virtual employees and avoid the assumption that all career paths can be done virtually, since that might not be the case

    Formal Training

    • This is probably the least problematic form of employee development for virtual employees. In many cases this kind of training is scheduled well in advance, so virtual employees may be able to join non-virtual employees in person for some group training. When this is not possible (due to distance, budget, or time zone), many forms of group training can be recorded and watched by virtual employees later. Training videos and training materials can also easily be shared with virtual employees using existing collaboration software.

    Relational Learning

    • One major challenge here is developing a mentoring relationship virtually. As we discussed in the module on performance management, developing relationships virtually can be challenging because people cannot rely upon the kind of informal and spontaneous interactions that occur when people are located in the same office. Mentors and mentees will have to put in more effort and planning to get to know each other and they will have to schedule frequent check-ins so that employees can reflect upon their progress and experience (with the help of their mentors) more often.
    • Time zones and technology may pose potential barriers for certain candidates to be mentors. In some cases, employees that are best qualified to be mentors may not be as comfortable with collaborative software as other mentors or their mentees. If there are large time zone differences, some people who would otherwise be interested in acting as a mentor may be dissuaded. Managers need to take this into consideration if they are connecting employees with mentors or if they are thinking of taking on the mentor role themselves.

    Experiential Learning

    • Virtual employees risk being overlooked for special projects due to the “out of sight, out of mind” bias: When special projects come up, the temptation is to look around the room and see who is the best fit. The problem is, however, that in some cases the highest performers or best fit may not physically be in the room. In these cases it is important for managers to take on an advocate role for their employees and remind other managers that they have good virtual employees on their team that should be included or contacted. It is also important for managers to keep their team informed about these opportunities as often as possible.
    • Sometimes certain projects or certain kinds of work just cannot be done virtually in a company for a variety of reasons. The experiential learning opportunities will not be open to virtual employees. If such opportunities are open to the majority of other workers in this role (potentially putting virtual employees’ career development at a disadvantage relative to their peers), managers should work with their virtual employees to identify alternative experiences. Managers may also want to consider advocating for more or for higher quality experiential learning opportunities at the organization.

    Now that we have considered some general examples of challenges and solutions, let’s look at our own employee development practices and think about the practical steps we can take as managers to improve employee development for our virtual employees.

    Employee development basics

    • Career planning & performance improvement
    • Formal training
    • Relational learning
    • Experiential learning

    Speaker’s Notes:

    [Customize this slide according to your organization’s own policies and processes for employee development. Provide useful images that outline this on the slide, and in these notes describe the processes/policies that are in place. Note: In some cases policies or processes may not be designed with virtual employees or virtual teams in mind. That is okay for the purposes of this training module. In the following activities participants will discuss how they apply these policies and processes with their virtual teams. If your organization is interested in adapting its policies/processes to better support virtual workers, it may be useful to record those conversations to supplement existing policies later.]

    Now that we have considered some general examples of challenges and solutions, let’s look at our own employee development practices and think about the practical steps we can take as managers to improve employee development for our virtual employees.

    2.4 Share current practices for developing employees on a virtual team

    30 Minutes

    1. Brainstorm and list current high-level employee development practices. Record in your workbook.
    2. Discuss current challenges connected to developing virtual employees. Record in your workbook.
    3. Identify one solution for each challenge that you can put into action with your own virtual team.
    4. Discuss as a group.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Current employee development practices
    • Challenges surrounding employee development

    Output

    • Action plan to move forward

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Refine Action Plans

    2.5 Refine your action plan and commit to implementing it

    30 Minutes

    1. Review your action plans for consistency and overlap. Highlight any parts you may struggle to complete.
    2. Meeting with your group, summarize your plans to each other. Provide feedback and discuss each other’s action plans.
    3. Discuss how you can hold each other accountable.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Action items from previous activities.

    Output

    • Action plan to move forward

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Summary of Accomplishment

    • We do not need to go out and learn a new set of manager responsibilities to better manage our virtual teams; rather, we have to “dial up” certain responsibilities we already have or adjust certain approaches that we already take.
    • It is important to set clear expectations. While managers are ultimately responsible for making sure expectations are set and are clearly communicated, they are not the only ones with responsibilities. Employees and managers need to work together to overcome the challenges that virtual work involves.
    • Virtual employees crave meaningful interactions with their managers and team. Managers must take charge in fostering an atmosphere of openness around wellbeing and establish effective performance management strategies. By being proactive with our virtual teams’ wellness and mindful of our performance management habits, we can take significant steps toward keeping these employees engaged and productive.
    • Effective management in virtual contexts requires being more deliberate than is typical in non-virtual contexts. By working as a group to identify challenges and propose solutions, we have helped each other create action plans that we can use going forward to continually improve our management practices.

    If you would like additional support, have our analysts guide you through an info-tech workshop or guided implementation.

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Speaker’s Notes:

    First, let’s take a moment to summarize the key things we have learned today:

    1. We do not need to go out and learn a new set of manager competencies to better manage our virtual teams; rather, we have to “dial up” certain competencies we already have or adjust certain approaches that we already take. In many cases we just need to be more aware of the challenges that virtual communication poses and be more planful in our approaches.
    2. It is important to set clear expectations. While managers are ultimately responsible for making sure expectations are set and clearly communicated, they are not the only ones with responsibilities. Employees and managers need to work together to overcome the challenges that virtual work involves. Making sure that teams have meaningful conversations about expectations, come to a shared understanding of them, and record them will create a firm foundation for all other interactions on the virtual team.
    3. Virtual employees crave meaningful interactions with their managers related to performance and employee development. By creating action plans for improving these kinds of interactions with our teams, we can take significant steps toward keeping these employees engaged and productive.
    4. Effective performance management and employee development in virtual contexts require more planfulness than is required in non-virtual contexts. By working as a group to identify challenges and propose solutions, we have helped each other create action plans that we can use going forward to continually improve our management practices.

    Is there anything that anyone has learned that is not on this list and that they would like to share with the group?

    Finally, were there any challenges identified today that were not addressed?

    [Note to facilitator: Take note of any challenges not addressed and commit to getting back to the participants with some suggested solutions.]

    Additional resources

    Manager Training: Lead Through Change

    Train managers to navigate the interpersonal challenges associated with change management and develop their communication and leadership skills. Upload this LMS module into your learning management system to enable online training.

    Manager Training: Build a Better Manager: Manage Your People

    Management skills training is needed, but organizations are struggling to provide training that makes a long-term difference in the skills managers use in their day to day.

    Many training programs are ineffective because they offer the wrong content, deliver it in a way that is not memorable, and are not aligned with the IT department’s business objectives.

    Blueprint: Manage Poor Performance While Working From Home

    Assess and improve remote work performance with our ready-to-use tools.

    Works Cited

    April, Richard. “10 KPIs Every Sales Manager Should Measure in 2019.” HubSpot, 24 June 2019. Web.

    Banerjea, Peter. “5 Powerful Strategies for Managing a Remote Sales Team.” Badger - Maps for field sales, n.d. Web.

    Bibby, Adrianne. “5 Employers’ Awesome Quotes about Work Flexibility.” FlexJobs, 9 January 2017. Web.

    Brogie, Frank. “The 14 KPIs every field sales rep should strive to improve.” Repsly, 2018. Web.

    Dunn, Julie. “5 smart tips for leading field sales teams.” LevelEleven, March 2015. Web.

    Edinger, Scott. “How great sales leaders coach.” Forbes, 2013. Web.

    “Employee Outlook: Employee Views on Working Life.” CIPD, April 2016. Web.

    Hall, Becki. “The 5 biggest challenges facing remote workers (and how to solve them).” interact, 7 July 2017. Web.

    Hofstede, Geert. “National Cultural Dimensions.” Hofstede Insights, 2012. Web.

    “Inventory of U.S. Greenhouse Gas Emissions and Sinks: 1990-2014 (EPA 430-R-16-002).” Environmental Protection Agency (EPA), 15 April 2016.

    “Latest Telecommuting Statistics.” Global Workplace Analytics, June 2021. Web.

    Knight, Rebecca. “How to manage remote direct reports.” Harvard Business Review, 2015. Web.

    “Rewards and Recognition: 5 ways to show remote worker appreciation.” FurstPerson, 2019. Web.

    Palay, Jonathan. "How to build your sales management cadence." CommercialTribe, 22 March 2018. Web.

    “Sales Activity Management Matrix.” Asian Sales Guru, 2019. Web.

    Smith, Simone. “9 Things to Consider When Recognizing Remote Employees.” hppy, 2018. Web.

    “State of Remote Work 2017.” OWL Labs, 2021. Web.

    “State of the American Workplace.” Gallup, 2017. Web.

    “Telework Savings Potential.” Global Workplace Analytics, June 2021. Web.

    “The Future of Jobs Employment Trends.” World Economic Forum, 2016. Web.

    “The other COVID-19 crisis: Mental health.” Qualtrics, 14 April 2020. Web.

    Thompson, Dan. “The straightforward truth about effective sales leadership.” Sales Hacker, 2017. Web.

    Tsipursky, Gleb. “Remote Work Can Be Better for Innovation Than In-Person Meetings.” Scientific American, 14 Oct. 2021. Web.

    Walsh, Kim. “New sales manager? Follow this guide to crush your first quarter.” HubSpot, May 2019. Web.

    “What Leaders Need to Know about Remote Workers: Surprising Differences in Workplace Happiness and Relationships.” TINYpulse, 2016.

    Zenger, Jack, and Joe Folkman. “Feedback: The Leadership Conundrum.” Talent Quarterly: The Feedback Issue, 2015.

    Contributors

    Anonymous CAMH Employee

    Build Your Enterprise Innovation Program

    • Buy Link or Shortcode: {j2store}104|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $100,000 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • You don’t know where to start when it comes to building an innovation program for your organization.
    • You need to create a culture of innovation in your business, department, or team.
    • Past innovation efforts have been met with resistance and cynicism.
    • You don’t know what processes you need to support business-led innovation.

    Our Advice

    Critical Insight

    Innovation is about people, not ideas or processes. Innovation does not require a formal process, a dedicated innovation team, or a large budget; the most important success factor for innovation is culture. Companies that facilitate innovative behaviors like growth mindset, collaboration, and taking smart risks are most likely to see the benefits of innovation.

    Impact and Result

    • Outperform your peers by 30% by adopting an innovative approach to your business.
    • Move quickly to launch your innovation practice and beat the competition.
    • Develop the skills and capabilities you need to sustain innovation over the long term.

    Build Your Enterprise Innovation Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build Your Enterprise Innovation Program Storyboard – A step-by-step process to create the innovation culture, processes, and tools you need for business-led innovation.

    This storyboard includes three phases and nine activities that will help you define your purpose, align your people, and build your practice.

    • Build Your Enterprise Innovation Program – Phases 1-3

    2. Innovation Program Template – An executive communication deck summarizing the outputs from this research.

    Use this template in conjunction with the activities in the main storyboard to create and communicate your innovation program. This template uses sample data from a fictional retailer, Acme Corp, to illustrate an ideal innovation program summary.

    • Innovation Program Template

    3. Job Description – Chief Innovation Officer

    This job description can be used to hire your Chief Innovation Officer. There are many other job descriptions available on the Info-Tech website and referenced within the storyboard.

    • Chief Innovation Officer

    4. Innovation Ideation Session Template – Use this template to facilitate innovation sessions with the business.

    Use this framework to facilitate an ideation session with members of the business. Instructions for how to customize the information and facilitate each section is included within the deck.

    • Innovation Ideation Session Template

    5. Initiative Prioritization Workbook – Use this spreadsheet template to easily and transparently prioritize initiatives for pilot.

    This spreadsheet provides an analytical and transparent method to prioritize initiatives based on weighted criteria relevant to your business.

    • Initiative Prioritization Workbook

    Infographic

    Workshop: Build Your Enterprise Innovation Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your Ambitions

    The Purpose

    Define your innovation ambitions.

    Key Benefits Achieved

    Gain a better understanding of why you are innovating and what your organization will gain from an innovation program.

    Activities

    1.1 Understand your innovation mandate.

    1.2 Define your innovation ambitions.

    1.3 Determine value proposition & metrics.

    Outputs

    Complete the "Our purpose" section of the Innovation Program Template

    Complete "Vision and guiding principles" section

    Complete "Scope and value proposition" section

    Success metrics

    2 Align Your People

    The Purpose

    Build a culture, operating model, and team that support innovation.

    Key Benefits Achieved

    Develop a plan to address culture gaps and identify and implement your operating model.

    Activities

    2.1 Foster a culture of innovation.

    2.2 Define your operating model.

    Outputs

    Complete "Building an innovative culture" section

    Complete "Operating model" section

    3 Develop Your Capabilities

    The Purpose

    Create the capability to facilitate innovation.

    Key Benefits Achieved

    Create a resourcing plan and prioritization templates to make your innovation program successful.

    Activities

    3.1 Build core innovation capabilities.

    3.2 Develop prioritization criteria.

    Outputs

    Team structure and resourcing requirements

    Prioritization spreadsheet template

    4 Build Your Program

    The Purpose

    Finalize your program and complete the final deliverable.

    Key Benefits Achieved

    Walk away with a complete plan for your innovation program.

    Activities

    4.1 Define your methodology to pilot projects.

    4.2 Conduct a program retrospective.

    Outputs

    Complete "Operating model" section in the template

    Notable wins and goals

    Further reading

    Build Your Enterprise Innovation Program

    Transform your business by adopting the culture and practices that drive innovation.

    Analyst Perspective

    Innovation is not about ideas, it's about people.

    Many organizations stumble when implementing innovation programs. Innovation is challenging to get right, and even more challenging to sustain over the long term.

    One of the common stumbling blocks we see comes from organizations focusing more on the ideas and the process than on the culture and the people needed to make innovation a way of life. However, the most successful innovators are the ones which have adopted a culture of innovation and reinforce innovative behaviors across their organization. Organizational cultures which promote growth mindset, trust, collaboration, learning, and a willingness to fail are much more likely to produce successful innovators.

    This research is not just about culture, but culture is the starting point for innovation. My hope is that organizations will go beyond the processes and methodologies laid out here and use this research to dramatically improve their organization's performance.

    Kim Rodriguez

    Kim Osborne Rodriguez
    Research Director, CIO Advisory
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    As a leader in your organization, you need to:

    • Understand your organization's innovation goals.
    • Create an innovation program or structure.
    • Develop a culture of innovation across your team or organization.
    • Demonstrate an ability to innovate and grow the business.

    Common Obstacles

    In the past, you might have experienced one or more of the following:

    • Innovation initiatives lose momentum.
    • Cynicism and distrust hamper innovation.
    • Innovation efforts are unfocused or don't provide the anticipated value.
    • Bureaucracy has created a bottleneck that stifles innovation.

    Info-Tech's Approach

    This blueprint will help you:

    • Understand the different types of innovation.
    • Develop a clear vision, scope, and focus.
    • Create organizational culture and behaviors aligned with your innovation ambitions.
    • Adopt an operational model and methodologies best suited for your culture, goals, and budget.
    • Successfully run a pilot program.

    Info-Tech Insight

    There is no single right way to approach innovation. Begin with an understanding of your innovation ambitions, your existing culture, and the resources available to you, then adopt the innovation operating model that is best suited to your situation.

    Note: This research is written for the individual who is leading the development of the innovation. This role is referred to as the Chief Innovation Officer (CINO) throughout this research but could be the CIO, CTO, IT director, or another business leader.

    Why is innovation so challenging?

    Most organizations want to be innovative, but very few succeed.

    • Bureaucracy slows innovation: Innovation requires speed – it is important to fail fast and early so you can iterate to improve the final solution. Small, agile organizations like startups tend to be more risk tolerant and can move more quickly to iterate on new ideas compared to larger organizations.
    • Change is uncomfortable: Most people are profoundly uncomfortable with failure, risk, and unknowns – three critical components of innovation. Humans are wired to think efficiently rather than innovatively, which leads to confirmation bias and lack of ingenuity.
    • You will likely fail: Innovation initiatives rarely succeed on the first try – Harvard Business Review estimates between 70% and 90% of innovation efforts fail. Organizations which are more tolerant of failure tend to be significantly more innovative than those which are not (Review of Financial Studies, 2014).

    Based on a survey of global innovation trends and practices:

    75%

    Three-quarters of companies say innovation is a top-three priority.
    Source: BCG, 2021

    30%

    But only 30% of executives say their organizations are doing it well.
    Source: BCG, 2019

    The biggest obstacles to innovation are cultural

    The biggest obstacles to innovation in large companies

    Based on a survey of 270 business leaders.
    Source: Harvard Business Review, 2018

    A bar graph from the Harvard Business Review

    The most common challenges business leaders experience relate to people and culture. Success is based on people, not ideas.

    Politics, turf wars, and a lack of alignment: territorial departments, competition for resources, and unclear roles are holding back the innovation efforts of 55% of respondents.

    FIX IT
    Senior leadership needs to be clear on the innovation goals and how business units are expected to contribute to them.

    Cultural issues: many large companies have a culture that rewards operational excellence and disincentivizes risk. A history of failed innovation attempts may result in significant resistance to new change efforts.

    FIX IT
    Cultural change takes time. Ensure you are rewarding collaboration and risk-taking, and hire people with fresh new perspectives.

    Inability to act on signals crucial to the future of the business: only 18% of respondents indicated their organization was unaware of disruptions, but 42% said they struggled with acting on leading indicators of change.

    FIX IT
    Build the ability to quickly run pilots or partner with startups and incubators to test out new ideas without lengthy review and approval processes.
    Source: Harvard Business Review, 2018

    Build Your Enterprise Innovation Program

    Define your purpose, assess your culture, and build a practice that delivers true innovation.

    An image summarizing how to define your purpose, align your people, and Build your Practice.
    1 Source: Boston Consulting Group, 2021
    2 Source: Boston Consulting Group, 2019
    3 Source: Harvard Business Review, 2018

    Use this research to outperform your peers

    A seven-year review showed that the most innovative companies outperformed the market by upwards of 30%.

    A line graph showing the Normalized Market Capitalization for 2020.

    Innovators are defined as companies that were listed on Fast Company World's 50 Most Innovative Companies for 2+ years.

    Innovation is critical to business success.

    A 25-year study by Business Development Canada and Statistics Canada showed that innovation was more important to business success than management, human resources, marketing, or finance.

    Executive brief case study

    INDUSTRY: Healthcare
    SOURCE: Interview

    Culture is critical

    This Info-Tech member is a nonprofit, community-based mental health organization located in the US. It serves about 25,000 patients per year in community, school, and clinic settings.

    This organization takes its innovation culture very seriously and has developed methodologies to assess individual and team innovation readiness as well as innovation types, which it uses to determine everyone's role in the innovation process. These assessments look at knowledge of and trust in the organization, its innovation profile, and its openness to change. Innovation enthusiasts are involved early in the process when it's important to dream big, while more pragmatic perspectives are incorporated later to improve the final solution.

    Results

    The organization has developed many innovative approaches to delivering healthcare. Notably, they have reimagined patient scheduling and reduced wait times to the extent that some patients can be seen the same day. They are also working to improve access to mental health care despite a shortage of professionals.

    Developing an Innovative Culture

    • Innovation Readiness Assessment
    • Coaching Specific to Innovation Profile
    • Innovation Enthusiasts Involved Early
    • Innovation Pragmatists Involved Later
    • High Success Rate of Innovation

    Define innovation roles and responsibilities

    A table showing key innovation roles and responsibilities.

    Info-Tech's methodology for building your enterprise innovation program

    1. Define Your Purpose

    2. Align Your People

    3. Build Your Practice

    Phase Steps

    1. Understand your mandate
    2. Define your innovation ambitions
    3. Determine value proposition and metrics
    1. Foster a culture of innovation
    2. Define your operating model
    3. Build core innovation capabilities
    1. Build your ideation and prioritization methodologies
    2. Define your pilot project methodology
    3. Conduct a program retrospective

    Phase Outcomes

    Understand where the mandate for innovation comes from, and what the drivers are for pursuing innovation. Define what innovation means to your organization, and set the vision, mission, and guiding principles. Articulate the value proposition and key metrics for measuring success.

    Understand what it takes to build an innovative culture, and what types of innovation structure are most suited to your innovation goals. Define an innovation methodology and build your core innovation capabilities and team.

    Gather ideas and understand how to assess and prioritize initiatives based on standardized metrics. Develop criteria for tracking and measuring the success of pilot projects and conduct a program retrospective.

    Innovation program taxonomy

    This research uses the following common terms:

    Innovation Operating Model
    The operating model describes how the innovation program delivers value to the organization, including how the program is structured, the steps from idea generation to enterprise launch, and the methodologies used.
    Examples: Innovation Hub, Grassroots Innovation.

    Innovation Methodology
    Methodologies describe the ways the operating model is carried out, and the approaches used in the innovation practice.
    Examples: Design Thinking, Weighted Criteria Scoring

    Chief Innovation Officer
    This research is written for the person or team leading the innovation program – this might be a CINO, CIO, or other leader in the organization.

    Innovation Team
    The innovation team may vary depending on the operating model, but generally consists of the individuals involved in facilitating innovation across the organization. This may be, but does not have to be, a dedicated innovation department.

    Innovation Program
    The program for generating ideas, running pilot projects, and building a business case to implement across the enterprise.

    Pilot Project
    A way of testing and validating a specific concept in the real world through a minimum viable product or small-scale implementation. The pilot projects are part of the overall pilot program.

    Insight summary

    Innovation is about people, not ideas or processes
    Innovation does not require a formal process, a dedicated innovation team, or a large budget; the most important success factor for innovation is culture. Companies that facilitate innovative behaviors like growth mindset, collaboration, and the ability to take smart risk are most likely to see the benefits of innovation.

    Very few are doing innovation well
    Only 30% of companies consider themselves innovative, and there's a good reason: innovation involves unknowns, risk, and failure – three situations that people and organizations typically do their best to avoid. Counter this by removing the barriers to innovation.

    Culture is the greatest barrier to innovation
    In a survey of 270 business leaders, the top three most common obstacles were politics, turf wars, and alignment; culture issues; and inability to act on signals crucial to the business (Harvard Business Review, 2018). If you don't have a supportive culture, your ability to innovate will be significantly reduced.

    Innovation is a means to an end
    It is not the end itself. Don't get caught up in innovation for the sake of innovation – make sure you are getting the benefits from your investments. Measurable success factors are critical for maintaining the long-term success of your innovation engine.

    Tackle wicked problems
    Innovative approaches are better at solving complex problems than traditional practices. Organizations that prioritize innovation during a crisis tend to outperform their peers by over 30% and improve their market position (McKinsey, 2020).

    Innovate or die
    Innovation is critical to business growth. A 25-year study showed that innovation was more important to business success than management, human resources, marketing, or finance (Statistics Canada, 2006).

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Sample Job Descriptions and Organization Charts

    Determine the skills, knowledge, and structure you need to make innovation happen.

    Sample Job Descriptions and Organization Charts

    Ideation Session Template

    Facilitate an ideation session with your staff to identify areas for innovation.

    Ideation Session Template

    Initiative Prioritization Workbook

    Evaluate ideas to identify those which are most likely to provide value.

    Prioritization Workbook

    Key deliverable:

    Enterprise Innovation Program Summary

    Communicate how you plan to innovate with a report summarizing the outputs from this research.

    Enterprise Innovation Program Summary

    Measure the value of this research

    US businesses spend over half a trillion dollars on innovation annually. What are they getting for it?

    • The top innovators(1) typically spend 5-15% of their budgets on innovation (including R&D).
    • This research helps organizations develop a successful innovation program, which delivers value to the organization in the form of new products, services, and methods.
    • Leverage this research to:
      • Get your innovation program off the ground quickly.
      • Increase internal knowledge and expertise.
      • Generate buy-in and excitement about innovation.
      • Develop the skills and capabilities you need to drive innovation over the long term.
      • Validate your innovation concept.
      • Streamline and integrate innovation across the organization.

    (1) based on BCG's 50 Most Innovative Companies 2022

    30%

    The most innovative companies outperform the market by 30%.
    Source: McKinsey & Company, 2020

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided implementation

    What does a typical guided implementation (GI) on this topic look like?

    Phase 0 Phase 1 Phase 2 Phase 3 Finish

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Understand your mandate.
    (Activity 1.1)

    Call #3: Innovation vision, guiding principles, value proposition, and scope.
    (Activities 1.2 and 1.3)

    Call #4: Foster a culture of innovation. (Activity 2.1)

    Call #5: Define your methodology. (Activity 2.2)

    Call #6: Build core innovation capabilities. (Activity 2.3)

    Call #7: Build your ideation and pilot programs. (Activities 3.1 and 3.2)

    Call #8: Identify success metrics and notable wins. (Activity 3.3)

    Call #9: Summarize results and plan next steps.

    A GI is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of three to six months.

    Workshop overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Session 1 Session 2 Session 3 Session 4

    Wrap Up

    Activities

    Define Your Ambitions

    Align Your People

    Develop Your Capabilities

    Build Your Program

    Next Steps and
    Wrap Up (offsite)

    1. Understand your innovation mandate (complete activity prior to workshop)
    2. Define your innovation ambitions
    3. Determine value proposition and metrics
    1. Foster a culture of innovation
    2. Define your operating model
    1. Build core innovation capabilities
    2. Develop prioritization criteria
    1. Define your methodology to pilot projects
    2. Conduct a program retrospective
    1. Complete in-progress deliverables from previous four days
    2. Set up review time for workshop deliverables and to discuss next steps

    Deliverables

    1. Our purpose
    2. Message from the CEO
    3. Vision and guiding principles
    4. Scope and value proposition
    5. Success metrics
    1. Building an innovative culture
    2. Operating model
    1. Core capabilities and structure
    2. Idea evaluation prioritization criteria
    1. Program retrospective
    2. Notable wins
    3. Executive summary
    4. Next steps
    1. Completed enterprise innovation program
    2. An engaged and inspired team

    Phase 1: Define Your Purpose

    Develop a better understanding of the drivers for innovation and what success looks like.

    Purpose

    People

    Practice

    1. Understand your mandate
    2. Define your innovation ambitions
    3. Determine value proposition and metrics
    1. Foster a culture of innovation
    2. Define your operating model
    3. Build core innovation capabilities
    1. Build your ideation and prioritization methodologies
    2. Define your pilot project methodology
    3. Conduct a program retrospective

    This phase will walk you through the following activities:

    • Understand your innovation mandate, including its drivers, scope, and focus.
    • Define what innovation means to your organization.
    • Develop an innovation vision and guiding principles.
    • Articulate the value proposition and proposed metrics for evaluating program success.

    This phase involves the following participants:

    • CINO
    • Business executives

    Case study

    INDUSTRY: Transportation
    SOURCE: Interview

    ArcBest
    ArcBest is a multibillion-dollar shipping and logistics company which leverages innovative technologies to provide reliable and integrated services to its customers.

    An Innovative Culture Starts at the Top
    ArcBest's innovative culture has buy-in and support from the highest level of the company. Michael Newcity, ArcBest's CEO, is dedicated to finding better ways of serving their customers and supports innovation across the company by dedicating funding and resources toward piloting and scaling new initiatives.
    Having a clear purpose and mandate for innovation at all levels of the organization has resulted in extensive grassroots innovation and the development of a formalized innovation program.

    Results
    ArcBest has a legacy of innovation, going back to its early days when it developed a business intelligence solution before anything else existed on the market. It continues to innovate today and is now partnering with start-ups to further expand its innovation capabilities.

    "We don't micromanage or process-manage incremental innovation. We hire really smart people who are inspired to create new things and we let them run – let them create – and we celebrate it.
    Our dedication to innovation comes from the top – I am both the President and the Chief Innovation Officer, and innovation is one of my top priorities."

    Michael Newcity

    Michael Newcity
    President and Chief Innovation Officer ArcBest

    1.1 Understand your innovation mandate

    Before you can act, you need to understand the following:

    • Where is the drive for innovation coming from?
      The source of your mandate dictates the scope of your innovation practice – in general, innovating outside the scope of your mandate (i.e. trying to innovate on products when you don't have buy-in from the product team) will not be successful.
    • What is meant by "innovation"?
      There are many different definitions for innovation. Before pursuing innovation at your organization, you need to understand how it is defined. Use the definition in this section as a starting point, and craft your own definition of innovation.
    • What kind of innovation are you targeting?
      Innovation can be internal or external, emergent or deliberate, and incremental or radically transformative. Understanding what kind of innovation you want is the starting point for your innovation practice.

    The source of your mandate dictates the scope of your influence

    You can only influence what you can control.

    Unless your mandate comes from the CEO or Board of Directors, driving enterprise-wide innovation is very difficult. If you do not have buy-in from senior business leaders, use lighthouse projects and a smaller innovation practice to prove the value of innovation before taking on enterprise innovation.

    In order to execute on a mandate to build innovation, you don't just need buy-in. You need support in the form of resources and funding, as well as strong leadership who can influence culture and the authority to change policies and practices that inhibit innovation.

    For more resources on building relationships in your organization, refer to Info-Tech's Become a Transformational CIO blueprint.

    What is "innovation"?

    Innovation is often easier to recognize than define.

    Align on a useful definition of innovation for your organization before you embark on a journey of becoming more innovative.

    Innovation is the practice of developing new methods, products or services which provide value to an organization.

    Practice
    This does not have to be a formal process – innovation is a means to an end, not the end itself.

    New
    What does "new" mean to you?

    • New application of an existing method
    • Developing a completely original product
    • Adopting a service from another industry

    Value
    What does value mean to you? Look to your business strategy to understand what goals the organization is trying to achieve, then determine how "value" will be measured.

    Info-Tech Insight

    Some innovations are incremental, while some are radically transformative. Decide what kind of innovation you want to cultivate before developing your strategy.

    We can categorize innovation in three ways

    Evaluate your goals with respect to innovation: focus, strategy, and potential to transform.

    Focus: Where will you innovate?

    Focus

    Strategy: To what extent will you guide innovation efforts?

    Strategy

    Potential: How radical will your innovations be?

    Potential

    What are your ambitions?

    1. Develop a better understanding of what type of innovation you are trying to achieve by plotting out your goals on the categories on the left.
    2. All categories are independent of one another, so your goals may fall anywhere on the scales for each category.
    3. Understanding your innovation ambitions helps establish the operating model best suited for your innovation practice.
    4. In general, innovation which is more external, deliberate, and radical tends to be more centralized.

    Activity 1.1 Understand your innovation mandate

    1 hour

    1. Schedule a 30-minute discussion with the person (i.e. CEO) or group (i.e. Board of Directors) ultimately requesting the shift toward innovation. If there is no external party, then conduct this assessment yourself.
    2. Facilitate a discussion that addresses the following questions:
    • What is meant by "innovation"?
    • What are they hoping to achieve through innovation?
    • What is the innovation scope? Are any areas off-limits (i.e. org structure, new products, certain markets)?
    • What is the budget (i.e. people, money) they are willing to commit to innovation?
    • What type of innovation are they pursuing?
    1. Record this information and complete the "Our Purpose" section of the Innovation Program Template.

    Download the Innovation Program Template.

    Input

    • Knowledge of the key decision maker/sponsor for innovation

    Output

    • Understanding of the mandate for innovation, including definition, value, scope, budget, and type of innovation

    Materials

    • Innovation Program Template

    Participants

    • CINO
    • CEO, CTO, or Board of Directors (whoever is requesting/sponsoring the pursuit of innovation)

    1.2 Define your innovation ambitions

    Articulate your future state through a vision and guiding principles.

    • Vision and purpose make up the foundation on which all other design aspects will be based. These aspects should not be taken lightly, but rather they should be the force that aligns everyone to work toward a common outcome. It is incumbent on leaders to make them part of the DNA of the organization – to drive organization, structure, culture, and talent strategy.
    • Your vision statement is a future-focused statement that summarizes what you hope to achieve. It should be inspirational, ambitious, and concise.
    • Your guiding principles outline the guardrails for your innovation practice. What will your focus be? How will you approach innovation? What is off-limits?
    • Define the scope and focus for your innovation efforts. This includes what you can innovate on and what is off limits.

    Your vision statement is your North Star

    Articulate an ambitious, inspirational, and concise vision statement for your innovation efforts.

    A strong vision statement:

    • Is future-focused and outlines what you want to become and what you want to achieve.
    • Provides focus and direction.
    • Is ambitious, focused, and concise.
    • Answers: What problems are we solving? Who and what are we changing?

    Examples:

    • "We create radical new technologies to solve some of the world's hardest problems." – Google X, the Moonshot Factory
    • "To be the most innovative enterprise in the world." – 3M
    • "To use our imagination to bring happiness to millions of people." – Disney

    "Good business leaders create a vision, articulate the vision, passionately own the vision, and relentlessly drive it to completion." – Jack Welch, Former Chairman and CEO of GE

    Your guiding principles are the guardrails for creativity

    Strong guiding principles give your team the freedom and direction to innovate.

    Strong guiding principles:

    • Focus on the approach, i.e. how things are done, as opposed to what needs to be done.
    • Are specific to the organization.
    • Inform and direct decision making with actionable statements. Avoid truisms, general statements, and observations.
    • Are long-lasting and based on values, not solutions.
    • Are succinct and easily digestible.
    • Can be measured and verified.
    • Answers: How do we approach innovation? What are our core values

    Craft your guiding principles using these examples

    Encourage experimentation and risk-taking
    Innovation often requires trying new things, even if they might fail. We encourage experimentation and learn from failure, so that new ideas can be tested and refined.

    Foster collaboration and cross-functional teams
    Innovation often comes from the intersection of different perspectives and skill sets.

    Customer-centric
    Focus on creating value for the end user. This means understanding their needs and pain points, and using that knowledge to develop new methods, products, or services.

    Embrace diversity and inclusivity
    Innovation comes from a variety of perspectives, backgrounds, and experiences. We actively seek out and encourage diversity and inclusivity among our team members.

    Foster a culture of learning and continuous improvement
    Innovation requires continuous learning, development, and growth. We facilitate a culture that encourages learning and development, and that seeks feedback and uses it to improve.

    Flexible and adaptable
    We adapt to changes in the market, customer needs, and new technologies, so that it can continue to innovate and create value over time.

    Data-driven
    We use performance metrics and data to guide our innovation efforts.

    Transparency
    We are open and transparent in our processes and let the business needs guide our innovation efforts. We do not lead innovation, we facilitate it.

    Activity 1.2 Craft your vision statement and guiding principles

    1-2 hours

    1. Gather your innovation team and key program sponsors. Review the guidelines for creating vision statements and guiding principles, as well as your mandate and focus for innovation.
    2. As a group, discuss what you hope to achieve through your innovation efforts.
    3. Separately, have each person write down their ideas for a vision statement. Bring the group back together and share ideas. Group the concepts together and construct a single statement which outlines your aspirational vision.
    4. As a group, review the example guiding principles.
    5. Separately, have each person write down three to five guiding principles. Bring the group back together and share ideas. Group similar concepts together and consolidate duplicate ideas. From this list, construct six to eight guiding principles.
    6. Document your vision and guiding principles in the appropriate sections of the Innovation Program Template.

    Input

    • Understanding of your innovation mandate
    • Business vision, mission, and values
    • Sample vision statements and guiding principles

    Output

    • Vision statement
    • Guiding principles

    Materials

    • In person: Whiteboard/flip charts, sticky notes, pens, and notepads
    • Virtual: Consider using a shared document, virtual whiteboard, or online facilitation tool like MURAL
    • Innovation Program Template

    Participants

    • CINO
    • Innovation sponsors
    • Business leaders
    • Innovation team

    1.3 Determine your value proposition and metrics

    Justify the existence of the innovation program with a strong value proposition.

    • The value proposition for developing an innovation program will be different for each organization, depending on what the organization hopes to achieve. Consider your mandate for innovation as well as the type of innovation you are pursuing when crafting the value proposition.
    • Some of the reasons organizations may pursue innovation:
      • Business growth: Respond to market disruption; create new customers; take advantage of opportunities.
      • Branding: Create market differentiation; increase customer satisfaction and retention; adapt to customer needs.
      • Profitability: Improve products, services, or operations to increase competitiveness and profitability; develop more efficient processes.
      • Culture: Foster a culture of creativity and experimentation within the organization, encouraging employees to think outside the box.
      • Positive impact: Address social challenges such as poverty and climate change.

    Develop a strong value proposition for your innovation program

    Demonstrate the value to the business.

    A strong value proposition not only articulates the value that the business will derive from the innovation program but also provides a clear focus, helps to communicate the innovation goals, and ultimately drives the success of the program.

    Focus
    Prioritize and focus innovation efforts to create solutions that provide real value to the organization

    Communicate
    Communicate the mandate and benefits of innovation in a clear and compelling way and inspire people to think differently

    Measure Success
    Measure the success of your program by evaluating outcomes based on the value proposition

    Track appropriate success metrics for your innovation program

    Your success metrics should link back to your organizational goals and your innovation program's value proposition.

    Revenue Growth: Increase in revenue generated by new products or services.

    Market Share: Percentage of total market that the business captures as a result of innovation.

    Customer Satisfaction: Reviews, customer surveys, or willingness to recommend the company.

    Employee Engagement: Engagement surveys, performance, employee retention, or turnover.

    Innovation Output: The number of new products, services, or processes that have been developed.

    Return on Investment: Financial return on the resources invested in the innovation process.

    Social Impact: Number of people positively impacted, net reduction in emissions, etc.

    Time to Launch: The time it takes for a new product or service to go from idea to launch.

    Info-Tech Insight

    The total impact of innovation is often intangible and extremely difficult to capture in performance metrics. Focus on developing a few key metrics rather than trying to capture the full value of innovation.

    How much does innovation cost?

    Company Industry Revenue(2)
    (USD billions)
    R&D Spend
    (USD billions)
    R&D Spend
    (% of revenue)
    Apple Technology $394.30 $26.25 6.70%
    Microsoft Technology $203.10 $25.54 12.50%
    Amazon.com Retail $502.20 $67.71 13.40%
    Alphabet Technology $282.10 $37.94 13.40%
    Tesla Manufacturing $74.90 $3.01 4.00%
    Samsung Technology $244.39 (2021)(3) $19.0 (2021) 7.90%
    Moderna Pharmaceuticals $23.39 $2.73 11.70%
    Huawei Technology $99.9 (2021)4 Not reported -
    Sony Technology $83.80 Not reported -
    IBM Technology $60.50 $1.61 2.70%
    Meta Software $118.10 $32.61 27.60%
    Nike Commercial goods $49.10 Not reported -
    Walmart Retail $600.10 Not reported -
    Dell Technology $105.30 $2.60 2.50%
    Nvidia Technology $28.60 $6.85 23.90%


    The top innovators(1) in the world spend 5% to 15% of their revenue on innovation.

    Innovation requires a dedicated investment of time, money, and resources in order to be successful. The most innovative companies, based on Boston Consulting Group's ranking of the 50 most innovative companies in the world, spend significant portions of their revenue on research and development.

    Note: This data uses research and development as a proxy for innovation spending, which may overestimate the total spend on what this research considers true innovation.

    (1) Based on Boston Consulting Group's ranking of the 50 most innovative companies in the world, 2022
    (2) Macrotrends, based on the 12 months ending Sept 30, 2022
    (3) Statista
    (4) CNBC, 2022

    Activity 1.3 Develop your value proposition and performance metrics

    1 hour

    1. Review your mandate and vision statement. Write down your innovation goals and desired outcomes from pursuing innovation, prioritize the desired outcomes, and select the top five.
    2. For each desired outcome, develop one to two metrics which could be used to track its success. Some outcomes are difficult to track, so get creative when it comes to developing metrics. If you get stuck, think about what would differentiate a great outcome from an unsuccessful one.
    3. Once you have developed a list of three to five key metrics, read over the list and ensure that the metrics you have developed don't negatively influence your innovation. For example, a metric of the number of successful launches may drive people toward launching before a product is ready.
    4. For each metric, develop a goal. For example, you may target 1% revenue growth over the next fiscal year or 20% energy use reduction.
    5. Document your value proposition and key performance metrics in the appropriate sections of the Innovation Program Template.

    Input

    • Understanding of your innovation mandate
    • Vision statement

    Output

    • Value proposition
    • Performance metrics

    Materials

    • Innovation Program Template

    Participants

    • CINO

    Phase 2: Align Your People

    Create a culture that fosters innovative behaviors and puts processes in place to support them.

    Purpose

    People

    Practice

    1. Understand your mandate
    2. Define your innovation ambitions
    3. Determine value proposition and metrics
    1. Foster a culture of innovation
    2. Define your operating model
    3. Build core innovation capabilities
    1. Build your ideation and prioritization methodologies
    2. Define your pilot project methodology
    3. Conduct a program retrospective

    This phase will walk you through the following activities:

    • Understand the key aspects of innovative cultures, and the behaviors associated with innovation.
    • Assess your culture and identify gaps.
    • Define your innovation operating model based on your organizational culture and the focus for innovation.
    • Build your core innovation capabilities, including an innovation core team (if required based on your operating model).

    This phase involves the following participants:

    • CINO
    • Innovation team

    2.1 Foster a culture of innovation

    Culture is the most important driver of innovation – and the most challenging to get right.

    • Fostering a culture of innovation requires a broad approach which considers the perspectives of individuals, teams, leadership, and the overall organization.
    • If you do not have support from leadership, it is very difficult to change organizational culture. It may be more effective to start with an innovation pilot or lighthouse project in order to gain support before addressing your culture.
    • Rather than looking to change outcomes, focus on the behaviors which lead to innovation – such as growth mindset and willingness to fail. If these aren't in place, your ability to innovate will be limited.
    • This section focuses on the specific behaviors associated with increased innovation. For additional resources on implementing these changes, refer to Info-Tech's other research:

    Info-Tech's Fix Your IT Culture can help you promote innovative behaviors

    Refer to Improve IT Team Effectiveness to address team challenges

    Build a culture of innovation

    Focus on behaviors, not outcomes.

    The following behaviors and key indicators either stifle or foster innovation.

    Stifles Innovation Key Indicators Fosters Innovation Key Indicators
    Fixed mindset "It is what it is" Growth mindset "I wonder if there's a better way"
    Performance focused "It's working fine" Learning focused "What can we learn from this?"
    Fear of reprisal "I'll get in trouble" Psychological safety "I can disagree"
    Apathy "We've always done it this way" Curiosity "I wonder what would happen if…"
    Cynicism "It will never work" Trust "You have good judgement"
    Punishing failure "Who did this?" Willingness to fail "It's okay to make mistakes"
    Individualism "How does this benefit me?" Collaboration "How does this benefit us?"
    Homogeneity "We never disagree" Diversity and inclusion "We appreciate different views"
    Excessive bureaucracy "We need approval" Autonomy "I can do this"
    Risk avoidance "We can't try that" Appropriate risk-taking "How can we do this safely?"

    Ensure you are not inadvertently stifling innovation.
    Review the following to ensure that the desired behaviors are promoted:

    • Hiring practices
    • Performance evaluation metrics
    • Rewards and incentives
    • Corporate policies
    • Governance structures
    • Leadership behavior

    Case study

    INDUSTRY: Commercial Real Estate and Retail
    SOURCE: Interview

    How not to approach innovation.

    This anonymous national organization owned commercial properties across the country and had the goal of becoming the most innovative real estate and retail company in the market.

    The organization pursued innovation in the digital solutions space across its commercial and retail properties. Within this space, there were significant differences in risk tolerance across teams, which resulted in the more risk-tolerant teams excluding the risk-averse members from discussions in order to circumvent corporate policies on risk tolerance. This resulted in an adversarial and siloed culture where each group believed they knew better than the other, and the more risk-averse teams felt like they were policing the actions of the risk-tolerant group.

    Results

    Morale plummeted, and many of the organization's top people left. Unfortunately, one of the solutions did not meet regulatory requirements, and the company faced negative media coverage and legal action. There was significant reputational damage as a result.

    Lessons Learned

    Considering differences in risk tolerance and risk appetite is critical when pursuing innovation. While everyone doesn't have to agree, leadership needs to understand the different perspectives and ensure that no one party is dominating the conversation over the others. An understanding of corporate risk tolerance and risk appetite is necessary to drive innovation.

    All perspectives have a place in innovation. More risk tolerant perspectives should be involved early in the ideas-generation phase, and risk-averse perspectives should be considered later when ideas are being refined.

    Speed should not override safety or circumvent corporate policies.

    Understand your risk tolerance and risk appetite

    Evaluate and align the appetite for risk.

    • It is important to understand the organization's risk tolerance as well as the desire for risk. Consider the following risk categories when investigating the organization's views on risk:
      • Financial risk: the potential for financial or property loss.
      • Operational risk: the potential for disruptions to operations.
      • Reputational risk: the potential for negative impact to brand or reputation.
      • Compliance risk: the potential for loss due to non-compliance with laws and regulations.
    • Greater risk tolerance typically enables greater innovation. Understand the varying levels of risk tolerance across your organization, and how these differences might impact innovation efforts.

    An arrow showing the directions of risk tolerance.

    It is more important to match the level of risk tolerance to the degree of innovation required. Not all innovation needs to be (or can feasibly be) disruptive.
    Many factors impact risk tolerance including:

    • Regulation
    • Organization size
    • Country
    • Industry
    • Personal experience
    • Type of risk

    Use Info-Tech's Security Risk Management research to better understand risk tolerance

    Activity 2.1 Assess your innovation culture

    1-3 hours

    1. Review the behaviors which support and stifle innovation and give each behavior a score from 1 (stifling innovation) to 5 (fostering innovation). Any behaviors which fall below a 4 on this scale should be prioritized in your efforts to create an innovative culture.
    2. Review the following policies and practices to determine how they may be contributing to the behaviors you see in your organization:
      1. Hiring practices
      2. Performance evaluation metrics
      3. Rewards, recognition, and incentives
      4. Corporate policies
      5. Governance structures
      6. Leadership behavior
    3. Identify three concrete actions you can take to correct any behaviors which are stifling innovation. Examples might be revising a policy which punishes failure or changing performance incentives to reward appropriate risk taking.
    4. Summarize your findings in the appropriate section of the Innovation Program Template.

    Input

    • Innovation behaviors

    Output

    • Understanding of your organization's culture
    • Concrete actions you can take to promote innovation

    Materials

    • List of innovative behaviors
    • Relevant policies and documents to review
    • Innovation Program Template

    Participants

    • CINO

    2.2 Define your innovation model

    Set up your innovation practice for success using proven models and methodologies.

    • There are many ways to approach innovation, from highly distributed forms where it's just part of everyone's job to very centralized and arm's-length innovation hubs or even outsourced innovation via startups. You can combine different approaches to create your own approach.
    • You may or may not have a formal innovation team, but if you do, their role is to facilitate innovation – not lead it. Innovation is most effective when it is led by the business.
    • There are many tools and methodologies you can use to facilitate innovation. Choose the one (or combination) that best suits your needs.

    Select the right model

    There is no one right way to pursue innovation, but some methods are better than others for specific situations and goals. Consider your existing culture, your innovation goals, and your budget when selecting the right methodology for your innovation.

    Model Description Advantages Disadvantages Good when…
    Grassroots Innovation Innovation is the responsibility of everyone, and there is no centralized innovation team. Ideas are piloted and scaled by the person/team which produces it.
    • Can be used in any organization or team
    • Can support low or high degree of structure
    • Low funding requirement
    • Requires a strong innovation culture
    • Often does not produce results since people don't have time to focus on innovation
    • Innovation culture is strong
    • Funding is limited
    • Goal is internal, incremental innovation
    Community of Practice Innovation is led by a cross-divisional Community of Practice (CoP) which includes representation from across the business. Champions consult with their practice areas and bring ideas forward.
    • Bringing people together can help stimulate and share ideas
    • Low funding requirement
    • Able to support many types of innovation
    • Some people may feel left out if they can't be involved
    • May not produce results if people are too busy to dedicate time to innovate
    • Innovation culture is present
    • Funding is limited
    • Goal is incremental or disruptive innovation
    Innovation Enablement
    *Most often recommended*
    A dedicated innovation team with funding set aside to support pilots with a high degree of autonomy, with the role of facilitating business-led innovation.
    • Most flexible of all options
    • Supports business-led innovation
    • Can deliver results quickly
    • Can enable a higher degree of innovation
    • Requires dedicated staff and funding
    • Innovation culture is present
    • Funding is available
    • Goal is internal or external, incremental or radical innovation
    Center of Excellence Dedicated team responsible for leading innovation on behalf of the organization. Generally, has business relationship managers who gather ideas and liaise with the business.
    • Can deliver results quickly
    • Can offer a fresh perspective
    • Can enable a higher degree of innovation
    • Requires dedicated staff and funding
    • Is typically separate from the business
    • Results may not align with the business needs or have adequate input
    • Innovation culture is weak
    • Funding is significant
    • Goal is external, disruptive innovation
    Innovation Hub An arm's length innovation team is responsible for all or much of the innovation and may not interact much with the core business.
    • Can deliver results quickly
    • Can be extremely innovative
    • Expensive
    • Results may not align with the business needs or have adequate/any input
    • Innovation culture is weak
    • Funding is very significant
    • Goal is external, radical innovation
    Outsourced Innovation Innovation is outsourced to an external organization which is not linked to the primary organization. This can take the form of working with or investing in startups.
    • Can lead to more innovative ideas than internal innovation
    • Investments can become a diverse revenue stream if startups are successful
    • Innovation does not rely on culture
    • Higher risk of failure
    • Less control over goals or focus
    • Results may not align with the business needs or have any input from users
    • Innovation does not rely on culture
    • Funding is significant
    • Goal is external or internal, radical innovation

    Use the right methodologies to support different stages of your innovation process

    A chart showing methodologies to support different stages of the integration process.

    Adapted from Niklaus Gerber via Medium, 2022

    Methodologies are most useful when they are aligned with the goals of the innovation organization.

    For example, design thinking tends to be excellent for earlier innovation planning, while Agile can allow for faster implementation and launch of initiatives later in the process.

    Consider combining two or more methodologies to create a custom approach that best suits your organization's capabilities and goals.

    Sample methodologies

    A robust innovation methodology ensures that the process for developing, prioritizing, selecting, implementing, and measuring initiatives is aligned with the results you are hoping to achieve.

    Different types of problems (drivers for innovation) may necessitate different methodologies, or a combination of methodologies.

    Hackathon: An event which brings people together to solve a well-defined problem.

    Design Thinking: Creative approach that focuses on understanding the needs of users.

    Lean Startup: Emphasizes rapid experimentation in order to validate business hypotheses.

    Design Sprint: Five-day process for answering business questions via design, prototyping, and testing.

    Agile: Iterative design process that emphasizes project management and retrospectives.

    Three Horizons: Framework that looks at opportunities on three different time horizons.

    Innovation Ambition Matrix: Helps organizations categorize projects as part of the core offering, an adjacent offering, or completely new.

    Global Innovation Management: A process of identifying, developing and implementing new ideas, products, services, or processes using alternative thinking.

    Blue Ocean Strategy: A methodology that helps organizations identify untapped market space and create new markets via unique value propositions.

    Activity 2.2 Design your innovation model

    1-2 hours

    1. Think about the following factors which influence the design of your innovation practice:
      1. Existing organizational culture
      2. Available funding to support innovation
      3. Type of innovation you are targeting
    2. Review the innovation approaches, and identify which approach is most suitable for your situation. Note why this approach was selected.
    3. Review the innovation methodologies and research those of interest. Select two to five methodologies to use for your innovation practice.
    4. Document your decisions in the Innovation Program Template.

    Input

    • Understanding of your mandate and existing culture

    Output

    • Innovation approach
    • Selected methodologies

    Materials

    • Innovation Program Template

    Participants

    • CINO
    • Innovation team

    2.3 Build your core innovation capabilities

    Develop the skills, knowledge, and experience to facilitate successful innovation.

    • Depending on the approach you selected in step 2.2, you may or may not require a dedicated innovation team. If you do, use the job descriptions and sample organization charts to build it. If not, focus on developing key capabilities which are needed to facilitate innovation.
    • Diversity is key for successful innovation – ensure your team (formal or otherwise) includes diverse perspectives and backgrounds.
    • Use your guiding principles when hiring and training your team.
    • Focus on three core roles: evangelists, enablers, and experts.

    Focus on three key roles when building your innovation team

    Types of roles will depend on the purpose and size of the innovation team.

    You don't need to grow them all internally. Consider partnering with vendors and other organizations to build capabilities.

    Evangelists

    Visionaries who inspire, support, and facilitate innovation across the business. Their responsibilities are to drive the culture of innovation.

    Key skills and knowledge:

    • Strong communication skills
    • Relationship-building
    • Consensus-building
    • Collaboration
    • Growth mindset

    Sample titles:

    • CINO
    • Chief Transformation Officer
    • Chief Digital Officer
    • Innovation Lead
    • Business Relationship Manager

    Enablers

    Translate ideas into tangible business initiatives, including assisting with business cases and developing performance metrics.

    Key skills and knowledge:

    • Critical thinking skills
    • Business knowledge
    • Facilitation skills
    • Consensus-building
    • Relationship-building

    Sample titles:

    • Product Owner
    • Design Thinking Lead
    • Data Scientist
    • Business Analyst
    • Human Factors Engineer
    • Digital Marketing Specialist

    Experts

    Provide expertise in product design, delivery and management, and responsible for supporting and executing on pilot projects.

    Key skills and knowledge:

    • Project management skills
    • Technical expertise
    • Familiarity with emerging technologies
    • Analytical skills
    • Problem-solving skills

    Sample titles:

    • Product Manager
    • Scrum Master/Agile Coach
    • Product Engineer/DevOps
    • Product Designer
    • Emerging tech experts

    Sample innovation team structure (large enterprise)

    Visualize the whole value delivery process end-to-end to help identify the types of roles, resources, and capabilities required. These capabilities can be sourced internally (i.e. grow and hire internally) or through collaboration with centers of excellence, commercial partners, etc.

    A flow chart of a sample innovation team structure.

    Streamline your process by downloading Info-Tech's job description templates:

    Activity 2.3 Build your innovation team

    2-3 hours

    1. Review your work from the previous activities as well as the organizational structure and the job description templates.
    2. Start a list with two columns: currently have and needed. Start listing some of the key roles and capabilities from earlier in this step, categorizing them appropriately.
    3. If you are using an organizational structure for your innovation process, start to frame out the structure and roles for your team.
    4. Develop a list of roles you need to hire, and the key capabilities you need from candidates. Using the job descriptions, write job postings for each role.
    5. Record your work in the appropriate section of the Innovation Program Template.

    Input

    • Previous work
    • Info-Tech job description templates

    Output

    • List of capabilities required
    • Org chart
    • Job postings for required roles

    Materials

    • Note-taking capability
    • Innovation Program Template

    Participants

    • CINO

    Related Info-Tech Research

    Fix Your IT Culture

    • Promote psychological safety and growth mindset within your organization.
    • Develop the organizational behaviors that lead to innovation.

    Improve IT Team Effectiveness

    • Address behaviors, processes, and cultural factors which impact team effectiveness.
    • Grow the team's ability to address challenges and navigate volatile, uncertain, complex and ambiguous environments.

    Master Organizational Change Management Practices

    • Transformation and change are increasingly becoming the new normal. While this normality may help make people more open to change in general, specific changes still need to be planned, communicated, and managed. Agility and continuous improvement are good but can degenerate into volatility if change isn't managed properly.

    Phase 3: Build Your Practice

    Define your innovation process, streamline pilot projects, and scale for success.

    Purpose

    People

    Practice

    1. Understand your mandate
    2. Define your innovation ambitions
    3. Determine value proposition and metrics
    1. Foster a culture of innovation
    2. Define your operating model
    3. Build core innovation capabilities
    1. Build your ideation and prioritization methodologies
    2. Define your pilot project methodology
    3. Conduct a program retrospective

    This phase will walk you through the following activities:

    • Build the methodologies needed to elicit ideas from the business.
    • Develop criteria to evaluate and prioritize ideas for piloting.
    • Define your pilot program methodologies and processes, including criteria to assess and compare the success of pilot projects.
    • Conduct an end-of-year program retrospective to evaluate the success of your innovation program.

    This phase involves the following participants:

    • CINO
    • Innovation team

    Case study

    INDUSTRY: Government
    SOURCE: Interview

    Confidential US government agency

    The business applications group at this government agency strongly believes that innovation is key to progress and has instituted a formal innovation program as part of their agile operations. The group uses a Scaled Agile Framework (SAFe) with 2-week sprints and a 12-week program cycle.

    To support innovation across the business unit, the last sprint of each cycle is dedicated toward innovation and teams do not commit to any other during these two weeks. At the end of each innovation sprint, ideas are presented to leadership and the valuable ones were either implemented initially or were given time in the next cycle of sprints for further development. This has resulted in a more innovative culture across the practice.

    Results

    There have been several successful innovations since this process began. Notably, the agency had previously purchased a robotic process automation platform which was only being used for a few specific applications. One team used their innovation sprint to expand the use cases for this solution and save nearly 10,000 hours of effort.

    Standard 12-week Program Cycle
    An image of a standard 12-week program

    Design your innovation operating model to maximize value and learning opportunities

    Pilots are an iterative process which brings together innovators and business teams to test and evaluate ideas.

    Your operating model should include several steps including ideation, validation, evaluation and prioritization, piloting, and a retrospective which follows the pilot. Use the example on this slide when designing your own innovation operating model.

    An image of the design process for innovation operation model.

    3.1 Build your ideation and prioritization methodologies

    Engage the business to generate ideas, then prioritize based on value to the business.

    • There are many ways of generating ideas, from informal discussion to formal ideation sessions or submission forms. Whatever you decide to use, make sure that you're getting the right information to evaluate ideas for prioritization.
    • Use quantitative and qualitative metrics to evaluate ideas generated during the ideation process.
      • Quantitative metrics might include potential return on investment (ROI) or effort and resources required to implement.
      • Qualitative metrics might include alignment with the organizational strategy or the level of risk associated with the idea.

    Engage the business to generate ideas

    There are many ways of generating innovative ideas. Pick the methods that best suit your organization and goals.

    Design Thinking
    A structured approach that encourages participants to think creatively about the needs of the end user.

    An image including the following words: Empathize, Define; Ideate; Test.

    Ideation Workshop
    A formal session that is used to understand a problem then generate potential solutions. Workshops can incorporate the other methodologies (such as brainstorming, design thinking, or mind mapping) to generate ideas.

    • Define the problem
    • Generate ideas
    • Capture ideas
    • Evaluate and prioritize
    • Assign next steps

    Crowdsourcing
    An informal method of gathering ideas from a large group of people. This can be a great way to generate many ideas but may lack focus.

    Value Proposition Canvas
    A visual tool which helps to identify customer (or user) needs and design products and services that meet those needs.

    an image of the Value Proposition Canvas

    Evaluate ideas and focus on those with the greatest value

    Evaluation should be transparent and use both quantitative and qualitative metrics. The exact metrics used will depend on your organization and goals.

    It is important to include qualitative metrics as these dimensions are better suited to evaluating highly innovative ideas and can capture important criteria like alignment with overall strategy and feasibility.

    Develop 5 to 10 criteria that you can use to evaluate and prioritize ideas. Some criteria may be a pass/fail (for example, minimum ROI) and some may be comparative.

    Evaluate
    The first step is to evaluate ideas to determine if they meet the minimum criteria. This might include quantitative criteria like ROI as well as qualitative criteria like strategic alignment and feasibility.

    Prioritize
    Ideas that pass the initial evaluation should be prioritized based on additional criteria which might include quantitative criteria such as potential market size and cost to implement, and qualitative criteria such as risk, impact, and creativity.

    Quantitative Metrics

    Quantitative metrics are objective and easily comparable between initiatives, providing a transparent and data-driven process for evaluation and prioritization.
    Examples:

    • Potential market size
    • ROI
    • Net present value
    • Payback period
    • Number of users impacted
    • Customer acquisition cost
    • Customer lifetime value
    • Breakeven analysis
    • Effort required to implement
    • Cost to implement

    Qualitative Metrics

    Qualitative metrics are less easily comparable but are equally important when it comes to evaluating ideas. These should be developed based on your organization strategy and innovation goals.
    Examples:

    • Strategy alignment
    • Impact on users
    • Uncertainty and risk
    • Innovation potential
    • Culture impact
    • Feasibility
    • Creativity and originality
    • Type of innovation

    Activity 3.1 Develop prioritization metrics

    1-3 hours

    1. Review your mandate, purpose, innovation goals and the sample prioritization and evaluation metrics.
    2. Write down a list of your goals and their associated metrics, then prioritize which are the most important.
    3. Determine which metrics will be used to evaluate ideas before they move on to the prioritization stage, and which metrics will be used to compare initiatives in order to determine which will receive further investment.
    4. For each evaluation metric, determine the minimum threshold required for an idea to move forward. For each prioritization metric identify the definition and how it will be evaluated. Qualitative metrics may require more precise definitions than quantitative metrics.
    5. Enter your metrics into the Initiative Prioritization Template.

    Input

    • Innovation mandate
    • Innovation goals
    • Sample metrics

    Output

    • Evaluation and prioritization metrics for ideas

    Materials

    • Whiteboard/Flip charts
    • Innovation Program Template

    Participants

    • Innovation leader

    Download the Initiative Prioritization Template

    3.2 Build your program to pilot initiatives

    Test and refine ideas through real-world pilot projects.

    • The purpose of your pilot is to test and refine ideas in the real world. In order to compare pilot projects, it's important to track key performance indicators throughout the pilot. Measurements should be useful and comparable.
    • Innovation facilitators are responsible for supporting pilot projects, including designing the pilot, setting up metrics, tracking outcomes, and facilitating retrospectives.
    • Pilots generally follow an Agile methodology where ideas may be refined as the pilot proceeds, and the process iterates until either the idea is discarded or it has been refined into an initiative which can be scaled.
    • Expect that most pilots will fail the first time, and many will fail completely. This is not a loss; lessons learned from the retrospective can be used to improve the process and later pilots.

    Use pilot projects to test and refine initiatives before scaling to the rest of the organization

    "Learning is as powerful as the outcome." – Brett Trelfa, CIO, Arkansas Blue Cross

    1. Clearly define the goals and objectives of the pilot project. Goals and objectives ensure that the pilot stays on track and can be measured.
    2. Your pilot group should include a variety of participants with diverse perspectives and skill sets, in order to gather unique insights.
    3. Continuously track the progress of the pilot project. Regularly identify areas of improvement and implement changes as necessary to refine ideas.
    4. Regularly elicit feedback from participants and iterate in order to improve the final innovation. Not all pilots will be successful, but every failure can help refine future solutions.
    5. Consider scalability. If the pilot project is successful, it should be scalable and the lessons learned should be implemented in the larger organization.

    Sample pilot metrics

    Metrics are used to validate and test pilot projects to ensure they deliver value. This is an important step before scaling to the rest of the organization.

    Adoption: How many end users have adopted the pilot solution?

    Utilization: Is the solution getting utilized?

    Support Requests: How many support requests have there been since the pilot was initiated?

    Value: Is the pilot delivering on the value that it proposed? For example, time savings.

    Feasibility: Has the feasibility of the solution changed since it was first proposed?

    Satisfaction: Focus groups or surveys can provide feedback on user/customer satisfaction.

    A/B Testing: Compare different methods, products or services.

    Info-Tech Insight

    Ensure standard core metrics are used across all pilot projects so that outcomes can be compared. Additional metrics may be used to refine and test hypotheses through the pilot process.

    Activity 3.2 Build your program to pilot initiatives

    1-2 hours

    1. Gather the innovation team and review your mandate, purpose, goals, and the sample innovation operating model and metrics.
    2. As a group, brainstorm the steps needed from idea generation to business case. Use sticky notes if in person, or a collaboration tool if remote.
    3. Determine the metrics that will be used to evaluate ideas at each decision step (for example, prior to piloting). Outline what the different decisions might be (for example, proceed, refine or discard) and what happens as a result of each decision.
    4. Document your final steps and metrics in the Innovation Program Template.

    Input

    • Innovation mandate
    • Innovation goals
    • Sample metrics

    Output

    • Pilot project methodology
    • Pilot project metrics

    Materials

    • Innovation Program Template
    • Sticky notes (in person) or digital collaboration tool (if remote)

    Participants

    • Innovation leader
    • Innovation team

    3.3 Conduct a program retrospective

    Generate value from your successful pilots by scaling ideas across the organization.

    • The final step in the innovation process is to scale ideas to the enterprise in order to realize the full potential.
    • Keeping track of notable wins is important for showing the value of the innovation program. Track performance of initiatives that come out of the innovation program, including their financial, cultural, market, and brand impacts.
    • Track the success of the innovation program itself by evaluating the number of ideas generated, the number of pilots run and the success of the pilots. Keep in mind that many failed pilots is not a failure of the program if the lessons learned were valuable.
    • Complete an innovation program retrospective every 6 to 12 months in order to adjust and make any changes if necessary to improve your process.

    Retrospectives should be objective, constructive, and action-oriented

    A retrospective is a review of your innovation program with the aim of identifying lessons learned, areas for improvement, and opportunities for growth.

    During a retrospective, the team will reflect on past experiences and use that information to inform future decision making and improve outcomes.

    The goal of a retrospective is to learn from the past and use that knowledge to improve in the future.

    Objective

    Ensure that the retrospective is based on facts and objective data, rather than personal opinions or biases.

    Constructive

    Ensure that the retrospective is a positive and constructive experience, with a focus on finding solutions rather than dwelling on problems.

    Action-Oriented

    The retrospective should result in a clear action plan with specific steps to improve future initiatives.

    Activity 3.3 Conduct a program retrospective

    1-2 hours

    1. Post a large piece of paper on the wall with a timeline from the last year. Include dates and a few key events, but not much more. Have participants place sticky notes in the spots to describe notable wins or milestones that they were proud of. This can be done as part of a formal meeting or asynchronously outside of meetings.
    2. Bring the innovation team together and review the poster with notable wins. Do any themes emerge? How does the team feel the program is doing? Are there any changes needed?
    3. Consider the metrics you use to track your innovation program success. Did the scaled projects meet their targets? Is there anything that could be refined about the innovation process?
    4. Evaluate the outcomes of your innovation program. Did it meet the targets set for it? Did the goals and innovation ambitions come to fruition?
    5. Complete this step every 6 to 12 months to assess the success of your program.
    6. Complete the "Notable Wins" section of the Innovation Program Template.

    Input

    • Innovation mandate
    • Innovation goals
    • Sample metrics

    Output

    • Notable wins
    • Action items for refining the innovation process

    Materials

    • Innovation Program Template
    • Sticky notes (in person) or digital collaboration tool (if remote)

    Participants

    • CIO
    • Innovation team
    • Others who have participated in the innovation process

    Related Info-Tech Research

    Adopt Design Thinking in Your Organization

    • A user's perspective while interacting with the products and services is very different from the organization's internal perspective while implementing and provisioning those. A design-based organization balances the two perspectives to drive user-satisfaction over end-to-end journeys.

    Prototype With an Innovation Design Sprint

    • Build and test a prototype in four days using Info-Tech's Innovation Design Sprint Methodology.
    • Create an environment for co-creation between IT and the business.

    Fund Innovation With a Minimum Viable Business Case

    • Our approach guides you through effectively designing a solution, de-risking a project through impact reduction techniques, building and pitching the case for your project, and applying the business case as a mechanism to ensure that benefits are realized.

    Summary of Accomplishment

    Congratulations on launching your innovation program!

    You have now completed your innovation strategy, covering the following topics:

    • Executive Summary
    • Our Purpose
    • Scope and Value Proposition
    • Guiding Principles
    • Building an Innovative Culture
    • Program Structure
    • Success Metrics
    • Notable Wins

    If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Related Info-Tech Research

    Accelerate Digital Transformation With a Digital Factory

    • Understand the foundations of good design: purpose, organizational support, and leadership.
    • Understand the design of the operating model: structure and organization, management practices, culture, environment, teams, technology platforms, and meaningful metrics and KPIs.

    Sustain and Grow the Maturity of Innovation in Your Enterprise

    • Unlock your innovation potential by looking at your innovation projects on both a macro and micro level.
    • Innovation capacity is directly linked with creativity; allow your employees' creativity to flourish using Info-Tech's positive innovation techniques.

    Define Your Digital Business Strategy

    • Design a strategy that applies innovation to your business model, streamline and transform processes, and make use of technologies to enhance interactions with customers and employees.
    • Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

    Research Contributors and Experts

    Kim Osborne Rodriguez

    Kim Osborne Rodriguez
    Research Director, CIO Advisory
    Info-Tech Research Group

    Kim is a professional engineer and Registered Communications Distribution Designer with over a decade of experience in management and engineering consulting spanning healthcare, higher education, and commercial sectors. She has worked on some of the largest hospital construction projects in Canada, from early visioning and IT strategy through to design, specifications, and construction administration. She brings a practical and evidence-based approach, with a track record of supporting successful projects.
    Kim holds a Bachelor's degree in Mechatronics Engineering from University of Waterloo.

    Joanne Lee

    Joanne Lee
    Principal Research Director, CIO Advisory
    Info-Tech Research Group

    Joanne is an executive with over 25 years of experience in digital technology and management consulting across both public and private entities from solution delivery to organizational redesign across Canada and globally.
    Prior to joining Info-Tech Research Group, Joanne was a management consultant within KPMG's CIO management consulting services and the Western Canadas Digital Health Practice lead. She has held several executive roles in the industry with the most recent position as Chief Program Officer for a large $450M EHR implementation. Her expertise spans cloud strategy, organizational design, data and analytics, governance, process redesign, transformation, and PPM. She is passionate about connecting people, concepts, and capital.
    Joanne holds a Master's in Business and Health Policy from the University of Toronto and a Bachelor of Science (Nursing) from the University of British Columbia.

    Jack Hakimian

    Jack Hakimian
    Senior Vice President
    Info-Tech Research Group

    Jack has more than 25 years of technology and management consulting experience. He has served multi-billion-dollar organizations in multiple industries including Financial Services and Telecommunications. Jack also served a number of large public sector institutions.
    He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master's degree in Computer Engineering as well as an MBA from the ESCP-EAP European School of Management.

    Michael Tweedie

    Michael Tweedie
    Practice Lead, CIO Strategy
    Info-Tech Research Group

    Mike Tweedie brings over 25 years as a technology executive. He's led several large transformation projects across core infrastructure, application, and IT services as the head of Technology at ADP Canada. He was also the Head of Engineering and Service Offerings for a large French IT services firm, focused on cloud adoption and complex ERP deployment and management.
    Mike holds a Bachelor's degree in Architecture from Ryerson University.

    Mike Schembri

    Mike Schembri
    Senior Executive Advisor
    Info-Tech Research Group

    Mike is the former CIO of Fuji Xerox Australia and has 20+ years' experience serving IT and wider business leadership roles. Mike has led technical and broader business service operations teams to value and growth successfully in organizations ranging from small tech startups through global IT vendors, professional service firms, and manufacturers.
    Mike has passion for strategy and leadership and loves working with individuals/teams and seeing them grow.

    John Leidl

    John Leidl
    Senior Director, Member Services
    Info-Tech Research Group

    With over 35 years of IT experience, including senior-level VP Technology and CTO leadership positions, John has a breadth of knowledge in technology innovation, business alignment, IT operations, and business transformation. John's experience extends from start-ups to corporate enterprise and spans higher education, financial services, digital marketing, and arts/entertainment.

    Joe Riley

    Joe Riley
    Senior Workshop Director
    Info-Tech Research Group

    Joe ensures our members get the most value out of their Info-Tech memberships by scoping client needs, current state and desired business outcomes, and then drawing upon his extensive experience, certifications, and degrees (MBA, MS Ops/Org Mgt, BS Eng/Sci, ITIL, PMP, Security+, etc.) to facilitate our client's achievement of desired and aspirational business outcomes. A true advocate of ITSM, Joe approaches technology and technology practices as a tool and enabler of people, core business, and competitive advantage activities.

    Denis Goulet

    Denis Goulet
    Senior Workshop Director
    Info-Tech Research Group

    Denis is a transformational leader and experienced strategist who has worked with 100+ organizations to develop their digital, technology, and governance strategies.
    He has held positions as CIO, Chief Administrative Office (City Manager), General Manager, Vice President of Engineering, and Management Consultant, specializing in enterprise and technology strategy.

    Cole Cioran

    Cole Cioran
    Managing Partner
    Info-Tech Research Group

    I knew I wanted to build great applications that would delight their users. I did that over and over. Along the way I also discovered that it takes great teams to deliver great applications. Technology only solves problems when people, processes, and organizations change as well. This helped me go from writing software to advising some of the largest organizations in the world on how to how to build a digital delivery umbrella of Product, Agile, and DevOps and create exceptional products and services powered by technology.

    Carlene McCubbin

    Carlene McCubbin
    Research Lead, CIO Practice
    Info-Tech Research Group

    During her tenure at Info-Tech, Carlene has led the development of Info-Tech's Organization and Leadership practice and worked with multiple clients to leverage the methodologies by creating custom programs to fit each organization's needs.
    Before joining Info-Tech, Carlene received her Master of Communications Management from McGill University, where she studied development of internal and external communications, government relations, and change management.

    Isabelle Hertanto

    Isabelle Hertanto
    Principal Research Director
    Info-Tech Research Group

    Isabelle Hertanto has over 15 years of experience delivering specialized IT services to the security and intelligence community. As a former federal officer for Public Safety Canada, Isabelle trained and led teams on data exploitation and digital surveillance operations in support of Canadian national security investigations. Since transitioning into the private sector, Isabelle has held senior management and consulting roles across a variety of industry sectors, including retail, construction, energy, healthcare, and the broader Canadian public sector.

    Hans Eckman

    Hans Eckman
    Principal Research Director
    Info-Tech Research Group

    Hans Eckman is a business transformation leader helping organizations connect business strategy and innovation to operational excellence. He supports Info-Tech members in SDLC optimization, Agile and DevOps implementation, CoE/CoP creation, innovation program development, application delivery, and leadership development. Hans is based out of Atlanta, Georgia.

    Valence Howden

    Valence Howden
    Principal Research Director
    Info-Tech Research Group

    With 30 years of IT experience in the public and private sector, Valence has developed experience in many Information Management and Technology domains, with a particular focus in the areas of Service Management, Enterprise and IT Governance, Development and Execution of Strategy, Risk Management, Metrics Design and Process Design, and Implementation and Improvement. Prior to joining Info-Tech, he served in technical and client-facing roles at Bell Canada and CGI Group Inc., as well as managing the design, integration, and implementation of services and processes in the Ontario Public Sector.

    Clayton Gillett

    Clayton Gillett
    Managing Partner
    Info-Tech Research Group

    Clayton Gillett is a Managing Partner for Info-Tech, providing technology management advisory services to healthcare clients. Clayton joined Info-Tech with more than 28 years of experience in health care information technology. He has held senior IT leadership roles at Group Health Cooperative of Puget Sound and OCHIN, as well as advisory or consulting roles at ECG Management Consultants and Gartner.

    Donna Bales

    Donna Bales
    Principal Research Director
    Info-Tech Research Group

    Donna Bales is a Principal Research Director in the CIO Practice at Info-Tech Research Group specializing in research and advisory services in IT risk, governance, and compliance. She brings over 25 years of experience in strategic consulting and product development and has a history of success in leading complex, multi-stakeholder industry initiatives.

    Igor Ikonnikov

    Igor Ikonnikov
    Research Director
    Info-Tech Research Group

    Igor Ikonnikov is a Research and Advisory Director in the Data and Analytics practice. Igor has extensive experience in strategy formation and execution in the information management domain, including master data management, data governance, knowledge management, enterprise content management, big data, and analytics.
    Igor has an MBA from the Ted Rogers School of Management (Toronto, Canada) with a specialization in Management of Technology and Innovation.

    Research Contributors and Experts

    Michael Newcity

    Michael Newcity
    Chief Innovation Officer
    ArcBest

    Kevin Yoder

    Kevin Yoder
    Vice President, Innovation
    ArcBest

    Gary Boyd

    Gary Boyd
    Vice President, Information Systems & Digital Transformation
    Arkansas Blue Cross and Blue Shield

    Brett Trelfa

    Brett Trelfa
    Chief Information Officer
    Arkansas Blue Cross and Blue Shield

    Kristen Wilson-Jones

    Kristen Wilson-Jones
    Chief Technology & Product Officer
    Medcurio

    Note: additional contributors did not wish to be identified

    Bibliography

    Altringer, Beth. "A New Model for Innovation in Big Companies" Harvard Business Review. 19 Nov. 2013. Accessed 30 Jan. 2023. https://hbr.org/2013/11/a-new-model-for-innovation-in-big-companies
    Arpajian, Scott. "Five Reasons Why Innovation Fails" Forbes Magazine. 4 June 2019. Accessed 31 Jan. 2023. https://www.forbes.com/sites/forbestechcouncil/2019/06/04/five-reasons-why-innovation-fails/?sh=234e618914c6
    Baldwin, John & Gellatly, Guy. "Innovation Capabilities: The Knowledge Capital Behind the Survival and Growth of Firms" Statistics Canada. Sept. 2006. Accessed 30 Jan. 2023. https://www.bdc.ca/fr/documents/other/innovation_capabilities_en.pdf
    Bar Am, Jordan et al. "Innovation in a Crisis: Why it is More Critical Than Ever" McKinsey & Company, 17 June 2020. Accessed 12 Jan. 2023. <https://www.mckinsey.com/capabilities/strategy-and-corporate-finance/our-insights/innovation-in-a-crisis-why-it-is-more-critical-than-ever >
    Boston Consulting Group, "Most Innovative Companies 2021" BCG, April 2021. Accessed 30 Jan. 2023. https://web-assets.bcg.com/d5/ef/ea7099b64b89860fd1aa3ec4ff34/bcg-most-innovative-companies-2021-apr-2021-r.pdf
    Boston Consulting Group, "Most Innovative Companies 2022" BGC, 15 Sept. 2022. Accessed 6 Feb. 2023. https://www.bcg.com/en-ca/publications/2022/innovation-in-climate-and-sustainability-will-lead-to-green-growth
    Christensen, Clayton M. The Innovator's Dilemma: When New Technologies Cause Great Firms to Fail. Harvard Business Review Press, 2016.
    Gerber, Niklaus. "What is innovation? A beginner's guide into different models, terminologies and methodologies" Medium. 20 Sept 2022. Accessed 7 Feb. 2023. https://world.hey.com/niklaus/what-is-innovation-a-beginner-s-guide-into-different-models-terminologies-and-methodologies-dd4a3147
    Google X, Homepage. Accessed 6 Feb. 2023. https://x.company/
    Harnoss, Johann D. & Baeza, Ramón. "Overcoming the Four Big Barriers to Innovation Success" Boston Consulting Group, 24 Sept. 2019. Accessed 30 Jan 2023. https://www.bcg.com/en-ca/publications/2019/overcoming-four-big-barriers-to-innovation-success
    Jaruzelski, Barry et al. "Global Innovation 1000 Study" Pricewaterhouse Cooper, 30 Oct. 2018. Accessed 13 Jan. 2023. <https://www.strategyand.pwc.com/gx/en/insights/innovation1000.html>
    Kharpal, Arjun. "Huawei posts first-ever yearly revenue decline as U.S. sanctions continue to bite, but profit surges" CNBC. 28 March 2022. Accessed 7 Feb. 2023. https://www.cnbc.com/2022/03/28/huawei-annual-results-2021-revenue-declines-but-profit-surges.html
    Kirsner, Scott. "The Biggest Obstacles to Innovation in Large Companies" Harvard Business Review, 30 July 2018. Accessed 12 Jan. 2023. <https://hbr.org/2018/07/the-biggest-obstacles-to-innovation-in-large-companies>
    Macrotrends. "Apple Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/AAPL/apple/revenue
    Macrotrends. "Microsoft Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/MSFT/microsoft/revenue
    Macrotrends. "Amazon Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/AMZN/amazon/revenue
    Macrotrends. "Alphabet Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/GOOG/alphabet/revenue
    Macrotrends. "Tesla Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/TSLA/tesla/revenue
    Macrotrends. "Moderna Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/MRNA/moderna/revenue
    Macrotrends. "Sony Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/SONY/sony/revenue
    Macrotrends. "IBM Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/IBM/ibm/revenue
    Macrotrends. "Meta Platforms Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/META/meta-platforms/revenue
    Macrotrends. "NIKE Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/NKE/nike/revenue
    Macrotrends. "Walmart Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/WMT/walmart/revenue
    Macrotrends. "Dell Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/DELL/dell/revenue
    Macrotrends. "NVIDIA Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/NVDA/nvidia/revenue
    Sloan, Paul. "How to Develop a Vision for Innovation" Innovation Management, 10 Aug. 2009. Accessed 7 Feb. 2023. https://innovationmanagement.se/2009/08/10/how-to-develop-a-vision-for-innovation/
    Statista. "Samsung Electronics' global revenue from 2005 to 2021" Statista. Accessed 7 Feb. 2023. https://www.statista.com/statistics/236607/global-revenue-of-samsung-electronics-since-2005/
    Tichy, Noel & Ram Charan. "Speed, Simplicity, Self-Confidence: An Interview with Jack Welch" Harvard Business Review, 2 March 2020. Accessed 7 Feb. 2023. https://hbr.org/1989/09/speed-simplicity-self-confidence-an-interview-with-jack-welch
    Weick, Karl and Kathleen Sutcliffe. Managing the Unexpected: Sustained Performance in a Complex World, Third Edition. John Wiley & Sons, 2015.
    Xuan Tian, Tracy Yue Wang, Tolerance for Failure and Corporate Innovation, The Review of Financial Studies, Volume 27, Issue 1, 2014, Pages 211–255, Accessed https://doi.org/10.1093/rfs/hhr130

    Assess Your IT Financial Management Maturity Effectively

    • Buy Link or Shortcode: {j2store}315|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management

    Organizations wishing to mature their IT financial management (ITFM) maturity often face the following obstacles:

    • Unfamiliarity: Lack of knowledge and understanding related to ITFM maturity.
    • Shortsightedness: Randomly reacting to changing circumstances.
    • Exchange: Inability to consistently drive dialogues.
    • Perception: IT is perceived as a cost center instead of a trustworthy strategic partner.

    Our Advice

    Critical Insight

    No matter where you currently stand in your ITFM practice, there is always room for improvement. Hence, a maturity assessment should be viewed as a self-improvement tool that is only valuable if you are willing to act on it.

    Impact and Result

    A mature ITFM practice leads to many benefits.

    • Foundation: Improved governance, skill sets, processes, and tools.
    • Data: An appropriate taxonomy/data model alongside accurate data for high-quality reporting and insights.
    • Language: A common vocabulary across the organization.
    • Organization Culture: Improved communication and collaboration between IT and business partners.

    Assess Your IT Financial Management Maturity Effectively Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess Your IT Financial Management Maturity Effectively Storyboard – A framework and step-by-step methodology to assess your ITFM maturity.

    This research seeks to support IT leaders and ITFM practitioners in evaluating and improving their current maturity. It will help document both current and target states as well as prioritize focus areas for improvement.

    • Assess Your IT Financial Management Maturity Effectively Storyboard

    2. IT Financial Management Maturity Assessment Tool – A structured tool to help you assess your ITFM maturity.

    This Excel workbook guides IT finance practitioners to effectively assess their IT financial management practice. Incorporate the visual outputs into your final executive presentation document. Key activities include context setting, completing the assessment, and prioritizing focus areas based on results.

    • IT Financial Management Maturity Assessment Tool

    3. IT Financial Management Maturity Assessment Report Template – A report summarizing your ITFM maturity assessment results to help you communicate with stakeholders.

    Use this template to document your final ITFM maturity outputs, including the current and target states and your identified priorities.

    • IT Financial Management Maturity Assessment Report Template
    [infographic]

    Further reading

    Assess Your IT Financial Management Maturity Effectively

    Influence your organization’s strategic direction.

    Analyst Perspective

    Make better informed data-driven business decisions.

    Technology has been evolving throughout the years, increasing complexity and investments, while putting more stress on operations and people involved. As an IT leader, you are now entrusted to run your outfit as a business, sit at the executive table as a true partner, and be involved in making decisions that best suit your organization. Therefore, you have an obligation to fulfill the needs of your end customers and live up to their expectations, which is not an easy task.

    IT financial management (ITFM) helps you generate value to your organization’s clientele by bringing necessary trade-offs to light, while driving effective dialogues with your business partners and leadership team.

    This research will focus on Info-Tech’s approach to ITFM maturity, aiming for a state of continuous improvement, where an organization can learn and grow as it adapts to change. As the ITFM practice matures, IT and business leaders will be able to better understand one another and together make better business decisions, driven by data.

    This client advisory presentation and accompanying tool seek to support IT leaders and ITFM practitioners in evaluating and improving their current maturity. It will help document both current and target states as well as prioritize focus areas for improvement.

    Photo of Bilal Alberto Saab, Research Director, IT Financial Management, Info-Tech Research Group. Bilal Alberto Saab
    Research Director, IT Financial Management
    Info-Tech Research Group

    Executive Summary

    The value of ITFM is undermined

    ITFM is often discarded and not given enough importance and relevance due to the operational nature of IT, and the specialized skillset of its people, leading to several problems and challenges, such as:

    • Unfamiliarity: Lack of knowledge and understanding related to ITFM maturity.
    • Shortsightedness: Randomly reacting to changing circumstances.
    • Exchange: Inability to consistently drive dialogues.
    • Perception: IT is perceived as a cost center instead of a trustworthy strategic partner.

    Constructive dialogues with business partners are not the norm

    Business-driven conversations around financials (spending, cost, revenue) are a rarity in IT due to several factors, including:

    • Foundation: Weak governance, inadequate skillset, and less than perfect processes and tools.
    • Data: Lack of adequate taxonomy/data model, alongside inaccurate data leading to poor reporting and insights.
    • Language: Lack of a common vocabulary across the organization.
    • Organization culture: No alignment, alongside minimal communication and collaboration between IT and business partners.

    Follow Info-Tech’s approach to move up the ITFM maturity ladder

    Mature your ITFM practice by activating the means to make informed business decisions.

    Info-Tech’s methodology helps you move the dial by focusing on three maturity focus areas:

    • Build an ITFM Foundation
    • Manage and Monitor IT Spending
    • Bridge the Language Barrier

    Info-Tech Insight

    Influence your organization’s strategic direction by maturing your ITFM practice.

    What is ITFM?

    ITFM is not just about finance.

    • ITFM has evolved from traditional budgeting, accounting, and cost optimization; however, it is much more than those activities alone.
    • It starts with understanding the financial implications of technology by adopting different perspectives to become adept in communicating with various stakeholders, including finance, business partners, IT managers, and your CEO.
    • Armed with this knowledge, ITFM helps you address a variety of questions, such as:
      • How are technology funds being spent?
      • Which projects is IT prioritizing and why?
      • What are the resources needed to speed IT delivery?
      • What’s the value of IT within the organization?
    • ITFM’s main objective is thus to improve decision-making capabilities by facilitating communication between IT leaders and stakeholders, while enabling a customer focus attitude throughout the organization.

    “ITFM embeds technology in financial management practices. Through cost, demand, and value, ITFM brings technology and business together, forging the necessary relationships and starting the right conversations to enable the best decisions for the organization.”
    – Monica Braun, Research Director, Info-Tech Research Group

    Your challenge

    IT leaders struggle to articulate and communicate business value.

    • IT spending is often questioned by different stakeholders, such as business partners and various IT business units. These questions, usually resulting from shifts in business needs, may revolve around investments, expenditures, services, and speed to market, among others. While IT may have an idea about its spending habits, aligning it to the business strategy may prove difficult.
    • IT staff often does not have access to, or knowledge of, the business model and its intricacies. In an operational environment, the focus tends to be on technical issues rather than overall value.
    • People tend to fear what they do not know. Some business managers may not be comfortable with technology. They do not recognize the implications and ramifications of certain implementations or understand the related terminology, which puts a strain on any conversation.

    “Value is not the numbers you visualize on a chart, it’s the dialogue this data generates with your business partners and leadership team.”
    – Dave Kish, Practice Lead, Info-Tech Research Group

    Technology is constantly evolving

    Increasing IT spending and decision-making complexity.

    Timeline of IT technology evolution, starting with 'Timesharing' in the 1980s to 'All Things Digital' in the 2020s. 'IT Spend Growth' grows from start to finish.

    Common obstacles

    IT leaders are not able to have constructive dialogues with their stakeholders.

    • The way IT funds are spent has changed significantly, moving from the purchase of discrete hardware and software tools to implementing data lakes, cloud solutions, the metaverse and blockchain. This implies larger investments and more critical decisions. Conversations around interoperability, integration, and service-based solutions that focus more on big-picture architecture than day-to-day operations have become the norm.
    • Speed to market is now a survival criterion for most organizations, requiring IT to shift rapidly based on changing priorities and customer expectations. This leads to the need for greater financial oversight, with the CFO as the gatekeeper. Today’s IT leaders need to possess both business and financial management savvy to justify their spending with various stakeholders.
    • Any IT budget increase is tied to expectations of greater value. Hence, the compelling demands for IT to prove its worth to the business. Promoting value comes in two ways: 1) objectively, based on data, KPIs, and return on investment; and 2) subjectively, based on stakeholder satisfaction, alongside relationships. Building trust, credibility, and confidence can go a long way.

    In a technology-driven world, advances come at a price. With greater spending required, more complex and difficult conversations arise.

    Constructive dialogues are key

    You don’t know what you don’t know.

    • IT, being historically focused on operations, has become a hub for technically savvy personnel. On the downside, technology departments are often alien to business, causing problems such as:
      • IT staff have no knowledge of the business model and lack customer focus.
      • Business is not comfortable with technology and related jargon.
    • The lack of two-way communication and business alignment is hence an important ramification. If the business does not understand technology, and IT does not speak in business terms, where does that lead us?
    • Poor data quality and governance practices, alongside overly manual processes can only exasperate the situation.

    IT Spending Survey

    79% of respondents believe that decisions taking too long to make is either a significant or somewhat of a challenge (Flexera 2022 Tech Spend Pulse; N=501).

    81% of respondents believe that ensuring spend efficiency (avoiding waste) is either a challenge or somewhat of a challenge (Flexera 2022 Tech Spend Pulse; N=501).

    ITFM is trailing behind

    IT leaders must learn to speak business.

    In today’s world, where organizations are driving customer experience through technology investments, having a seat at the table means IT leaders must be well versed in business language and practice, including solid financial management skills.

    However, IT staff across all industries aren’t very confident in how well IT is doing in managing its finances. This becomes evident after looking at three core processes:

    • Demonstrating IT’s value to the business.
    • Accounting of costs and budgets.
    • Optimizing costs to gain the best return on investment.

    Recent data from 4,137 respondents to Info-Tech’s IT Management & Governance Diagnostic shows that while most IT staff feel that these three financial management processes are important, notably fewer feel that IT management is effective at executing on them.

    IT leadership’s capabilities around fundamental cost data capture appear to be lagging, not to mention the essential value-added capabilities around optimizing costs and demonstrating IT’s contribution to business value.

    Bar charts comparing percentages of people who 'Agree process is important' and 'Agree process is effective' for three processes: Business Value, Cost & Budget Management, and Cost Optimization. In all instances, the importance outweighed the perceived effectiveness.
    Source: Info-Tech Research Group, IT Management & Governance Diagnostic, 2023.

    Info-Tech’s approach

    We take a holistic approach to ITFM and support you throughout your maturity journey.

    Visualization of the IT maturity levels with three goals at the bottom, 'Build am ITFM Foundation', 'Manage & Monitor IT Spending', and 'Bridge the Language Barrier'. The 5 levels, from bottom to top, are 'Nascent - Level 1, Inability to consistently deliver financial planning services', 'Cost Operator - Level 2, Rudimentary financial planning capabilities', 'Trusted Coordinator - Level 3, Enablement of business through cost-effective supply of technology', 'Value Optimizer - Level 4, Effective impact on business performance', and 'Strategic Partner - Level 5, Influence on the organization's strategic direction'.

    The Info-Tech difference:

    • Info-Tech has a methodology and set of tools that will help assess your ITFM maturity and take the first step in developing an improvement plan. We have identified three maturity focus areas:
      • Build an ITFM Foundation
      • Manage and Monitor IT Spending
      • Bridge the Language Barrier
    • No matter where you currently stand in your ITFM practice, there is always room for improvement. Hence, a maturity assessment should be viewed as a self-improvement tool, which is only valuable if you are willing to act on it.

    Note: See Appendix A for maturity level definitions and descriptions.

    Climb the maturity ladder

    By growing along three maturity focus areas.

    A diagram with '3 Maturity Focus Areas' and '9 Maturity Levers' within them. The first area is 'Build an ITFM Foundation' with levers 'Establish your Team', 'Set up your Governance Structure', and 'Adopt ITFM Processes & Tools'. The second area is 'Manage & Monitor IT Spending', with levers 'Standardize your Taxonomy & Data Model', 'Identify, Gather & Prepare your Data', and 'Analyze your Findings and Develop your Reports'. The third area is 'Bridge the Language Barrier' with levers 'Communicate your IT Spending', 'Educate the Masses', and 'Influence your Organization's Culture'.

    Info-Tech identified three maturity focus areas, each containing three levers.

    Identify where you stand across the nine maturity levers, detect the gaps, and determine your priorities as a first step to develop an improvement plan.

    Note: See Appendix B for maturity level definitions and descriptions per lever.

    Key project deliverables

    Each step of this activity is accompanied by supporting deliverables to help you accomplish your goals.

    IT Financial Management Maturity Assessment Report Template

    A template of an ITFM maturity assessment report that can be customized based on your own results.

    IT Financial Management Maturity Assessment Tool

    A workbook including an ITFM maturity survey, generating a summary of your current state, target state, and priorities.

    Measure the value of this activity

    Reach your 12-month maturity target.

    • Determine your 12-month maturity target, identify your gaps, and set your priorities.
    • Use the ITFM maturity assessment to kickstart your improvement plan by developing actionable initiatives.
    • Implement your initiatives and monitor your progress to reach your 12-month target.

    Sample of a result page from the ITFM maturity assessment.

    Build your improvement plan and implement your initiatives to move the dial and climb the maturity ladder.

    Sample of a result page from the ITFM maturity assessment with a graph.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Step 1

    Prepare for the ITFM maturity assessment

    Content Overview

    1. Identify your stakeholders
    2. Set the context
    3. Determine the methodology
    4. Identify assessment takers

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    1. Prepare to take the ITFM maturity assessment

    3 hours

    Input: Understanding your context, objectives, and methodology

    Output: ITFM maturity assessment stakeholders and their objectives, ITFM maturity assessment methodology, ITFM maturity assessment takers

    Materials: 1a. Prepare for Assessment tab in the ITFM Maturity Assessment Tool

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Identify your stakeholders and document it in the ITFM Maturity Assessment Tool (see next slides). We recommend having representatives from different business units across the organization, most notably IT, IT finance, finance, and IT audit.
    2. Set the context with your stakeholders and document it in the ITFM Maturity Assessment Tool. Discuss the reason behind taking the ITFM maturity assessment among the various stakeholders. Why do each of your stakeholders want to take the assessment? What are their main objectives? What would they like to achieve?
    3. Determine the methodology and document it in the ITFM Maturity Assessment Tool. Discuss how you want to go about taking the assessment with your stakeholders. Do you want to have representatives from each business unit take the assessment individually, then share and discuss their findings? Do you prefer forming a working group with representatives from each business unit and go through the assessment together? Or does any of your stakeholders have a different suggestion? You will have to consider the effort, skillset, and knowledge required.
    4. Identify the assessment takers and document it in the ITFM Maturity Assessment Tool. Determine who will be taking the assessment (specific names of stakeholders). Consider their availability, knowledge, and skills.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Document your stakeholders, objectives, and methodology

    Excel Workbook: ITFM Maturity Assessment Tool – Prepare for Assessment worksheet

    Refer to the example and guidelines below on how to document stakeholders, objectives, and methodology (table range: columns B to G and rows 8 to 15).

    Example table from the ITFM Maturity Assessment Tool re: 'Maturity Assessment Stakeholders'.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Text Enter the full name of each stakeholder on a separate row.
    D Text Enter the job title related to each stakeholder.
    E Text Enter the objective(s) related to each stakeholder.
    F Text Enter the agreed upon methodology.
    G Text Enter any notes or comments per stakeholder (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the 1a. Prepare for Assessment tab.
    2. Enter the full names and job titles of the ITFM maturity assessment stakeholders.
    3. Document the maturity assessment objective of each of your stakeholders.
    4. Document the agreed-upon methodology.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Document your assessment takers

    Excel Workbook: ITFM Maturity Assessment Tool – Prepare for Assessment worksheet

    Refer to the example and guidelines below on how to document assessment takers (table range: columns B to E and rows 18 to 25).

    Example table from the ITFM Maturity Assessment Tool re: 'Maturity Assessment Takers'.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Text Enter the full name of each assessment taker on a separate row.
    D Text Enter the job title related to each stakeholder to identify which party is being represented per assessment taker.
    E Text Enter any notes or comments per stakeholder (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the 1a. Prepare for Assessment tab.
    2. Enter the full name of each assessment taker, along with the job title of the stakeholder they are representing.

    Download the IT Financial Management Maturity Assessment Tool

    Step 2

    Take the ITFM maturity assessment

    Content Overview

    1. Complete the survey
    2. Review your assessment results
    3. Determine your priorities

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    2. Take the ITFM maturity assessment

    3 hours

    Input: Understanding of your ITFM current state and 12-month target state, ITFM maturity assessment results

    Output: ITFM current- and target-state maturity levels, average scores, and variance, ITFM current- and target-state average scores, variance, and priority by maturity focus area and maturity lever

    Materials: 1b. Glossary, 2a. Assess ITFM Foundation, 2b. Assess Mngt. & Monitoring, 2c. Assess Language, and 3. Assessment Summary tabs in the ITFM Maturity Assessment Tool

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Complete the survey: select the current and target state of each statement – refer to the glossary as needed for definitions of key terms – in the ITFM Maturity Assessment Tool (see next slides). There are three tabs (one per maturity focus area) with three tables each (nine maturity levers). Review and discuss statements with all assessment takers: consider variations, differing opinions, and reach an agreement on each statement inputs.
    2. Review assessment results: navigate to the Assessment Summary tab in the ITFM maturity assessment tool (see next slides) to view your results. Review and discuss with all assessment takers: consider any shocking output and adjust survey input if necessary.
    3. Determine your priorities: decide on the priority (Low/Medium/High) by maturity focus area and/or maturity lever. Rank your maturity focus area priorities from 1 to 3 and your maturity lever priorities from 1 to 9. Consider the feasibility in terms of timeframe, effort, and skillset required, positive and negative impacts on business and technology, likelihood of failure, and necessary approvals. Document your priorities in the ITFM maturity assessment tool (see next slides).
      Review and discuss priorities with all assessment takers: consider variations, differing opinions, and reach an agreement on each priority.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Complete the survey

    Excel workbook: ITFM Maturity Assessment Tool – Survey worksheets

    Refer to the example and guidelines below on how to complete the survey.

    Example table from the ITFM Maturity Assessment Tool re: Survey worksheets.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Formula Automatic calculation, no entry required: ITFM maturity statement to assess.
    D, E Dropdown Select the maturity levels of your current and target states. One of five maturity levels for each statement, from “1. Nonexistent” (lowest maturity) to “5. Advanced” (highest maturity).
    F, G, H Formula Automatic calculation, no entry required: scores associated with your current and target state selection, along with related variance (column G – column F).
    I Text Enter any notes or comments per ITFM maturity statement (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the survey tabs: 2a. Assess ITFM Foundation, 2b. Assess Management and Monitoring, and 2c. Assess Language.
    2. Select the appropriate current and target maturity levels.
    3. Add any notes or comments per ITFM maturity statement where necessary or helpful.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Review your overall result

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example and guidelines below on how to review your results.

    Example table from the ITFM Maturity Assessment Tool re: Assessment Summary worksheet.

    Column ID Input Type Guidelines
    K Formula Automatic calculation, no entry required.
    L Formula Automatic calculation, no entry required: Current State, Target State, and Variance entries. Please ignore the current state benchmark, it’s a placeholder for future reference.
    M Formula Automatic calculation, no entry required: average overall maturity score for your Current State and Target State entries, along with related Variance.
    N, O Formula Automatic calculation, no entry required: maturity level and related name based on the overall average score (column M), where level 1 corresponds to an average score less than or equal to 1.49, level 2 corresponds to an average score between 1.5 and 2.49 (inclusive), level 3 corresponds to an average score between 2.5 and 3.49 (inclusive), level 4 corresponds to an average score between 3.5 and 4.49 (inclusive), and level 5 corresponds to an average score between 4.5 and 5 (inclusive).
    P, Q Formula Automatic calculation, no entry required: maturity definition and related description based on the maturity level (column N).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to tab 3. Assessment Summary.
    2. Review your overall current state and target state result along with the corresponding variance.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Set your priorities

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example and guidelines below on how to review your results per maturity focus area and maturity lever, then prioritize accordingly.

    Example table from the ITFM Maturity Assessment Tool re: Assessment Summary worksheet.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Formula Automatic calculation, no entry required: ITFM maturity focus area or lever, depending on the table.
    D Placeholder Ignore this column because it’s a placeholder for future reference.
    E, F, G Formula Automatic calculation, no entry required: average score related to the current state and target state, along with the corresponding variance per maturity focus area or lever (depending on the table).
    H Formula Automatic calculation, no entry required: preliminary priority based on the average variance (column G), where Low corresponds to an average variance between 0 and 0.5 (inclusive), Medium corresponds to an average variance between 0.51 and 0.99 (inclusive), and High corresponds to an average variance greater than or equal to 1.
    J Dropdown Select your final priority (Low, Medium, or High) per ITFM maturity focus area or lever, depending on the table.
    K Whole Number Enter the appropriate rank based on your priorities; do not use the same number more than once. A whole number between 1 and 3 to rank ITFM maturity focus areas, and between 1 and 9 to rank ITFM maturity levers, depending on the table.

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to tab 3. Assessment Summary.
    2. Review your current-state and target-state result along with the corresponding variance per maturity focus area and maturity lever.
    3. Select the appropriate priority for each maturity focus area and maturity lever.
    4. Enter a unique rank for each maturity focus area (1 to 3).
    5. Enter a unique rank for each maturity lever (1 to 9).

    Download the IT Financial Management Maturity Assessment Tool

    Step 3

    Communicate your ITFM maturity results

    Content Overview

    1. Review your assessment charts
    2. Customize the assessment report
    3. Communicate your results

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    3. Communicate your ITFM maturity results

    3 hours

    Input: ITFM maturity assessment results

    Output: Customized ITFM maturity assessment report

    Materials: 3. Assessment Summary tab in the ITFM Maturity Assessment Tool, ITFM Maturity Assessment Report Template

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Review assessment charts: navigate to the Assessment Summary tab in the ITFM Maturity Assessment Tool (see next slides) to view your results and related charts.
    2. Edit the report template: complete the template based on your results and priorities to develop your customized ITFM maturity assessment report (see next slide).
    3. Communicate results: communicate and deliberate the assessment results with assessment takers at a first stage, and with your stakeholders at a second stage. The objective is to agree on next steps, including developing an improvement plan.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Review assessment charts

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example below on charts depicting different views of the maturity assessment results across the three focus areas and nine levers.

    Samples of different tabs from the ITFM Maturity Assessment Tool: 'Assessment Summary tab: From cell B49 to cell M100' and 'Assessment Summary tab: From cell K13 to cell Q34'.

    From the Excel workbook, after completing your potential initiatives and filling all related entries in the Outline Initiatives tab:

    1. Navigate to tab 3. Assessment Summary.
    2. Review each of the charts.
    3. Navigate back to the survey tabs to examine, drill down, and amend individual entries as you deem necessary.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Customize your report

    PowerPoint presentation: ITFM Maturity Assessment Report Template

    Refer to the example below on slides depicting different views of the maturity assessment results across the three maturity focus areas and nine maturity levers.

    Samples of different slides from the ITFM Maturity Assessment Report Template, detailed below.

    Slide 6: Edit levels based on your assessment results. Copy and paste the appropriate maturity level definition and description from slide 4.

    Slide 7: Copy related charts from the assessment summary tab in the Excel workbook and remove the chart title. You can use the “Outer Offset: Bottom” shadow under shape effects on the chart.

    Slide 8: Copy related charts from the assessment summary tab in the Excel workbook and remove the chart title and legend. You can use the “Outer Offset: Center” shadow under shape effects on the chart.

    From the ITFM Maturity Assessment Report Template:

    1. Edit the report based on your results found in the assessment summary tab of the Excel workbook (see previous slide).
    2. Review slides 6 to 8 and bring necessary adjustments.

    Download the IT Financial Management Maturity Assessment Report Template

    Make informed business decisions

    Take a holistic approach to ITFM.

    • A thorough understanding of your technology spending in relation to business needs and drivers is essential to make informed decisions. As a trusted partner, you cannot have effective conversations around budgets and cost optimization without a solid foundation.
    • It is important to realize that ITFM is not a one-time exercise, but a continuous, sustainable process to educate (teach, mentor, and train), increase transparency, and assign responsibility.
    • Move up the ITFM maturity ladder by improving across three maturity focus areas:
      • Build an ITFM Foundation
      • Manage and Monitor IT Spending
      • Bridge the Language Barrier

    What’s Next?

    Communicate your maturity results with stakeholders and develop an actionable ITFM improvement plan.

    And remember, having informed discussions with your business partners and stakeholders, where technology helps propel your organization forward, is priceless!

    IT Financial Management Team

    Photo of Dave Kish, Practice Lead, ITFM Practice, Info-Tech Research Group. Dave Kish
    Practice Lead, ITFM Practice
    Info-Tech Research Group
    Photo of Jennifer Perrier, Principal Research Director, ITFM Practice, Info-Tech Research Group. Jennifer Perrier
    Principal Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Angie Reynolds, Principal Research Director, ITFM Practice, Info-Tech Research Group. Angie Reynolds
    Principal Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group. Monica Braun
    Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group. Rex Ding
    Research Specialist, ITFM Practice
    Info-Tech Research Group
    Photo of Aman Kumari, Research Specialist, ITFM Practice, Info-Tech Research Group. Aman Kumari
    Research Specialist, ITFM Practice
    Info-Tech Research Group

    Research Contributors and Experts

    Photo of Amy Byalick, Vice President, IT Finance, Info-Tech Research Group. Amy Byalick
    Vice President, IT Finance
    Info-Tech Research Group
    Amy Byalick is an IT Finance practitioner with 15 years of experience supporting CIOs and IT leaders elevating the IT financial storytelling and unlocking insights. Amy is currently working at Johnson Controls as the VP, IT Finance, previously working at PepsiCo, AmerisourceBergen, and Jacobs.
    Photo of Carol Carr, Technical Counselor, Executive Services, Info-Tech Research Group. Carol Carr
    Technical Counselor, Executive Services
    Info-Tech Research Group
    Photo of Scott Fairholm, Executive Counselor, Executive Services, Info-Tech Research Group. Scott Fairholm
    Executive Counselor, Executive Services
    Info-Tech Research Group
    Photo of Gokul Rajan, Executive Counselor, Executive Services, Info-Tech Research Group. Gokul Rajan
    Executive Counselor, Executive Services
    Info-Tech Research Group
    Photo of Allison Kinnaird, Practice Lead, Infrastructure & Operations, Info-Tech Research Group. Allison Kinnaird
    Practice Lead, Infrastructure & Operations
    Info-Tech Research Group
    Photo of Isabelle Hertanto, Practice Lead, Security & Privacy, Info-Tech Research Group. Isabelle Hertanto
    Practice Lead, Security & Privacy
    Info-Tech Research Group

    Related Info-Tech Research

    Sample of the IT spending transparency research. Achieve IT Spending Transparency

    Mature your ITFM practice by activating the means to make informed business decisions.

    Sample of the IT cost optimization roadmap research. Build Your IT Cost Optimization Roadmap

    Develop an IT cost optimization strategy based on your specific circumstances and timeline.

    Bibliography

    Eby, Kate. “The Complete Guide to Organizational Maturity: Models, Levels, and Assessments.” Smartsheet, 8 June 2022. Web.

    “Financial Management Maturity Model.” National Audit Office, n.d. Accessed 28 Apr. 2023.

    “ITFM/TBM Program Maturity Guide.” Nicus Software, n.d. Accessed 28 Apr. 2023.

    Jouravlev, Roman. "Service Financial Management: ITIL 4 Practice Guide." Axelos, 2020.

    McCarthy, Seamus. “Financial Management Maturity Model: A Good Practice Guide.” Office of the Comptroller & Auditor General, 26 June 2018. Web.

    “Principles for Effective Risk Data Aggregation and Risk Reporting.“ Bank for International Settlements, Jan. 2013. Web.

    “Role & Influence of the Technology Decision-Maker 2022.” Foundry, 2022. Web.

    Stackpole, Beth. “State of the CIO, 2022: Focus turns to IT fundamentals.” CIO, 21 March 2022. Web.

    “Tech Spend Pulse.” Flexera, 2022. Web.

    Appendix A

    Definition and Description
    Per Maturity Level

    ITFM maturity levels and definitions

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to consistently deliver financial planning services ITFM practices are almost inexistent. Only the most basic financial tasks and activities are being performed on an ad hoc basis to fulfill the Finance department’s requests.
    Cost Operator
    Level 2
    Rudimentary financial planning capabilities. ITFM activities revolve around minimizing the IT budget as much as possible. ITFM practices are not well defined, and IT’s financial view is limited to day-to-day technical operations.
    IT is only involved in low complexity decision making, where financial conversations center on general ledger items and IT spending.
    Trusted Coordinator
    Level 3
    Enablement of business through cost-effective supply of technology. ITFM activities revolve around becoming a proficient and cost-effective technology supplier to business partners.
    ITFM practices are in place, with moderate coordination and adherence to execution. Various IT business units coordinate to produce a consolidated financial view focused on business services.
    IT is involved in moderate complexity decision making, as a technology subject matter expert, where financial conversations center on IT spending in relation to technology services or solutions provided to business partners.
    Value Optimizer
    Level 4
    Effective impact on business performance. ITFM activities revolve around optimizing existing technology investments to improve both IT and business performance.
    ITFM practices are well managed, established, documented, repeatable, and integrated as necessary across the organization. IT’s financial view tie technology investments to lines of business, business products, and business capabilities.
    Business partners are well informed on the technology mix and drive related discussion. IT is trusted to contribute to complex decision making around existing investments to cost-effectively plan initiatives, as well as enhance business performance.
    Strategic Partner
    Level 5
    Influence on the organization’s strategic direction. ITFM activities revolve around predicting the outcome of new or potential technology investments to continuously optimize business performance.
    ITFM practices are fully optimized, reviewed, and improved in a continuous and sustainable manner, and related execution is tracked by gathering qualitative and quantitative feedback. IT’s financial view is holistic and fully integrated with the business, with an outlook on innovation, growth, and strategic transformation.
    Business and IT leaders know the financial ramifications of every business and technology investment decision. IT is trusted to contribute to strategic decision making around potential and future investments to grow and transform the business.

    Appendix B

    Maturity Level Definitions and Descriptions
    Per Lever

    Establish your ITFM team

    Maturity focus area: Build an ITFM foundation.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide any type of financial insight.ITFM tasks, activities, and functions are not being met in any way, shape, or form.
    Cost Operator
    Level 2
    Ability to provide basic financial insights.There is no dedicated ITFM team.


    Basic ITFM tasks, activities, and functions are being performed on an ad hoc basis, such as high-level budget reporting.

    Trusted Coordinator
    Level 3
    Ability to provide basic business insights.A dedicated team is fulfilling essential ITFM tasks, activities, and functions.


    ITFM team can combine and analyze financial and technology data to produce necessary reports.

    Value Optimizer
    Level 4
    Ability to provide valuable business driven insights.A dedicated ITFM team with well-defined roles and responsibilities can provide effective advice to IT leaders, in a timely fashion, and positively influence IT decisions.
    Strategic Partner
    Level 5
    Ability to influence both technology and business decisions.A dedicated and highly specialized ITFM team is trusted and valued by both IT and Business leaders.


    Insights provided by the ITFM team can influence and shape the organization’s strategy.

    Set up your governance structure

    Maturity focus area: Build an ITFM foundation

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to ensure any adherence to rules and regulations.ITFM frameworks, guidelines, policies, and procedures are not developed nor documented.
    Cost Operator
    Level 2
    Ability to ensure basic adherence to rules and regulations.Basic ITFM frameworks, guidelines, policies, and procedures are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation.
    Trusted Coordinator
    Level 3
    Ability to ensure compliance to rules and regulations, as well as accountability across ITFM processes.Essential ITFM frameworks, guidelines, policies, and procedures are in place, coherent, and documented, aiming to (a) comply with rules and regulations, and (b) provide clear accountability.
    Value Optimizer
    Level 4
    Ability to ensure compliance to rules and regulations, as well as structure, transparency, and business alignment across ITFM processes.ITFM frameworks, guidelines, policies, and procedures are well defined, coherent, documented, and regularly reviewed, aiming to (a) comply with rules and regulations, (b) provide clear accountability, and (c) maintain business alignment.
    Strategic Partner
    Level 5
    Ability to:
    • Ensure compliance to rules and regulations, as well as ITFM processes are transparent, structured, focused on business objectives, and support decision making.
    • Reinforce and shape the organization culture.
    ITFM frameworks, guidelines, policies, and procedures are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) comply with rules and regulations, (b) provide clear accountability, (c) maintain business alignment, and (d) facilitate the decision-making process.


    Enforcement of the ITFM governance structure can influence the organization culture.

    Adopt ITFM processes and tools

    Maturity focus area: Build an ITFM foundation.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to deliver IT financial planning and performance output.ITFM processes and tools are not developed nor documented.
    Cost Operator
    Level 2
    Ability to deliver basic IT financial planning output.Basic ITFM processes and tools are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation.
    Trusted Coordinator
    Level 3
    Ability to deliver accurate IT financial output and basic IT performance output in a consistent cadence.Essential ITFM processes and tools are in place, coherent, and documented, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; and (c) provide clear accountability. ITFM tools and processes are adopted by the ITFM team and some IT business units but are not fully integrated.
    Value Optimizer
    Level 4
    Ability to deliver accurate IT financial planning and performance output at the needed level of detail to stakeholders in a consistent cadence.ITFM processes and tools are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; (c) provide clear accountability; and (d) facilitate decision-making. ITFM tools and processes are adopted by IT and business partners but are not fully integrated.
    Strategic Partner
    Level 5
    Ability to:
    • Deliver accurate IT financial planning and performance output at the needed level of detail to stakeholders.
    • Leverage IT financial planning and performance output in real time and when needed by stakeholders.
    ITFM processes and tools are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; (c) provide clear accountability; and (d) facilitate decision making.


    ITFM processes and tools are automated to the full extent needed by the organization, utilized to their full potential, and integrated into a single enterprise platform, providing a holistic view of IT spending and IT performance.

    Standardize your taxonomy and data model

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide transparency across technology spending.ITFM taxonomy and data model are not developed nor documented.
    Cost Operator
    Level 2
    Ability to provide transparency and support IT financial planning data, analysis, and reporting needs of finance stakeholders.ITFM taxonomy and data model are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation, to comply with, and meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT and finance stakeholders.ITFM taxonomy and data model are in place, coherent, and documented to meet the needs of IT and finance stakeholders.
    Value Optimizer
    Level 4
    Ability to provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT, finance, business, and executive stakeholders.ITFM taxonomy and data model are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to provide (a) a holistic view of IT spending and IT performance, (b) visibility and transparency, (c) flexibility, and (d) valuable insights to facilitate data driven decision making.


    ITFM taxonomy and data model are standardized to meet the needs of IT, finance, business, and executive stakeholders, but not flexible enough to be adjusted in a timely fashion as needed.

    Strategic Partner
    Level 5
    Ability to:
    • Provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT, finance, business, and executive stakeholders.
    • Change to meet evolving needs.
    ITFM taxonomy and data model are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to provide (a) a holistic view of IT spending and IT performance, (b) visibility and transparency, (c) flexibility, and (d) valuable insights to facilitate data driven decision making.


    ITFM taxonomy and data model are standardized and meet the changing needs of IT, finance, business, and executive stakeholders.

    Identify, gather, and prepare your data

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide accurate and complete across technology spending.ITFM data needs and requirements are not understood.
    Cost Operator
    Level 2
    Ability to provide accurate, but incomplete IT financial planning data to meet the needs of finance stakeholders.Technology spending data is extracted, transformed, and loaded on an ad hoc basis to meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide accurate and complete IT financial planning data to meet the needs of IT and finance stakeholders, but IT performance data remain incomplete.IT financial planning data is extracted, transformed, and loaded in a regular cadence to meet the needs of IT and finance stakeholders.


    IT financial planning data is (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, and (c) sourced from the organization’s system of record.

    Value Optimizer
    Level 4
    Ability to provide accurate and complete IT financial planning and performance data to meet the needs of IT, finance, business, and executive stakeholders.ITFM data needs and requirements are understood.


    ITFM data is extracted, transformed, and loaded in a regular cadence to meet the needs of IT, finance, business, and executive stakeholders.


    IT financial planning and performance data are (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, and (c) sourced from the organization’s system of record.

    Strategic Partner
    Level 5
    Ability to provide accurate and complete IT financial planning and performance data real time and when needed by IT, finance, business, and executive stakeholders.ITFM data needs and requirements are understood.


    IT financial planning and performance data are (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, (c) available and refreshed as needed, and (d) sourced from the organization’s system of record.

    Analyze your findings and develop your reports

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide any type of financial insight.ITFM analysis and reports are not developed nor documented.
    Cost Operator
    Level 2
    Ability to provide basic financial insights.IT financial planning analysis is conducted on an ad hoc basis to meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide basic financial planning and performance insights to meet the needs of IT and finance stakeholders.IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.).


    IT financial planning and performance reports are accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.).

    Value Optimizer
    Level 4
    Ability to provide practical insights and useful recommendations as needed by IT, finance, business, and executive stakeholders to facilitate business decision making around technology investments.ITFM analysis and reports support business decision making around technology investments.


    IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.).


    IT financial planning and performance reports are (a) accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.), (b) fit for purpose, and (c) regularly validated for inconsistencies.

    Strategic Partner
    Level 5
    Ability to provide practical insights and useful recommendations as needed by IT, finance, business, and executive stakeholders to facilitate strategic decision making.ITFM analysis and reports support strategic decision making.


    IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.), and consider multiple point of views (hypotheses, interpretations, opinions, etc.).


    IT financial planning and performance reports are (a) accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.), (b) fit for purpose, (c) comprehensive, and (d) regularly validated for inconsistencies.

    Communicate your IT spending

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability of organization stakeholders to communicate and understand each other.The organization stakeholders including IT, finance, business, and executives do not understand one another, and cannot speak the same language.
    Cost Operator
    Level 2
    Ability to understand business and finance requirements.IT understands and meets business and financial planning requirements but does not communicate in a similar language.


    IT cannot influence finance or business decision making.

    Trusted Coordinator
    Level 3
    Ability to understand the needs of different stakeholders including IT, finance, business, and executives and take part in decision making around technology spending.The organization stakeholders including IT, finance, business, and executives understand each other’s needs, but do not communicate in a common language.


    IT leaders provide insights as technology subject matter experts, where conversations center on IT spending in relation to technology services or solutions provided to business partners.


    IT can influence technology decisions around its own budget.

    Value Optimizer
    Level 4
    Ability to communicate in a common vocabulary across the organization and take part in business decision making around technology investments.The organization stakeholders including IT, finance, business, and executives communicate in a common vocabulary and understand one another.


    IT and business leaders, along with their respective teams, collaborate frequently across various initiatives.


    IT leaders provide valuable insight to support and influence business decision making around existing technology investments.

    Strategic Partner
    Level 5
    Ability to communicate in a common vocabulary across the organization and take part in strategic decision making.The organization stakeholders including IT, finance, business, and executives communicate in a common vocabulary and understand one another.


    IT and business leaders, along with their respective teams, collaborate frequently across various initiatives.


    IT leaders provide valuable insight to facilitate decision making around potential and future investments to grow and transform the business, thus influencing the organization’s overall strategic direction.

    Educate the masses

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability of organization stakeholders to acquire knowledge.Educational resources are inexistent.
    Cost Operator
    Level 2
    Ability to acquire financial knowledge and understand financial concepts.IT leaders have access to educational resources to gain the financial knowledge necessary to perform their duties.
    Trusted Coordinator
    Level 3
    Ability to acquire financial and business knowledge and understand related concepts.IT leaders and their respective teams have access to educational resources to gain the financial and business knowledge necessary to perform their duties.


    ITFM team has access to the necessary educational resources to keep up with changing financial regulations and technology developments.

    Value Optimizer
    Level 4
    Ability to acquire knowledge, across technology, business, and finance as needed by different organization stakeholders, and the leadership understand concepts across these various domains.Stakeholders including IT, finance, business, and executives have access to various educational resources to gain knowledge in different domains as needed.


    IT leaders have a good understanding of business and financial concepts.


    Business leaders have a good understanding of technology concepts.

    Strategic Partner
    Level 5
    Ability to acquire knowledge, and understand concepts across technology, business, and finance as needed by different organization stakeholders.The organization promotes continuous learning through well designed programs including training, mentorship, and academic courses. Thus, stakeholders including IT, finance, business, and executives have access to various educational resources to gain knowledge in different domains as needed.


    IT leaders and their respective teams have a good understanding of business and financial concepts.


    Business leaders and their respective teams have a good understanding of technology concepts.

    Influence your organization’s culture

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide and foster an environment of collaboration and continuous improvement.Stakeholders including IT, finance, business, and executives operate in silos, and collaboration between different teams is inexistent.
    Cost Operator
    Level 2
    Ability to provide an environment of cooperation to meet the needs of IT, finance, and business leaders.IT, finance, and business leaders cooperate to meet financial planning requirements as necessary to perform their duties.
    Trusted Coordinator
    Level 3
    Ability to provide and foster an environment of collaboration across the organization.IT, finance, and business collaborate on various initiatives.

    ITFM employees are trusted and supported by their stakeholders (IT, finance, and business).

    Value Optimizer
    Level 4
    Ability to provide and foster an environment of collaboration and continuous improvement, where employees across the organization feel trusted, supported, empowered, and valued.Stakeholders including IT, finance, business, and executives support and promote continuous improvement, transparency practices, and collaboration across the organization.


    Employees are trusted, supported, empowered, and valued.

    Strategic Partner
    Level 5
    Ability to provide and foster an environment of collaboration and continuous improvement, where leaders are willing to change, and employees across the organization feel trusted, supported, empowered, and valued.Stakeholders including IT, finance, business, and executives support and promote continuous improvement, transparency practices, and collaboration across the organization.


    The organization’s leadership is adaptable and open to change.


    Employees are trusted, supported, empowered, and valued.

    Mitigate Machine Bias

    • Buy Link or Shortcode: {j2store}343|cart{/j2store}
    • member rating overall impact (scale of 10): 8.8/10 Overall Impact
    • member rating average dollars saved: $9,549 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy
    • AI is the new electricity. It is fundamentally and radically changing the fabric of our world, from the way we conduct business, to how we work and live, make decisions, and engage with each other, to how we organize our society, and ultimately, to who we are. Organizations are starting to adopt AI to increase efficiency, better engage customers, and make faster, more accurate decisions.
    • Like with any new technology, there is a flip side, a dark side, to AI – machine biases. If unchecked, machine biases replicate, amplify, and systematize societal biases. Biased AI systems may treat some of your customers (or employees) differently, based on their race, gender, identity, age, etc. This is discrimination, and it is against the law. It is also bad for business, including missed opportunities, lost consumer confidence, reputational risk, regulatory sanctions, and lawsuits.

    Our Advice

    Critical Insight

    • Machine biases are not intentional. They reflect the cognitive biases, preconceptions, and judgement of the creators of AI systems and the societal structures encoded in the data sets used for machine learning.
    • Machine biases cannot be prevented or fully eliminated. Early identification and diversity in and by design are key. Like with privacy and security breaches, early identification and intervention – ideally at the ideation phase – is the best strategy. Forewarned is forearmed. Prevention starts with a culture of diversity, inclusivity, openness, and collaboration.
    • Machine bias is enterprise risk. Machine bias is not a technical issue. It is a social, political, and business problem. Integrate it into your enterprise risk management (ERM).

    Impact and Result

    • Just because machine biases are induced by human behavior, which is also captured in data silos, they are not inevitable. By asking the right questions upfront during application design, you can prevent many of them.
    • Biases can be introduced into an AI system at any stage of the development process, from the data you collect, to the way you collect it, to which algorithms are used, to which assumptions are made, etc. Ask your data science team a lot of questions; leave no stone unturned.
    • Don’t wait until “Datasheets for Datasets” and “Model Cards for Model Reporting” (or similar frameworks) become standards. Start creating these documents now to identify and analyze biases in your apps. If using open-source data sets or libraries, you may need to create them yourself for now. If working with partners or using AI/ ML services, demand that they provide such information as part of the engagement. You, not your partners, are ultimately responsible for the AI-powered product or service you deliver to your customers or employees.
    • Build a culture of diversity, transparency, inclusivity, and collaboration – the best mechanism to prevent and address machine biases.
    • Treat machine bias as enterprise risk. Use your ERM to guide all decisions around machine biases and their mitigation.

    Mitigate Machine Bias Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the dark side of AI: algorithmic (machine) biases, how they emerge, why they are dangerous, and how to mitigate them. Review Info-Tech’s methodology and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand AI biases

    Learn about machine biases, how and where they arise in AI systems, and how they relate to human cognitive and societal biases.

    • Mitigate Machine Bias – Phase 1: Understand AI Biases

    2. Identify data biases

    Learn about data biases and how to mitigate them.

    • Mitigate Machine Bias – Phase 2: Identify Data Biases
    • Datasheets for Data Sets Template
    • Datasheets for Datasets

    3. Identify model biases

    Learn about model biases and how to mitigate them.

    • Mitigate Machine Bias – Phase 3: Identify Model Biases
    • Model Cards for Model Reporting Template
    • Model Cards For Model Reporting

    4. Mitigate machine biases and risk

    Learn about approaches for proactive and effective bias prevention and mitigation.

    • Mitigate Machine Bias – Phase 4: Mitigate Machine Biases and Risk
    [infographic]

    Workshop: Mitigate Machine Bias

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare

    The Purpose

    Understand your organization’s maturity with respect to data and analytics in order to maximize workshop value.

    Key Benefits Achieved

    Workshop content aligned to your organization’s level of maturity and business objectives.

    Activities

    1.1 Execute Data Culture Diagnostic.

    1.2 Review current analytics strategy.

    1.3 Review organization's business and IT strategy.

    1.4 Review other supporting documentation.

    1.5 Confirm participant list for workshop.

    Outputs

    Data Culture Diagnostic report.

    2 Understand Machine Biases

    The Purpose

    Develop a good understanding of machine biases and how they emerge from human cognitive and societal biases. Learn about the machine learning process and how it relates to machine bias.

    Select an ML/AI project and complete a bias risk assessment.

    Key Benefits Achieved

    A solid understanding of algorithmic biases and the need to mitigate them.

    Increased insight into how new technologies such as ML and AI impact organizational risk.

    Customized bias risk assessment template.

    Completed bias risk assessment for selected project.

    Activities

    2.1 Review primer on AI and machine learning (ML).

    2.2 Review primer on human and machine biases.

    2.3 Understand business context and objective for AI in your organization.

    2.4 Discuss selected AI/ML/data science project or use case.

    2.5 Review and modify bias risk assessment.

    2.6 Complete bias risk assessment for selected project.

    Outputs

    Bias risk assessment template customized for your organization.

    Completed bias risk assessment for selected project.

    3 Identify Data Biases

    The Purpose

    Learn about data biases: what they are and where they originate.

    Learn how to address or mitigate data biases.

    Identify data biases in selected project.

    Key Benefits Achieved

    A solid understanding of data biases and how to mitigate them.

    Customized Datasheets for Data Sets Template.

    Completed datasheet for data sets for selected project.

    Activities

    3.1 Review machine learning process.

    3.2 Review examples of data biases and why and how they happen.

    3.3 Identify possible data biases in selected project.

    3.4 Discuss “Datasheets for Datasets” framework.

    3.5 Modify Datasheets for Data Sets Template for your organization.

    3.6 Complete datasheet for data sets for selected project.

    Outputs

    Datasheets for Data Sets Template customized for your organization.

    Completed datasheet for data sets for selected project.

    4 Identify Model Biases

    The Purpose

    Learn about model biases: what they are and where they originate.

    Learn how to address or mitigate model biases.

    Identify model biases in selected project.

    Key Benefits Achieved

    A solid understanding of model biases and how to mitigate them.

    Customized Model Cards for Model Reporting Template.

    Completed model card for selected project.

    Activities

    4.1 Review machine learning process.

    4.2 Review examples of model biases and why and how they happen.

    4.3 Identify potential model biases in selected project.

    4.4 Discuss Model Cards For Model Reporting framework.

    4.5 Modify Model Cards for Model Reporting Template for your organization.

    4.6 Complete model card for selected project.

    Outputs

    Model Cards for Model Reporting Template customized for your organization.

    Completed model card for selected project.

    5 Create Mitigation Plan

    The Purpose

    Review mitigation approach and best practices to control machine bias.

    Create mitigation plan to address machine biases in selected project. Align with enterprise risk management (ERM).

    Key Benefits Achieved

    A solid understanding of the cultural dimension of algorithmic bias prevention and mitigation and best practices.

    Drafted plan to mitigate machine biases in selected project.

    Activities

    5.1 Review and discuss lessons learned.

    5.2 Create mitigation plan to address machine biases in selected project.

    5.3 Review mitigation approach and best practices to control machine bias.

    5.4 Identify gaps and discuss remediation.

    Outputs

    Summary of challenges and recommendations to systematically identify and mitigate machine biases.

    Plan to mitigate machine biases in selected project.

    Become a Strategic CIO

    • Buy Link or Shortcode: {j2store}80|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $10,000 Average $ Saved
    • member rating average days saved: 15 Average Days Saved
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • As a CIO, you are currently operating in a stable and trusted IT environment, but you would like to advance your role to strategic business partner.
    • CIOs are often overlooked as a strategic partner by their peers, and therefore face the challenge of proving they deserve a seat at the table.

    Our Advice

    Critical Insight

    • To become a strategic business partner, you must think and act as a business person that works in IT, rather than an IT person that works for the business.
    • Career advancement is not a solo effort. Building relationships with your executive business stakeholders will be critical to becoming a respected business partner.

    Impact and Result

    • Create a personal development plan and stakeholder management strategy to accelerate your career and become a strategic business partner. For a CIO to be considered a strategic business partner, he or she must be able to:
      • Act as a business person that works in IT, rather than an IT person that works for the business. This involves meeting executive stakeholder expectations, facilitating innovation, and managing stakeholder relationships.
      • Align IT with the customer. This involves providing business stakeholders with information to support stronger decision making, keeping up with disruptive technologies, and constantly adapting to the ever-changing end-customer needs.
      • Manage talent and change. This involves performing strategic workforce planning, and being actively engaged in identifying opportunities to introduce change in your organization, suggesting ways to improve, and then acting on them.

    Become a Strategic CIO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should become a strategic CIO, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch

    Analyze strategic CIO competencies and assess business stakeholder satisfaction with IT using Info-Tech's CIO Business Vision Diagnostic and CXO-CIO Alignment Program.

    • Become a Strategic CIO – Phase 1: Launch

    2. Assess

    Evaluate strategic CIO competencies and business stakeholder relationships.

    • Become a Strategic CIO – Phase 2: Assess
    • CIO Strategic Competency Evaluation Tool
    • CIO Stakeholder Power Map Template

    3. Plan

    Create a personal development plan and stakeholder management strategy.

    • Become a Strategic CIO – Phase 3: Plan
    • CIO Personal Development Plan
    • CIO Stakeholder Management Strategy Template

    4. Execute

    Develop a scorecard to track personal development initiatives.

    • Become a Strategic CIO – Phase 4: Execute
    • CIO Strategic Competency Scorecard
    [infographic]

    Workshop: Become a Strategic CIO

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Competencies & Stakeholder Relationships

    The Purpose

    Gather and review information from business stakeholders.

    Assess strategic CIO competencies and business stakeholder relationships.

    Key Benefits Achieved

    Gathered information to create a personal development plan and stakeholder management strategy.

    Analyzed the information from diagnostics and determined the appropriate next steps.

    Identified and prioritized strategic CIO competency gaps.

    Evaluated the power, impact, and support of key business stakeholders.

    Activities

    1.1 Conduct CIO Business Vision diagnostic

    1.2 Conduct CXO-CIO Alignment program

    1.3 Assess CIO competencies

    1.4 Assess business stakeholder relationships

    Outputs

    CIO Business Vision results

    CXO-CIO Alignment Program results

    CIO competency gaps

    Executive Stakeholder Power Map

    2 Take Control of Your Personal Development

    The Purpose

    Create a personal development plan and stakeholder management strategy.

    Track your personal development and establish checkpoints to revise initiatives.

    Key Benefits Achieved

    Identified personal development and stakeholder engagement initiatives to bridge high priority competency gaps.

    Identified key performance indicators and benchmarks/targets to track competency development.

    Activities

    2.1 Create a personal development plan

    2.2 Create a stakeholder management strategy

    2.3 Establish key performance indicators and benchmarks/targets

    Outputs

    Personal Development Plan

    Stakeholder Management Strategy

    Strategic CIO Competency Scorecard

    Engineer Your Event Management Process

    • Buy Link or Shortcode: {j2store}461|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management

    Build an event management practice that is situated in the larger service management environment. Purposefully choose valuable events to track and predefine their associated actions to cut down on data clutter.

    Our Advice

    Critical Insight

    Event management is useless in isolation. The goals come from the pain points of other ITSM practices. Build handoffs to other service management practices to drive the proper action when an event is detected.

    Impact and Result

    Create a repeatable framework to define monitored events, their root cause, and their associated action. Record your monitored events in a catalog to stay organized.

    Engineer Your Event Management Process Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Engineer Your Event Management Deck – A step-by-step document that walks you through how to choose meaningful, monitored events to track and action.

    Engineer your event management practice with tracked events informed by the business impact of the related systems, applications, and services. This storyboard will help you properly define and catalog events so you can properly respond when alerted.

    • Engineer Your Event Management Process – Phases 1-3

    2. Event Management Cookbook – A guide to help you walk through every step of scoping event management and defining every event you track in your IT environment.

    Use this tool to define your workflow for adding new events to track. This cookbook includes the considerations you need to include for every tracked event as well as the roles and responsibilities of those involved with event management.

    • Event Management Cookbook

    3. Event Management Catalog – Using the Event Management Cookbook as a guide, record all your tracked events in the Event Management Catalog.

    Use this tool to record your tracked events and alerts in one place. This catalog allows you to record the rationale, root-cause, action, and data governance for all your monitored events.

    • Event Management Catalog

    4. Event Management Workflow – Define your event management handoffs to other service management practices.

    Use this template to help define your event management handoffs to other service management practices including change management, incident management, and problem management.

    • Event Management Workflow (Visio)
    • Event Management Workflow (PDF)

    5. Event Management Roadmap – Implement and continually improve upon your event management practice.

    Use this tool to implement and continually improve upon your event management process. Record, prioritize, and assign your action items from the event management blueprint.

    • Event Management Roadmap
    [infographic]

    Workshop: Engineer Your Event Management Process

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Situate Event Management in Your Service Management Environment

    The Purpose

    Determine goals and challenges for event management and set the scope to business-critical systems.

    Key Benefits Achieved

    Defined system scope of Event Management

    Roles and responsibilities defined

    Activities

    1.1 List your goals and challenges

    1.2 Monitoring and event management RACI

    1.3 Abbreviated business impact analysis

    Outputs

    Event Management RACI (as part of the Event Management Cookbook)

    Abbreviated BIA (as part of the Event Management Cookbook)

    2 Define Your Event Management Scope

    The Purpose

    Define your in-scope configuration items and their operational conditions

    Key Benefits Achieved

    Operational conditions, related CIs and dependencies, and CI thresholds defined

    Activities

    2.1 Define operational conditions for systems

    2.2 Define related CIs and dependencies

    2.3 Define conditions for CIs

    2.4 Perform root-cause analysis for complex condition relationships

    2.5 Set thresholds for CIs

    Outputs

    Event Management Catalog

    3 Define Thresholds and Actions

    The Purpose

    Pre-define actions for every monitored event

    Key Benefits Achieved

    Thresholds and actions tied to each monitored event

    Activities

    3.1 Set thresholds to monitor

    3.2 Add actions and handoffs to event management

    Outputs

    Event Catalog

    Event Management Workflows

    4 Start Monitoring and Implement Event Management

    The Purpose

    Effectively implement event management

    Key Benefits Achieved

    Establish an event management roadmap for implementation and continual improvement

    Activities

    4.1 Define your data policy for event management

    4.2 Identify areas for improvement and establish an implementation plan

    Outputs

    Event Catalog

    Event Management Roadmap

    Further reading

    Engineer Your Event Management Process

    Track monitored events purposefully and respond effectively.

    EXECUTIVE BRIEF

    Analyst Perspective

    Event management is useless in isolation.

    Event management creates no value when implemented in isolation. However, that does not mean event management is not valuable overall. It must simply be integrated properly in the service management environment to inform and drive the appropriate actions.

    Every step of engineering event management, from choosing which events to monitor to actioning the events when they are detected, is a purposeful and explicit activity. Ensuring that event management has open lines of communication and actions tied to related practices (e.g. problem, incident, and change) allows efficient action when needed.

    Catalog your monitored events using a standardized framework to allow you to know:

    1. The value of tracking the event.
    2. The impact when the event is detected.
    3. The appropriate, right-sized reaction when the event is detected.
    4. The tool(s) involved in tracking the event.

    Properly engineering event management allows you to effectively monitor and understand your IT environment and bolster the proactivity of the related service management practices.

    Benedict Chang

    Benedict Chang
    Research Analyst, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Strive for proactivity. Implement event management to reduce response times of technical teams to solve (potential) incidents when system performance degrades.

    Build an integrated event management practice where developers, service desk, and operations can all rely on event logs and metrics.

    Define the scope of event management including the systems to track, their operational conditions, related configuration items (CIs), and associated actions of the tracked events.

    Common Obstacles

    Managed services, subscription services, and cloud services have reduced the traditional visibility of on- premises tools.

    System(s) complexity and integration with the above services has increased, making true cause and effect difficult to ascertain.

    Info-Tech’s Approach

    Clearly define a limited number of operational objectives that may benefit from event management.

    Focus only on the key systems whose value is worth the effort and expense of implementing event management.

    Understand what event information is available from the CIs of those systems and map those against your operational objectives.

    Write a data retention policy that balances operational, audit, and debugging needs against cost and data security needs.

    Info-Tech Insight

    More is NOT better. Even in an AI-enabled world, every event must be collected with a specific objective in mind. Defining the purpose of each tracked event will cut down on data clutter and response time when events are detected.

    Your challenge

    This research is designed to help organizations who are facing these challenges or looking to:

    • Build an event management practice that is situated in the larger service management environment.
    • Purposefully choose events and to track as well as their related actions based on business-critical systems, their conditions, and their related CIs.
    • Cut down on the clutter of current events tracked.
    • Create a framework to add new events when new systems are onboarded.

    33%

    In 2020, 33% of organizations listed network monitoring as their number one priority for network spending. 27% of organizations listed network monitoring infrastructure as their number two priority.
    Source: EMA, 2020; n=350

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • Many organizations have multiple tools across multiple teams and departments that track the current state of infrastructure, making it difficult to consolidate event management into a single practice.
    • Managed services, subscription services, and cloud services have reduced the traditional visibility of on-premises tools
    • System(s) complexity and integration with the above services has increased, making true cause and effect difficult to ascertain.

    Build event management to bring value to the business

    33%

    33% of all IT organizations reported that end users detected and reported incidents before the network operations team was aware of them.
    Source: EMA, 2020; n=350

    64%

    64% of enterprises use 4-10 monitoring tools to troubleshoot their network.
    Source: EMA, 2020; n=350

    Info-Tech’s approach

    Choose your events purposefully to avoid drowning in data.

    A funnel is depicted. along the funnel are the following points: Event Candidates: 1. System Selection by Business Impact; 2. System Decomposition; 3. Event Selection and Thresholding; 4. Event Action; 5. Data Management; Valuable, Monitored, and Actioned Events

    The Info-Tech difference:

    1. Start with a list of your most business-critical systems instead of data points to measure.
    2. Decompose your business-critical systems into their configuration items. This gives you a starting point for choosing what to measure.
    3. Choose your events and label them as notifications, warnings, or exceptions. Choose the relevant thresholds for each CI.
    4. Have a pre-defined action tied to each event. That action could be to log the datapoint for a report or to open an incident or problem ticket.
    5. With your event catalog defined, choose how you will measure the events and where to store the data.

    Event management is useless in isolation

    Define how event management informs other management practices.

    Logging, Archiving, and Metrics

    Monitoring and event management can be used to establish and analyze your baseline. The more you know about your system baselines, the easier it will be to detect exceptions.

    Change Management

    Events can inform needed changes to stay compliant or to resolve incidents and problems. However, it doesn’t mean that changes can be implemented without the proper authorization.

    Automatic Resolution

    The best use case for event management is to detect and resolve incidents and problems before end users or IT are even aware.

    Incident Management

    Events sitting in isolation are useless if there isn’t an effective way to pass potential tickets off to incident management to mitigate and resolve.

    Problem Management

    Events can identify problems before they become incidents. However, you must establish proper data logging to inform problem prioritization and actioning.

    Info-Tech’s methodology for Engineering Your Event Management Process

    1. Situate Event Management in Your Service Management Environment 2. Define Your Monitoring Thresholds and Accompanying Actions 3. Start Monitoring and Implement Event Management

    Phase Steps

    1.1 Set Operational and Informational Goals

    1.2 Scope Monitoring and States of Interest

    2.1 Define Conditions and Related CIs

    2.2 Set Monitoring Thresholds and Alerts

    2.3 Action Your Events

    3.1 Define Your Data Policy

    3.2 Define Future State

    Event Cookbook

    Event Catalog

    Phase Outcomes

    Monitoring and Event Management RACI

    Abbreviated BIA

    Event Workflow

    Event Management Roadmap

    Insight summary

    Event management is useless in isolation.

    The goals come from the pain points of other ITSM practices. Build handoffs to other service management practices to drive the proper action when an event is detected.

    Start with business intent.

    Trying to organize a catalog of events is difficult when working from the bottom up. Start with the business drivers of event management to keep the scope manageable.

    Keep your signal-to-noise ratio as high as possible.

    Defining tracked events with their known conditions, root cause, and associated actions allows you to be proactive when events occur.

    Improve slowly over time.

    Start small if need be. It is better and easier to track a few items with proper actions than to try to analyze events as they occur.

    More is NOT better. Avoid drowning in data.

    Even in an AI-enabled world, every event must be collected with a specific objective in mind. Defining the purpose of each tracked event will cut down on data clutter and response time when events are detected.

    Add correlations in event management to avoid false positives.

    Supplement the predictive value of a single event by aggregating it with other events.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    This is a screenshot of the Event Management Cookbook

    Event Management Cookbook
    Use the framework in the Event Management Cookbook to populate your event catalog with properly tracked and actioned events.

    This is a screenshot of the Event Management RACI

    Event Management RACI
    Define the roles and responsibilities needed in event management.

    This is a screenshot of the event management workflow

    Event Management Workflow
    Define the lifecycle and handoffs for event management.

    This is a screenshot of the Event Catalog

    Event Catalog
    Consolidate and organize your tracked events.

    This is a screenshot of the Event Roadmap

    Event Roadmap
    Roadmap your initiatives for future improvement.

    Blueprint benefits

    IT Benefits

    • Provide a mechanism to compare operating performance against design standards and SLAs.
    • Allow for early detection of incidents and escalations.
    • Promote timely actions and ensure proper communications.
    • Provide an entry point for the execution of service management activities.
    • Enable automation activity to be monitored by exception
    • Provide a basis for service assurance, reporting and service improvements.

    Business Benefits

    • Less overall downtime via earlier detection and resolution of incidents.
    • Better visibility into SLA performance for supplied services.
    • Better visibility and reporting between IT and the business.
    • Better real-time and overall understanding of the IT environment.

    Case Study

    An event management script helped one company get in front of support calls.

    INDUSTRY - Research and Advisory

    SOURCE - Anonymous Interview

    Challenge

    One staff member’s workstation had been infected with a virus that was probing the network with a wide variety of usernames and passwords, trying to find an entry point. Along with the obvious security threat, there existed the more mundane concern that workers occasionally found themselves locked out of their machine and needed to contact the service desk to regain access.

    Solution

    The system administrator wrote a script that runs hourly to see if there is a problem with an individual’s workstation. The script records the computer's name, the user involved, the reason for the password lockout, and the number of bad login attempts. If the IT technician on duty notices a greater than normal volume of bad password attempts coming from a single account, they will reach out to the account holder and inquire about potential issues.

    Results

    The IT department has successfully proactively managed two distinct but related problems: first, they have prevented several instances of unplanned work by reaching out to potential lockouts before they receive an incident report. They have also successfully leveraged event management to probe for indicators of a security threat before there is a breach.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Introduce the Cookbook and explore the business impact analysis.

    Call #4: Define operational conditions.

    Call #6: Define actions and related practices.

    Call #8: Identify and prioritize improvements.

    Call #3: Define system scope and related CIs/ dependencies.

    Call #5: Define thresholds and alerts.

    Call #7: Define data policy.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Situate Event Management in Your Service Management Environment Define Your Event Management Scope Define Thresholds and Actions Start Monitoring and Implement Event Management Next Steps and Wrap-Up (offsite)

    Activities

    1.1 3.1 Set Thresholds to Monitor

    3.2 Add Actions and Handoffs to Event Management

    Introductions

    1.2 Operational and Informational Goals and Challenges

    1.3 Event Management Scope

    1.4 Roles and Responsibilities

    2.1 Define Operational Conditions for Systems

    2.2 Define Related CIs and Dependencies

    2.3 Define Conditions for CIs

    2.4 Perform Root-Cause Analysis for Complex Condition Relationships

    2.4 Set Thresholds for CIs

    3.1 Set Thresholds to Monitor

    3.2 Add Actions and Handoffs to Event Management

    4.1 Define Your Data Policy for Event Management

    4.2 Identify Areas for Improvement and Future Steps

    4.3 Summarize Workshop

    5.1 Complete In-Progress Deliverables From Previous Four Days

    5.2 Set Up Review Time for Workshop Deliverables and to Discuss Next Steps

    Deliverables
    1. Monitoring and Event Management RACI (as part of the Event Management Cookbook)
    2. Abbreviated BIA (as part of the Event Management Cookbook)
    3. Event Management Cookbook
    1. Event Management Catalog
    1. Event Management Catalog
    2. Event Management Workflows
    1. Event Management Catalog
    2. Event Management Roadmap
    1. Workshop Summary

    Phase 1

    Situate Event Management in Your Service Management Environment

    Phase 1 Phase 2 Phase 3

    1.1 Set Operational and Informational Goals
    1.2 Scope Monitoring and Event Management Using Business Impact

    2.1 Define Conditions and Related CIs
    2.2 Set Monitoring Thresholds and Alerts
    2.3 Action Your Events

    3.1 Define Your Data Policy
    3.2 Set Your Future of Event Monitoring

    Engineer Your Event Management Process

    This phase will walk you through the following activities:

    1.1.1 List your goals and challenges

    1.1.2 Build a RACI chart for event management

    1.2.1 Set your scope using business impact

    This phase involves the following participants:

    Infrastructure management team

    IT managers

    Step 1.1

    Set Operational and Informational Goals

    Activities

    1.1.1 List your goals and challenges

    1.1.2 Build a RACI chart for event management

    Situate Event Management in Your Service Management Environment

    This step will walk you through the following activities:

    Set the overall scope of event management by defining the governing goals. You will also define who is involved in event management as well as their responsibilities.

    This step involves the following participants:

    Infrastructure management team

    IT managers

    Outcomes of this step

    Define the goals and challenges of event management as well as their data proxies.

    Have a RACI matrix to define roles and responsibilities in event management.

    Situate event management among related service management practices

    This image depicts the relationship between Event Management and related service management practices.

    Event management needs to interact with the following service management practices:

    • Incident Management – Event management can provide early detection and/or prevention of incidents.
    • Availability and Capacity Management – Event management helps detect issues with availability and capacity before they become an incident.
    • Problem Management – The data captured in event management can aid in easier detection of root causes of problems.
    • Change Management – Event management can function as the rationale behind needed changes to fix problems and incidents.

    Consider both operational and informational goals for event management

    Event management may log real-time data for operational goals and non-real time data for informational goals

    Event Management

    Operational Goals (real-time)

    Informational Goals (non-real time)

    Incident Response & Prevention

    Availability Scaling

    Availability Scaling

    Modeling and Testing

    Investigation/ Compliance

    • Knowing what the outcomes are expected to achieve helps with the design of that process.
    • A process targeted to fewer outcomes will generally be less complex, easier to adhere to, and ultimately, more successful than one targeted to many goals.
    • Iterate for improvement.

    1.1.1 List your goals and challenges

    Gather a diverse group of IT staff in a room with a whiteboard.

    Have each participant write down their top five specific outcomes they want from improved event management.

    Consolidate similar ideas.

    Prioritize the goals.

    Record these goals in your Event Management Cookbook.

    Priority Example Goals
    1 Reduce response time for incidents
    2 Improve audit compliance
    3 Improve risk analysis
    4 Improve forecasting for resource acquisition
    5 More accurate RCAs

    Input

    • Pain points

    Output

    • Prioritized list of goals and outcomes

    Materials

    • Whiteboard/flip charts
    • Sticky notes

    Participants

    • Infrastructure management team
    • IT managers

    Download the Event Management Cookbook

    Event management is a group effort

    • Event management needs to involve multiple other service management practices and service management roles to be effective.
    • Consider the roles to the right to see how event management can fit into your environment.

    Infrastructure Team

    The infrastructure team is accountable for deciding which events to track, how to track, and how to action the events when detected.

    Service Desk

    The service desk may respond to events that are indicative of incidents. Setting a root cause for events allows for quicker troubleshooting, diagnosis, and resolution of the incident.

    Problem and Change Management

    Problem and change management may be involved with certain event alerts as the resultant action could be to investigate the root cause of the alert (problem management) or build and approve a change to resolve the problem (change management).

    1.1.2 Build a RACI chart for event management

    1. As a group, complete the RACI chart using the template to the right. RACI stands for the following:
      • Responsible. The person doing the work.
      • Accountable. The person who ensures the work is done.
      • Consulted. Two-way communication.
      • Informed. One-way communication
      • There must be one and only one accountable person for each task. There must also be at least one responsible person. Depending on the use case, RACI letters may be combined (e.g. AR means the person who ensures the work is complete but also the person doing the work).
    2. Start with defining the roles in the first row in your own environment.
    3. Look at the tasks on the first column and modify/add/subtract tasks as necessary.
    4. Populate the RACI chart as necessary.

    Download the Event Management Cookbook

    Event Management Task IT Manager SME IT Infrastructure Manager Service Desk Configuration Manager (Event Monitoring System) Change Manager Problem Manager
    Defining systems and configuration items to monitor R C AR R
    Defining states of operation R C AR C
    Defining event and event thresholds to monitor R C AR I I
    Actioning event thresholds: Log A R
    Actioning event thresholds: Monitor I R A R
    Actioning event thresholds: Submit incident/change/problem ticket R R A R R I I
    Close alert for resolved issues AR RC RC

    Step 1.2

    Scope Monitoring and Event Management Using Business Impact

    Activities

    1.2.1 Set your scope using business impact

    Situate Event Management in Your Service Management Environment

    This step will walk you through the following activities:

    • Set your scope of event management using an abbreviated business impact analysis.

    This step involves the following participants:

    • Infrastructure manager
    • IT managers

    Outcomes of this step

    • List of systems, services, and applications to monitor.

    Use the business impact of your systems to set the scope of monitoring

    Picking events to track and action is difficult. Start with your most important systems according to business impact.

    • Business impact can be determined by how costly system downtime is. This could be a financial impact ($/hour of downtime) or goodwill impact (internal/external stakeholders affected).
    • Use business impact to determine the rating of a system by Tier (Gold, Silver, or Bronze):
      • GOLD: Mission-critical services. An outage is catastrophic in terms of cost or public image/goodwill. Example: trading software at a financial institution.
      • SILVER: Important to daily operations but not mission critical. Example: email services at any large organization.
      • BRONZE: Loss of these services is an inconvenience more than anything, though they do serve a purpose and will be missed if they are never brought back online. Example: ancient fax machines.
    • Align a list of systems to track with your previously selected goals for event management to determine WHY you need to track that system. Tracking the system could inform critical SLAs (performance/uptime), vulnerability, compliance obligations, or simply system condition.

    More is not better

    Tracking too many events across too many tools could decrease your responsiveness to incidents. Start tracking only what is actionable to keep the signal-to-noise ratio of events as high as possible.

    % of Incidents Reported by End Users Before Being Recognized by IT Operations

    A bar graph is depicted. It displays the following Data: All Organizations: 40%; 1-3 Tools: 29; 4-10 Tools: 36%; data-verified=11 Tools: 52">

    Source: Riverbed, 2016

    1.2.1 Set your scope using business impact

    Collating an exhaustive list of applications and services is onerous. Start small, with a subset of systems.

    1. Gather a diverse group of IT staff and end users in a room with a whiteboard.
    2. List 10-15 systems and services. Solicit feedback from the group. Questions to ask:
      • What services do you regularly use? What do you see others using?
        (End users)
      • Which service comprises the greatest number of service calls? (IT)
      • What services are the most critical for business operations? (Everybody)
      • What is the cost of downtime (financial and goodwill) for these systems? (Business)
      • How does monitoring these systems align with your goals set in Step 1.1?
    3. Assign an importance to each of these systems from Gold (most important) to Bronze (least important).
    4. Record these systems in your Event Management Cookbook.
    Systems/Services/Applications Tier
    1 Core Infrastructure Gold
    2 Internet Access Gold
    3 Public-Facing Website Gold
    4 ERP Silver
    15 PaperSave Bronze

    Include a variety of services in your analysis

    It might be tempting to jump ahead and preselect important applications. However, even if an application is not on the top 10 list, it may have cross-dependencies that make it more valuable than originally thought.

    For a more comprehensive BIA, see Create a Right-Sized Disaster Recovery Plan
    Download the Event Management Cookbook

    Phase 2

    Define Your Monitoring Thresholds and Accompanying Actions

    Phase 1Phase 2Phase 3

    1.1 Set Operational and Informational Goals
    1.2 Scope Monitoring and Event Management Using Business Impact

    2.1 Define Conditions and Related CIs
    2.2 Set Monitoring Thresholds and Alerts
    2.3 Action Your Events

    3.1 Define Your Data Policy
    3.2 Set Your Future of Event Monitoring

    Engineer Your Event Management Process

    This phase will walk you through the following activities:

    • 2.1.1 Define performance conditions
    • 2.1.2 Decompose services into Related CIs
    • 2.2.1 Verify your CI conditions with a root-cause analysis
    • 2.2.2 Set thresholds for your events
    • 2.3.1 Set actions for your thresholds
    • 2.3.2 Build your event management workflow

    This phase involves the following participants:

    • Business system owners
    • Infrastructure manager
    • IT managers

    Step 2.1

    Define Conditions and Related CIs

    Activities

    2.1.1 Define performance conditions

    2.1.2 Decompose services into related CIs

    Define Your Monitoring Thresholds and Accompanying Actions

    This step will walk you through the following activities:

    For each monitored system, define the conditions of interest and related CIs.

    This step involves the following participants:

    Business system owners

    Infrastructure manager

    IT managers

    Outcomes of this step

    List of conditions of interest and related CIs for each monitored system.

    Consider the state of the system that is of concern to you

    Events present a snapshot of the state of a system. To determine which events you want to monitor, you need to consider what system state(s) of importance.

    • Systems can be in one of three states:
      • Up
      • Down
      • Degraded
    • What do these states mean for each of your systems chosen in your BIA?
    • Up and Down are self-explanatory and a good place to start.
    • However, degraded systems are indicative that one or more component systems of an overarching system has failed. You must uncover the nature of such a failure, which requires more sophisticated monitoring.

    2.1.1 Define system states of greatest importance for each of your systems

    1. With the system business owners and compliance officers in the room, list the performance states of your systems chosen in your BIA.
    2. If you have too many systems listed, start only with the Gold Systems.
    3. Use the following proof approaches if needed:
      • Positive Proof Approach – every system when it has certain technical and business performance expectations. You can use these as a baseline.
      • Negative Proof Approach – users know when systems are not performing. Leverage incident data and end-user feedback to determine failed or degraded system states and work backwards.
    4. Focus on the end-user facing states.
    5. Record your critical system states in the Event Management Cookbook.
    6. Use these states in the next several activities and translate them into measurable infrastructure metrics.

    Input

    • Results of business impact analysis

    Output

    • Critical system states

    Materials

    • Whiteboard/flip charts
    • Sticky notes
    • Markers

    Participants

    • Infrastructure manager
    • Business system owners

    Download the Event Management Cookbook

    2.1.2 Decompose services into relevant CIs

    Define your system dependencies to help find root causes of degraded systems.

    1. For each of your systems identified in your BIA, list the relevant CIs.
    2. Identify dependencies and relationship of those CIs with other CIs (linkages and dependencies).
    3. Starting with the Up/Down conditions for your Gold systems, list the conditions of the CIs that would lead to the condition of the system. This may be a 1:1 relationship (e.g. Core Switches down = Core Infrastructure down) or a many:1 relationship (some virtualization hosts + load balancers down = Core Infrastructure down). You do not need to define specific thresholds yet. Focus on conditions for the CIs.
    4. Repeat step 3 with Degraded conditions.
    5. Repeat step 3 and 4 with Silver and Bronze systems.
    6. Record the results in the Event Management Cookbook.

    Core Infrastructure Example

    An iceberg is depicted. below the surface, are the following terms in order from shallowest to deepest: MPLS Connection, Core Switches, DNS; DHCP, AD ADFS, SAN-01; Load Balancers, Virtualization Hosts (x 12); Power and Cooling

    Download the Event Management Cookbook

    Step 2.2

    Set Monitoring Thresholds and Alerts

    Activities

    2.2.1 Verify your CI conditions with a root-cause analysis

    2.2.2 Set thresholds for your events

    Define Your Monitoring Thresholds and Accompanying Actions

    This step will walk you through the following activities:

    Set monitoring thresholds for each CI related to each condition of interest.

    This step involves the following participants:

    Business system managers

    Infrastructure manager

    IT managers

    Service desk manager

    Outcomes of this step

    List of events to track along with their root cause.

    Event management will involve a significant number of alerts

    Separate the serious from trivial to keep the signal-to-noise ratio high.

    Event Categories: Exceptions: Alarms Indicate Failure; Alerts indicate exceeded thresholds; Normal Operation. Event Alerts: Informational; Exceptional; Warning

    Set your own thresholds

    You must set your own monitoring criteria based on operational needs. Events triggering an action should be reviewed via an assessment of the potential project and associated risks.

    Consider the four general signal types to help define your tracked events

    Latency – time to respond

    Examples:

    • Web server – time to complete request
    • Network – roundtrip ping time
    • Storage – read/write queue times

    Traffic – amount of activity per unit time

    Web sever – how many pages per minute

    Network – Mbps

    Storage – I/O read/writes per sec

    Errors – internally tracked erratic behaviors

    Web Server – page load failures

    Network – packets dropped

    Storage – disk errors

    Saturation – consumption compared to theoretical maximum

    Web Server – % load

    Network – % utilization

    Storage – % full

    2.2.1 Verify your CI conditions with a root-cause analysis

    RCAs postulate why systems go down; use the RCA to inform yourself of the events leading up to the system going down.

    1. Gather a diverse group of IT staff in a room with a whiteboard.
    2. Pick a complex example of a system condition (many:1 correlation) that has considerable data associated with it (e.g. recorded events, problem tickets).
    3. Speculate on the most likely precursor conditions. For example, if a related CI fails or is degraded, which metrics would you likely see before the failure?
    4. If something failed, imagine what you’d most likely see before the failure.
    5. Extend that timeline backward as far as you can be reasonably confident.
    6. Pick a value for that event.
    7. Write out your logic flow from event recognition to occurrence.
    8. Once satisfied, program the alert and ideally test in a non-prod environment.

    Public Website Example

    Dependency CIs Tool Metrics
    ISP WAN SNMP Traps Latency
    Telemetry Packet Loss
    SNMP Pooling Jitter
    Network Performance Web Server Response Time
    Connection Stage Errors
    Web Server Web Page DOM Load Time
    Performance
    Page Load Time

    Let your CIs help you

    At the end of the day, most of us can only monitor what our systems let us. Some (like Exchange Servers) offer a crippling number of parameters to choose from. Other (like MPLS) connections are opaque black boxes giving up only the barest of information. The metrics you choose are largely governed by the art of the possible.

    Case Study

    Exhaustive RCAs proved that 54% of issues were not caused by storage.

    This is the Nimble Storage Logo

    INDUSTRY - Enterprise IT
    SOURCE - ESG, 2017

    Challenge

    Despite a laser focus on building nothing but all-flash storage arrays, Nimble continued to field a dizzying number of support calls.

    Variability and complexity across infrastructure, applications, and configurations – each customer install being ever so slightly different – meant that the problem of customer downtime seemed inescapable.

    Solution

    Nimble embedded thousands of sensors into its arrays, both at a hardware level and in the code. Thousands of sensors per array multiplied by 7,500 customers meant millions of data points per second.

    This data was then analyzed against 12,000 anonymized app-data gap-related incidents.

    Patterns began to emerge, ones that persisted across complex customer/array/configuration combinations.

    These patterns were turned into signatures, then acted on.

    Results

    54% of app-data gap related incidents were in fact related to non-storage factors! Sub-optimal configuration, bad practices, poor integration with other systems, and even VM or hosts were at the root cause of over half of reported incidents.

    Establishing that your system is working fine is more than IT best practice – by quickly eliminating potential options the right team can get working on the right system faster thus restoring the service more quickly.

    Gain an even higher SNR with event correlation

    Filtering:

    Event data determined to be of minimal predictive value is shunted aside.

    Aggregation:

    De-duplication and combination of similar events to trigger a response based on the number or value of events, rather than for individual events.

    Masking:

    Ignoring events that occur downstream of a known failed system. Relies on accurate models of system relationships.

    Triggering:

    Initiating the appropriate response. This could be simple logging, any of the exception event responses, an alert requiring human intervention, or a pre-programmed script.

    2.2.2 Set thresholds for your events

    If the event management team toggles the threshold for an alert too low (e.g. one is generated every time a CPU load reaches 60% capacity), they will generate too many false positives and create far too much work for themselves, generating alert fatigue. If they go the other direction and set their thresholds too high, there will be too many false negatives – problems will slip through and cause future disruptions.

    1. Take your list of RCAs from the previous activity and conduct an activity with the group. The goal of the exercise is to produce the predictive event values that confidently predict an imminent event.
    2. Questions to ask:
      • What are some benign signs of this incident?
      • Is there something we could have monitored that would have alerted us to this issue before an incident occurred?
      • Should anyone have noticed this problem? Who? Why? How?
      • Go through this for each of the problems identified and discuss thresholds. When complete, include the information in the Event Management Catalog.

    Public Website Example

    Dependency Metrics Threshold
    Network Performance Latency 150ms
    Packet Loss 10%
    Jitter >1ms
    Web Server Response Time 750ms
    Performance
    Connection Stage Errors 2
    Web Page Performance DOM Load time 1100ms
    Page Load time 1200ms

    Download the Event Management Cookbook

    Step 2.3

    Action Your Events

    Activities

    2.3.1 Set actions for your thresholds

    2.3.2 Build your event management workflow

    Define Your Monitoring Thresholds and Associated Actions

    This step will walk you through the following activities:

    With your list of tracked events from the previous step, build associated actions and define the handoff from event management to related practices.

    This step involves the following participants:

    Event management team

    Infrastructure team

    Change manager

    Problem manager

    Incident manager

    Outcomes of this step

    Event management workflow

    Set actions for your thresholds

    For each of your thresholds, you will need an action tied to the event.

    • Review the event alert types:
      • Informational
      • Warning
      • Exception
    • Your detected events will require one of the following actions if detected.
    • Unactioned events will lead to a poor signal-to-noise ratio of data, which ultimately leads to confusion in the detection of the event and decreased response effectiveness.

    Event Logged

    For informational alerts, log the event for future analysis.

    Automated Resolution

    For a warning or exception event or a set of events with a well-known root cause, you may have an automated resolution tied to detection.

    Human Intervention

    For warnings and exceptions, human intervention may be needed. This could include manual monitoring or a handoff to incident, change, or problem management.

    2.3.1 Set actions for your thresholds

    Alerts generated by event management are useful for many different ITSM practitioners.

    1. With the chosen thresholds at hand, analyze the alerts and determine if they require immediate action or if they can be logged for later analysis.
    2. Questions to ask:
      1. What kind of response does this event warrant?
      2. How could we improve our event management process?
      3. What event alerts would have helped us with root-cause analysis in the past?
    3. Record the results in the Event Management Catalog.

    Public Website Example

    Outcome Metrics Threshold Response (s)
    Network Performance Latency 150ms Problem Management Tag to Problem Ticket 1701
    Web Page Performance DOM Load time 1100ms Change Management

    Download the Event Management Catalog

    Input

    • List of events generated by event management

    Output

    • Action plan for various events as they occur

    Materials

    • Whiteboard/flip charts
    • Pens
    • Paper

    Participants

    • Event Management Team
    • Infrastructure Team
    • Change Manager
    • Problem Manager
    • Incident Manager

    2.3.2 Build your event management workflow

    1. As a group, discuss your high-level monitoring, alerting, and actioning processes.
    2. Define handoff processes to incident, problem, and change management. If necessary, open your incident, problem, and change workflows and discuss how the event can further pass onto those practices. Discuss the examples below:
      • Incident Management: Who is responsible for opening the incident ticket? Can the incident ticket be automated and templated?
      • Change Management: Who is responsible for opening an RFC? Who will approve the RFC? Can it be a pre-approved change?
      • Problem Management : Who is responsible for opening the problem ticket? How can the event data be useful in the problem management process?
    3. Use and modify the example workflow as needed by downloading the Event Management Workflow.

    Example Workflow:

    This is an image of an example Event Management Workflow

    Download the Event Management Workflow

    Common datapoints to capture for each event

    Data captured will help related service management practices in different ways. Consider what you will need to record for each event.

    • Think of the practice you will be handing the event to. For example, if you’re handing the event off to incident or problem management, data captured will have to help in root-cause analysis to find and execute the right solution. If you’re passing the event off to change management, you may need information to capture the rationale of the change.
    • Knowing the driver for the data can help you define the right data captured for every event.
    • Consider the data points below for your events:

    Data Fields

    Device

    Date/time

    Component

    Parameters in exception

    Type of failure

    Value

    Download the Event Management Catalog

    Start Monitoring and Implement Event Management

    Phase 1Phase 2Phase 3

    1.1 Set Operational and Informational Goals
    1.2 Scope Monitoring and Event Management Using Business Impact

    2.1 Define Conditions and Related CIs
    2.2 Set Monitoring Thresholds and Alerts
    2.3 Action Your Events

    3.1 Define Your Data Policy
    3.2 Set Your Future of Event Monitoring

    Engineer Your Event Management Process

    This phase will walk you through the following activities:

    3.1.1 Define data policy needs

    3.2.1 Build your roadmap

    This phase involves the following participants:

    Business system owners

    Infrastructure manager

    IT managers

    Step 3.1

    Define Your Data Policy

    Activities

    3.1.1 Define data policy needs

    Start Monitoring and Implement Event Management

    This step will walk you through the following activities:

    Your overall goals from Phase 1 will help define your data retention needs. Document these policy statements in a data policy.

    This step involves the following participants:

    CIO

    Infrastructure manager

    IT managers

    Service desk manager

    Outcomes of this step

    Data retention policy statements for event management

    Know the difference between logs and metrics

    Logs

    Metrics

    A log is a complete record of events from a period:

    • Structured
    • Binary
    • Plaintext
    Missing entries in logs can be just as telling as the values existing in other entries. A metric is a numeric value that gives information about a system, generally over a time series. Adjusting the time series allows different views of the data.

    Logs are generally internal constructs to a system:

    • Applications
    • DB replications
    • Firewalls
    • SaaS services

    Completeness and context make logs excellent for:

    • Auditing
    • Analytics
    • Real-time and outlier analysis
    As a time series, metrics operate predictably and consistently regardless of system activity.

    This independence makes them ideal for:

    • Alerts
    • Dashboards
    • Profiling

    Large amounts of log data can make it difficult to:

    • Store
    • Transmit
    • Sift
    • Sort

    Context insensitivity means we can apply the same metric to dissimilar systems:

    • This is especially important for blackbox systems not fully under local control.

    Understand your data requirements

    Amount of event data logged by a 1000 user enterprise averages 113GB/day

    Source: SolarWinds

    Security Logs may contain sensitive information. Best practice is to ensure logs are secure at rest and in transit. Tailor your security protocol to your compliance regulations (PCI, etc.).
    Architecture and Availability When production infrastructure goes down, logging tends to go down as well. Holes in your data stream make it much more difficult to determine root causes of incidents. An independent secondary architecture helps solve problems when your primary is offline. At the very least, system agents should be able to buffer data until the pipeline is back online.
    Performance Log data grows: organically with the rest of the enterprise and geometrically in the event of a major incident. Your infrastructure design needs to support peak loads to prevent it from being overwhelmed when you need it the most.
    Access Control Events have value for multiple process owners in your enterprise. You need to enable access but also ensure data consistency as each group performs their own analysis on the data.
    Retention Near-real time data is valuable operationally; historic data is valuable strategically. Find a balance between the two, keeping in mind your obligations under compliance frameworks (GDPR, etc.).

    3.1.1 Set your data policy for every event

    1. Given your event list in the Event Management Catalog, include the following information for each event:
      • Retention Period
      • Data Sensitivity
      • Data Rate
    2. Record the results in the Event Management Catalog.

    Public Website Example

    Metrics/Log Retention Period Data Sensitivity Data Rate
    Latency 150ms No
    Packet Loss 10% No
    Jitter >1ms No
    Response Time 750ms No
    HAProxy Log 7 days Yes 3GB/day
    DOM Load time 1100ms
    Page Load time 1200ms
    User Access 3 years Yes

    Download the Event Management Catalog

    Input

    • List of events generated by event management
    • List of compliance standards your organization adheres to

    Output

    • Data policy for every event monitored and actioned

    Materials

    • Whiteboard/flip charts
    • Pens
    • Paper

    Participants

    • Event management team
    • Infrastructure team

    Step 3.2

    Set Your Future of Event Monitoring

    Activities

    3.2.1 Build your roadmap

    Start Monitoring and Implement Event Management

    This step will walk you through the following activities:

    Event management maturity is slowly built over time. Define your future actions in a roadmap to stay on track.

    This step involves the following participants:

    CIO

    Infrastructure manager

    IT managers

    Outcomes of this step

    Event management roadmap and action items

    Practice makes perfect

    For every event that generates an alert, you want to judge the predictive power of said event.

    Engineer your event management practice to be predictive. For example:

    • Up/Down Alert – Expected Consequence: Service desk will start working on the incident ticket before a user reports that said system has gone down.
    • SysVol Capacity Alert – Expected Consequence: Change will be made to free up space on the volume prior to the system crashing.

    If the expected consequence is not observed there are three places to look:

    1. Was the alert received by the right person?
    2. Was the alert received in enough time to do something?
    3. Did the event triggering the alert have a causative relationship with the consequence?

    While impractical to look at every action resulting from an alert, a regular review process will help improve your process. Effective alerts are crafted with specific and measurable outcomes.

    Info-Tech Insight

    False positives are worse than missed positives as they undermine confidence in the entire process from stakeholders and operators. If you need a starting point, action your false positives first.

    Mind Your Event Management Errors

    Two Donut charts are depicted. The first has a slice which is labeled 7% False Positive. The Second has a slice which is labeled 33% False Negative.

    Source: IEEE Communications Magazine March 2012

    Follow the Cookbook for every event you start tracking

    Consider building event management into new, onboarded systems as well.

    You now have several core systems, their CIs, conditions, and their related events listed in the Event Catalog. Keep the Catalog as your single reference point to help manage your tracked events across multiple tools.

    The Event Management Cookbook is designed to be used over and over. Keep your tracked events standard by running through the steps in the Cookbook.

    An additional step you could take is to pull the Cookbook out for event tracking for each new system added to your IT environment. Adding events in the Catalog during application onboarding is a good way to manage and measure configuration.

    Event Management Cookbook

    This is a screenshot of the Event Management Cookbook

    Use the framework in the Event Management Cookbook to populate your event catalog with properly tracked and actioned events.

    3.2.1 Build an event management roadmap

    Increase your event management maturity over time by documenting your goals.

    Add the following in-scope goals for future improvement. Include owner, timeline, progress, and priority.

    • Add additional systems/applications/services to event management
    • Expand condition lists for given systems
    • Consolidate tracking tools for easier data analysis and actioning
    • Integrate event management with additional service management practices

    This image contains a screenshot of a sample Event Management Roadmap

    Summary of Accomplishment

    Problem Solved

    You now have a structured event management process with a start on a properly tracked and actioned event catalog. This will help you detect incidents before they become incidents, changes needed to the IT environment, and problems before they spread.

    Continue to use the Event Management Cookbook to add new monitored events to your Event Catalog. This ensures future events will be held to the same or better standard, which allows you to avoid drowning in too much data.

    Lastly, stay on track and continually mature your event management practice using your Event Management Roadmap.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    This is an example of a RACI Chart for Event Management

    Build a RACI Chart for Event Management

    Define and document the roles and responsibilities in event management.

    This is an example of a business impact chart

    Set Your Scope Using Business Impact

    Define and prioritize in-scope systems and services for event management.

    Related Info-Tech Research

    Standardize the Service Desk

    Improve customer service by driving consistency in your support approach and meeting SLAs.

    Improve Incident and Problem Management

    Don’t let persistent problems govern your department

    Harness Configuration Management Superpowers

    Build a service configuration management practice around the IT services that are most important to the organization.

    Select Bibliography

    DeMattia, Adam. “Assessing the Financial Impact of HPE InfoSight Predictive Analytics.” ESG, Softchoice, Sept. 2017. Web.

    Hale, Brad. “Estimating Log Generation for Security Information Event and Log Management.” SolarWinds, n.d. Web.

    Ho, Cheng-Yuan, et al. “Statistical Analysis of False Positives and False Negatives from Real Traffic with Intrusion Detection/Prevention Systems.” IEEE Communications Magazine, vol. 50, no. 3, 2012, pp. 146-154.

    ITIL Foundation ITIL 4 Edition = ITIL 4. The Stationery Office, 2019.

    McGillicuddy, Shamus. “EMA: Network Management Megatrends 2016.” Riverbed, April 2016. Web.

    McGillicuddy, Shamus. “Network Management Megatrends 2020.” Enterprise Management Associates, APCON, 2020. Web.

    Rivas, Genesis. “Event Management: Everything You Need to Know about This ITIL Process.” GB Advisors, 22 Feb. 2021. Web.

    “Service Operations Processes.” ITIL Version 3 Chapters, 21 May 2010. Web.

    Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management

    • Buy Link or Shortcode: {j2store}209|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    • Moreso than at any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.
    • It is increasingly likely that one of an organization's vendors, or their n-party support vendors, will cause an incident. Organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential risk impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect your organization.
    • Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

    Impact and Result

    • Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks with our Comprehensive Risk Impact Tool to manage potential impacts.

    Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management – Use the research to better understand the negative impacts of vendor actions to your organization

    Use this research to identify and quantify the potential risk impacts caused by vendors. Utilize Info-Tech's approach to look at the impact from various perspectives to better prepare for issues that may arise.

    • Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management Storyboard

    2. Comprehensive Risk Impact Tool – Use this tool to help identify and quantify the impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Comprehensive Risk Impact Tool
    [infographic]

    Further reading

    Looking at Risk in a New Light: The Six Pillars of Vendor Risk Management

    Approach vendor risk impact assessments from all perspectives.

    Analyst Perspective

    Organizations must comprehensively understand the impacts vendors may cause through different potential actions.

    Frank Sewell

    The risks from the vendor market have become more prevalent as the technologies and organizational strategies shift to a global direction. With this shift in risk comes a necessary perspective change to align with the greater likelihood of an incident occurring from vendors' (or one of their downstream support vendor's) negative actions.

    Organizational leadership must become more aware of the increasing risks that engaging vendors impose. To do so, they need to make informed decisions, which can only be provided by engaging expert resources in their organizations to compile a comprehensive look at potential risk impacts.

    Frank Sewell

    Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    More so than at any other time, our world is changing. As a result organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    It is increasingly likely that one of your vendors, or their n-party support vendors, will cause an incident. Organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

    Common Obstacles

    Identifying and managing a vendor’s potential risk impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect your organization.

    Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

    Info-Tech's Approach

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks with our Comprehensive Risk Impact Tool to manage potential impacts.

    Info-Tech Insight

    Organizations must evolve their risk assessments to be more adaptive to respond to changes in the global market. Ongoing monitoring and continual assessment of vendors’ risks is crucial to avoiding negative impacts.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.`

    6 components of vendor risk beyond cybersecurity.  Financial, Reputational, Operational, Strategic, Security, Regulatory & Compliance.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:
    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them.

    When the unexpected happens, being able to adapt quickly to new priorities ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    62%

    of IT professionals are more concerned about being a victim of ransomware than they were a year ago.

    Info-Tech Tech Trends Survey 2022

    82%

    of Microsoft non-essential employees shifted to working from home in 2020, joining the 18% already remote.

    Info-Tech Tech Trends Survey 2022

    89%

    of organizations invested in web conferencing technology to facilitate collaboration.

    Info-Tech Tech Trends Survey 2022

    Looking at Risk in a New Light:

    the 6 Pillars of Vendor Risk Management

    Vendor Risk

    • Financial

    • Strategic

    • Operational

    • Security

    • Reputational

    • Regulatory

    • Organizations must review their risk appetite and tolerance levels, considering their complete landscape.
    • Changing regulations, acquisitions, and events that affect global supply chains are current realities, not unlikely scenarios.
    • Prepare your vendor risk management for success using due diligence and scenario- based “What If” discussions to bring all the relevant parties to the table and educate your whole organization on risk factors.
    Assessing Financial Risk Impacts

    Strategic risks on a global scale

    Odds are at least one of these is currently affecting your strategic plans

    • Vendor Acquisitions
    • Global Pandemic
    • Global Shortages
    • Gas Prices
    • Poor Vendor Performance
    • Travel Bans
    • War
    • Natural Disasters
    • Supply Chain Disruptions
    • Security Incidents

    Make sure you have the right people at the table to identify and plan to manage impacts.

    Assess internal and external operational risk impacts

    Two sides of the same coin

    Internal

    • Poorly vetted supplemental staff
    • Bad system configurations
    • Lack of relevant skills
    • Poor vendor performance
    • Failure to follow established processes
    • Weak contractual accountability
    • Unsupportable or end-of-life system components

    External

    • Cyberattacks
    • Supply Chain Issues
    • Geo-Political Disruptions
    • Vendor Acquisitions
    • N-Party Non-Compliance
    • Vendor Fraud

    Operational risk is the risk of losses caused by flawed or failed processes, policies, systems, or events that disrupt business operations.

    Identify and manage security risk impacts on your organization

    Due diligence will enable successful outcomes

    • Poor vendor performance
    • Vendor acquisition
    • Supply chain disruptions and shortages
    • N-party risk
    • Third-party risk

    What your vendor associations say about you

    Reputations that affect your brand: Bad customer reviews, breach of data, poor security posture, negative news articles, public lawsuits, poor performance.

    Regulatory compliance

    Consider implementing vendor management initiatives and practices in your organization to help gain compliance with your expanding vendor landscape.

    Your organizational risks may be monitored but are your n-party vendors?

    6 components of vendor risk beyond cybersecurity.  Financial, Reputational, Operational, Strategic, Security, Regulatory & Compliance.

    Review your expectations with your vendors and hold them accountable

    Regulatory entities are looking beyond your organization’s internal compliance these days. Instead, they are more and more diving into your third-party and downstream relationships, particularly as awareness of downstream breaches increases globally.

    • Are you assessing your vendors regularly?
    • Are you validating those assessments?
    • Do your vendors have a map of their downstream support vendors?
    • Do they have the mechanisms to hold those downstream vendors accountable to your standards?

    Identify and manage risks

    Regulatory

    Regulatory agencies are putting more enforcement around ESG practices across the globe. As a result, organizations will need to monitor the changing regulations and validate that their vendors and n-party support vendors are adhering to these regulations or face penalties for non-compliance.

    Security-Data protection

    Data protection remains an issue. Organizations should ensure that the data their vendors obtain remains protected throughout the vendor’s lifecycle, including post-termination. Otherwise, they could be monitoring for a data breach in perpetuity.

    Mergers and acquisitions

    More prominent vendors continuously buy smaller companies to control the market in the IT industry. Organizations should put protections in their contracts to ensure that an IT vendor’s acquisition does not put them in a relationship with someone that could cause them an issue.

    Identify and manage risks

    Poor vendor performance

    Consider the impact of a vendor that fails to perform midway through the implementation. Organizations need to be able to manage the impact of replacing that vendor and cutting their losses rather than continuing to throw good money away after bad performance.

    Supply chain disruptions and global shortages

    Geopolitical disruptions and natural disasters have caused unprecedented interruptions to business. Incorporate forecasting of product and ongoing business continuity planning into your strategic plans to adapt as events unfold.

    Poorly configured systems

    Failing to ensure that your vendor-supported systems are properly configured and that your vendors are meeting your IT change control and configuration standards is more commonplace than expected. Proper oversight and management of your support vendors is crucial to ensure they are meeting expectations in this regard.

    What to look for

    Identify potential risk impacts

    • Is there a record of complaints against the vendor from their employees or customers?
    • Is the vendor financially sound, with the resources to support your needs?
    • Has the vendor been cited for regulatory compliance issues in the past?
    • Does the vendor have a comprehensive list of their n-party vendor partners?
      • Are they willing to accept appropriate contractual protections regarding them?
    • Does the vendor self-audit, or do they use a vetted third-party audit firm to issue a SOC report annually?
    • Does the vendor operate in regions known for instability?
    • Is the vendor willing to make concessions on contractual protections, or are they only offering one-sided agreements with as-is warranties?

    Prepare your vendor risk management for success

    Due diligence will enable successful outcomes.

    1. Obtain top-level buy-in; it is critical to success.
    2. Build enterprise risk management (ERM) through incremental improvement.
    3. Focus initial efforts on the “big wins” to prove the process works.
    4. Use existing resources.
    5. Build on any risk management activities that already exist in the organization.
    6. Socialize ERM throughout the organization to gain additional buy-in.
    7. Normalize the process long term with ongoing updates and continuing education for the organization.
    8. (Adapted from COSO)

    How to assess third-party risk

    1. Review organizational risks

      Understand the organizations risks to prepare for the “What If” game exercise.
    2. Identify and understand potential risks

      Play the “What If” game with the right people at the table.
    3. Create a risk profile packet for leadership

      Pull all the information together in a presentation document.
    4. Validate the risks

      Work with leadership to ensure that the proposed risks are in line with their thoughts.
    5. Plan to manage the risks

      Lower the overall risk potential by putting mitigations in place.
    6. Communicate the plan

      It is important not only to have a plan but also to socialize it in the organization for awareness.
    7. Enact the plan

      Once the plan is finalized and socialized, put it in place with continued monitoring for success.

    Adapted from Harvard Law School Forum on Corporate Governance

    Insight summary

    Risk impacts often come from unexpected places and have significant consequences.

    Knowing who your vendors are using for their support and supply chain could be crucial in eliminating the risk of non-compliance for your organization.

    Having a plan to identify and validate the regulatory compliance of your vendors is a must for any organization to avoid penalties.

    Insight 1

    Organizations’ strategic plans need to be adaptable to avoid vendors’ negative actions causing an expedited shift in priorities.

    For example, Philips’ recall of ventilators impacted its products and the availability of its competitors’ products as demand overwhelmed the market.

    Insight 2

    Organizations often fail to understand how n-party vendors could place them in non-compliance.

    Even if you know your complete third-party vendor landscape, you may not be aware of the downstream vendors in play. Ensure that you get visibility into this space as well, and hold your direct vendors accountable for the actions of their vendors.

    Insight 3

    Organizations need to know where their data lives and ensure it is protected.

    Make sure you know which vendors are accessing/storing your data, where they are keeping it, and that you can get it back and have the vendors destroy it when the relationship is over. Without adequate protections throughout the lifecycle of the vendor, you could be monitoring for breaches in perpetuity.

    Insight summary

    Assessing financial impacts is an ongoing, educative, and collaborative multidisciplinary process that vendor management initiatives are uniquely designed to coordinate and manage for organizations.

    Operational risk impacts often come from unexpected places and have unforeseen impacts. Knowing where your vendors place in critical business processes and those vendors' business continuity plans concerning your organization should be a priority for those managing the vendors.

    Insight 4

    Organizations need to learn how to assess the likelihood of potential risks in the rapidly changing online environments and recognize how their partnerships and subcontractors’ actions can affect their brand.

    For example, do you understand how a simple news article raises your profile for short-term and long-term adverse events?

    Insight 5

    Organizations fail to plan for vendor acquisitions appropriately.

    Vendors routinely get acquired in the IT space. Does your organization have appropriate safeguards from inadvertently entering a negative relationship? Do you have plans for replacing critical vendors purchased in such a manner?

    Insight 6

    Vendors are becoming more and more crucial to organizations’ overall operations, and most organizations have a poor understanding of the potential impacts they represent.

    Is your vendor solvent? Do they have enough staff to accommodate your needs? Has their long-term planning been affected by changes in the market? Are they unique in their space?

    Identifying vendor risk

    Who should be included in the discussion?

    • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make informed decisions.
    • Getting input from operational experts at your organization will enhance your business's long-term potential for success.
    • Involving those who directly manage vendors and understand the market will aid operational experts in determining the forward path for relationships with your current vendors and identifying emerging potential strategic partners.
    • Make sure security, risk, and compliance are all at the table. These departments all look at risk from different angles for the business and give valuable insight collectively.
    • Organizations have a wealth of experience in their marketing departments that can help identify real-world scenarios of negative actions.

    See the blueprint Build an IT Risk Management Program

    Review your risk management plans for new risks on a regular basis.

    Keep in mind Risk =
    Likelihood x Impact

    (R=L*I).

    Impact (I) tends to remain the same, while Likelihood (L) is becoming closer to 100% as threat actors become more prevalent.

    Managing vendor risk impacts

    How could your vendors impact your organization?

    • Review vendors’ downstream connections to understand thoroughly who you are in business with
    • Institute continuous vendor lifecycle management
    • Develop IT risk governance and change control
    • Introduce continual risk assessment to monitor the relevant vendor markets
    • Monitor and schedule contract renewals and new service/module negotiations
    • Perform business alignment meetings to reassess relationships
    • Ensure strategic alignment in contracts
    • Review vendors’ business continuity plans and disaster recovery testing
    • Re-evaluate corporate policies frequently
    • Monitor your company’s and associated vendors’ online presence
    • Be adaptable and allow for innovations that arise from the current needs
      • Capture lessons learned from prior incidents to improve over time, and adjust your plans accordingly

    Organizations must review their risk appetite and tolerance levels, considering their complete landscape.

    Changing regulations, acquisitions, new security issues, and events that affect global supply chains are current realities, not unlikely scenarios.

    Ongoing Improvement

    Incorporating lessons learned.

    • Over time, despite everyone’s best observations and plans, incidents will catch us off guard.
    • When that happens, follow your incident response plans and act accordingly.
    • An essential step is to document what worked and what did not – collectively known as the “lessons learned.”
    • Use the lessons learned document to devise, incorporate, and enact a better risk management process.

    Sometimes disasters occur despite our best plans to manage them.

    When this happens, it is important to document the lessons learned and improve our plans going forward.

    The "what if" game

    1-3 hours

    Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (if too small, continue as a single group).
    2. Use the Comprehensive Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potentials but manage the overall process to keep the discussion pertinent and on track.
    3. Collect the outputs and ask the subject matter experts (SMEs) for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.

    Download the Comprehensive Risk Impact Tool

    Input

    • List of identified potential risk scenarios scored by impact
    • List of potential mitigations of the scenarios to reduce the risk

    Output

    • Comprehensive risk profile on the specific vendor solution

    Materials

    • Whiteboard/flip charts
    • Comprehensive Risk Impact Tool to help drive discussion

    Participants

    • Vendor Management – Coordinator
    • Organizational Leadership
    • Operations Experts (SMEs)
    • Business Process Experts
    • Legal/Compliance/Risk Manager

    High risk example from tool

    High risk example from Tool.  Shows sample questions to ask to identify impacts, their associated score, weight, and comments or notes.

    Note: Even though a few items are “scored” they have not been added to the overall weight, signaling that the company has noted but does not necessarily hold them against the vendor.

    How to mitigate:

    • Contractually insist that the vendor have a third-party security audit performed annually with the stipulation that they will not denigrate below your acceptable standards.
    • At renewal negotiate better contractual terms and protections for your organization.

    Low risk example from tool

    Low risk example from Tool.  Shows sample questions to ask to identify impacts, their associated score, weight, and comments or notes.

    Summary

    Seek to understand all potential risk impacts to better prepare your organization for success.

    • Organizations need to understand and map out their entire vendor landscape.
    • Understand where all your data lives and how you can control it throughout the vendor lifecycle.
    • Organizations need to be realistic about the likelihood of potential risks in the changing global world.
    • Those organizations that consistently follow their established risk-assessment and due-diligence processes are better positioned to avoid penalties.
    • Understand how your vendors prioritize your organization in their business continuity processes.
    • Bring the right people to the table to outline potential risks in the market and your organization.
    • Socialize the third-party vendor risk management process throughout the organization to heighten awareness and enable employees to help protect the organization.
    • Organizations need to learn how to assess the likelihood of potential risks in the changing global markets and recognize how their partnerships and subcontracts affect their brand.
    • Incorporate lessons learned from prior incidents into your risk management process to build better plans for future issues.

    Organizations must evolve their risk assessments to be more meaningful to respond to global changes in the market.

    Organizations should increase the resources dedicated to monitoring the market as regulatory agencies continue to hold them more and more accountable.

    Bibliography

    Olaganathan, Rajee. “Impact of COVID-19 on airline industry and strategic plan for its recovery with special reference to data analytics technology.” Global Journal of Engineering and Technology Advances, vol 7, no 1, 2021, pp. 033-046.

    Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012.

    Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.

    Weak Cybersecurity is taking a toll on Small Businesses (tripwire.com)

    SecureLink 2022 White Paper SL_Page_EA+PAM (rocketcdn.me)

    Shared Assessments Member Poll March 2021 "Guide: Evolving Work Environments Impact of Covid-19 on Profile and Management of Third Parties“

    “Cybersecurity only the tip of the iceberg for third-party risk management”. Help Net Security, April 21, 2021. Accessed: 2022-07-29.

    “Third-Party Risk Management (TPRM) Managed Services”. Deloitte, 2022. Accessed: 2022-07-29.

    “The Future of TPRM: Third Party Risk Management Predictions for 2022”. OneTrust, December 20th2021. Accessed 2022-07-29.

    “Third Party Vendor definition”. Law Insider, Accessed 2022-07-29.

    “Third Party Risk”. AWAKE Security, Accessed 2022-07-29.

    Glidden, Donna. "Don't Underestimate the Need to Protect Your Brand in Publicity Clauses", Info-Tech Research Group, June 2022.

    Greenaway, Jordan. "Managing Reputation Risk: A start-to-finish guide", Transmission Private, July 2022. Accessed June 2022.

    Jagiello, Robert D, and Thomas T Hills. “Bad News Has Wings: Dread Risk Mediates Social Amplification in Risk Communication. ”Risk analysis : an official publication of the Society for Risk Analysis vol. 38,10 (2018): 2193-2207.doi:10.1111/risa.13117

    Kenton, Will. "Brand Recognition", Investopedia, August 2021. Accessed June 2022. Lischer, Brian. "How Much Does it Cost to Rebrand Your Company?", Ignyte, October 2017. Accessed June 2022.

    "Powerful Examples of How to Respond to Negative Reviews", Review Trackers, February 2022. Accessed June 2022.

    "The CEO Reputation Premium: Gaining Advantage in the Engagement Era", Weber Shadwick, March 2015. Accessed on June 2022.

    "Valuation of Trademarks: Everything You Need to Know",UpCounsel, 2022. Accessed June 2022.

    Related Info-Tech Research

    Identify and Manage Financial Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Manage Reputational Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

    Identify and Manage Strategic Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Risk Impact Tool.

    Regulatory guidance and industry standards

    Build an Application Department Strategy

    • Buy Link or Shortcode: {j2store}278|cart{/j2store}
    • member rating overall impact (scale of 10): 9.2/10 Overall Impact
    • member rating average dollars saved: $220,866 Average $ Saved
    • member rating average days saved: 34 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Application delivery has modernized. There are increasing expectations on departments to deliver on organizational and product objectives with increasing velocity.
    • Application departments produce many diverse, divergent products, applications, and services with expectations of frequent updates and changes based on rapidly changing landscapes

    Our Advice

    Critical Insight

    • There is no such thing as a universal “applications department.” Unlike other domains of IT, there are no widely accepted frameworks that clearly outline universal best practices of application delivery and management.
    • Different software needs and delivery orientations demand a tailored structure and set of processes, especially when managing a mixed portfolio or multiple delivery methods.

    Impact and Result

    Understand what your department’s purpose is through articulating its strategy in three steps:

    • Determining your application department’s values, principles, and orientation.
    • Laying out the goals, objectives, metrics, and priorities of the department.
    • Building a communication plan to communicate your overall department strategy.

    Build an Application Department Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build an application department strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take stock of who you are

    Consider and record your department’s values, principles, orientation, and capabilities.

    • Build an Application Department Strategy – Phase 1: Take Stock of Who You Are
    • Application Department Strategy Supporting Workbook

    2. Articulate your strategy

    Define your department’s strategy through your understanding of your department combined with everything that you do and are working to do.

    • Build an Application Department Strategy – Phase 2: Articulate Your Strategy
    • Application Department Strategy Template

    3. Communicate your strategy

    Communicate your department’s strategy to your key stakeholders.

    • Build an Application Department Strategy – Phase 3: Communicate Your Strategy

    Infographic

    Workshop: Build an Application Department Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Take Stock of Who You Are

    The Purpose

    Understand what makes up your application department beyond the applications and services provided.

    Key Benefits Achieved

    Articulating your guiding principles, values, capabilities, and orientation provides a foundation for expressing your department strategy.

    Activities

    1.1 Identify your team’s values and guiding principles.

    1.2 Define your department’s orientation.

    Outputs

    A summary of your department’s values and guiding principles

    A clear view of your department’s orientation and supporting capabilities

    2 Articulate Your Strategy

    The Purpose

    Lay out all the details that make up your application department strategy.

    Key Benefits Achieved

    A completed application department strategy canvas containing everything you need to communicate your strategy.

    Activities

    2.1 Write your application department vision statement.

    2.2 Define your application department goals and metrics.

    2.3 Specify your department capabilities and orientation.

    2.4 Prioritize what is most important to your department.

    Outputs

    Your department vision

    Your department’s goals and metrics that contribute to achieving your department’s vision

    Your department’s capabilities and orientation

    A prioritized roadmap for your department

    3 Communicate Your Strategy

    The Purpose

    Lay out your strategy’s communication plan.

    Key Benefits Achieved

    Your application department strategy presentation ready to be presented to your stakeholders.

    Activities

    3.1 Identify your stakeholders.

    3.2 Develop a communication plan.

    3.3 Wrap-up and next steps

    Outputs

    List of prioritized stakeholders you want to communicate with

    A plan for what to communicate to each stakeholder

    Communication is only the first step – what comes next?

    Monitor IT Employee Experience

    • Buy Link or Shortcode: {j2store}543|cart{/j2store}
    • member rating overall impact (scale of 10): 10.0/10 Overall Impact
    • member rating average dollars saved: $29,096 Average $ Saved
    • member rating average days saved: 19 Average Days Saved
    • Parent Category Name: Engage
    • Parent Category Link: /engage
    • In IT, high turnover and sub-optimized productivity can have huge impacts on IT’s ability to execute SLAs, complete projects on time, and maintain operations effectively.
    • With record low unemployment rates in IT, retaining top employees and keeping them motivated in their jobs has never been more critical.

    Our Advice

    Critical Insight

    • One bad experience can cost you your top employee. Engagement is the sum total of the day-to-day experiences your employees have with your company.
    • Engagement, not pay, drives results. Engagement is key to your team's productivity and ability to retain top talent. Approach it systematically to learn what really drives your team.
    • It’s time for leadership to step up. As the CIO, it’s up to you to take ownership of your team’s engagement.

    Impact and Result

    • Info-Tech tools and guidance will help you initiate an effective conversation with your team around engagement, and avoid common pitfalls in implementing engagement initiatives.
    • Monitoring employee experience continuously using the Employee Experience Monitor enables you to take a data-driven approach to evaluating the success of your engagement initiatives.

    Monitor IT Employee Experience Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should focus on employee experience to improve engagement in IT, review Info-Tech’s methodology, and understand how our tools will help you construct an effective employee engagement program.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Start monitoring employee experience

    Plan out your employee engagement program and launch the Employee Experience Monitor survey for your team.

    • Drive IT Performance by Monitoring Employee Experience – Phase 1: Start Monitoring Employee Experience
    • None
    • None
    • EXM Setup Guide
    • EXM Training Guide for Managers
    • None
    • EXM Communication Template

    2. Analyze results and ideate solutions

    Interpret your Employee Experience Monitor results, understand what they mean in the context of your team, and involve your staff in brainstorming engagement initiatives.

    • Drive IT Performance by Monitoring Employee Experience – Phase 2: Analyze Results and Ideate Solutions
    • EXM Focus Group Facilitation Guide
    • Focus Group Facilitation Guide Driver Definitions

    3. Select and implement engagement initiatives

    Select engagement initiatives for maximal impact, create an action plan, and establish open and ongoing communication about engagement with your team.

    • Drive IT Performance by Monitoring Employee Experience – Phase 3: Measure and Communicate Results
    • Engagement Progress One-Pager
    [infographic]

    Workshop: Monitor IT Employee Experience

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch the EXM

    The Purpose

    Set up the EXM and collect a few months of data to build on during the workshop.

    Key Benefits Achieved

    Arm yourself with an index of employee experience and candid feedback from your team to use as a starting point for your engagement program.

    Activities

    1.1 Identify EXM use case.

    1.2 Identify engagement program goals and obstacles.

    1.3 Launch EXM.

    Outputs

    Defined engagement goals.

    EXM online dashboard with three months of results.

    2 Explore Engagement

    The Purpose

    To understand the current state of engagement and prepare to discuss the drivers behind it with your staff.

    Key Benefits Achieved

    Empower your leadership team to take charge of their own team's engagement.

    Activities

    2.1 Review EXM results to understand employee experience.

    2.2 Finalize focus group agendas.

    2.3 Train managers.

    Outputs

    Customized focus group agendas.

    3 Hold Employee Focus Groups

    The Purpose

    Establish an open dialogue with your staff to understand what drives their engagement.

    Key Benefits Achieved

    Understand where in your team’s experience you can make the most impact as an IT leader.

    Activities

    3.1 Identify priority drivers.

    3.2 Identify engagement KPIs.

    3.3 Brainstorm engagement initiatives.

    3.4 Vote on initiatives within teams.

    Outputs

    Summary of focus groups results

    Identified engagement initiatives.

    4 Select and Plan Initiatives

    The Purpose

    Learn the characteristics of successful engagement initiatives and build execution plans for each.

    Key Benefits Achieved

    Choose initiatives with the greatest impact on your team’s engagement, and ensure you have the necessary resources for success.

    Activities

    4.1 Select engagement initiatives with IT leadership.

    4.2 Discuss and decide on the top five engagement initiatives.

    4.3 Create initiative project plans.

    4.4 Build detailed project plans.

    4.5 Present project plans.

    Outputs

    Engagement project plans.

    Build an Application Integration Strategy

    • Buy Link or Shortcode: {j2store}198|cart{/j2store}
    • member rating overall impact (scale of 10): 8.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Enterprise Integration
    • Parent Category Link: /enterprise-integration
    • Even though organizations are now planning for Application Integration (AI) in their projects, very few have developed a holistic approach to their integration problems resulting in each project deploying different tactical solutions.
    • Point-to-point and ad hoc integration solutions won’t cut it anymore: the cloud, big data, mobile, social, and new regulations require more sophisticated integration tooling.
    • Loosely defined AI strategies result in point solutions, overlaps in technology capabilities, and increased maintenance costs; the correlation between business drivers and technical solutions is lost.

    Our Advice

    Critical Insight

    • Involving the business in strategy development will keep them engaged and align business drivers with technical initiatives.
    • An architectural approach to AI strategy is critical to making appropriate technology decisions and promoting consistency across AI solutions through the use of common patterns.
    • Get control of your AI environment with an appropriate architecture, including policies and procedures, before end users start adding bring-your-own-integration (BYOI) capabilities to the office.

    Impact and Result

    • Engage in a formal AI strategy and involve the business when aligning business goals with AI value; each double the AI success rate.
    • Benefits from a formal AI strategy largely depend on how gaps will be filled.
    • Create an Integration Center of Competency for maintaining architectural standards and guidelines.
    • AI strategies are continuously updated as new business drivers emerge from changing business environments and/or essential technologies.

    Build an Application Integration Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the Case for AI Strategy

    Obtain organizational buy-in and build a standardized and formal AI blueprint.

    • Storyboard: Build an Application Integration Strategy

    2. Assess the organization's readiness for AI

    Assess your people, process, and technology for AI readiness and realize areas for improvement.

    • Application Integration Readiness Assessment Tool

    3. Develop a Vision

    Fill the required AI-related roles to meet business requirements

    • Application Integration Architect
    • Application Integration Specialist

    4. Perform a Gap Analysis

    Assess the appropriateness of AI in your organization and identify gaps in people, processes, and technology as it relates to AI.

    • Application Integration Appropriateness Assessment Tool

    5. Build an AI Roadmap

    Compile the important information and artifacts to include in the AI blueprint.

    • Application Integration Strategy Template

    6. Build the Integration Blueprint

    Keep a record of services and interfaces to reduce waste.

    • Integration Service Catalog Template

    Infographic

    Workshop: Build an Application Integration Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Make the Case for AI Strategy

    The Purpose

    Uncover current and future AI business drivers, and assess current capabilities.

    Key Benefits Achieved

    Perform a current state assessment and create a future vision.

    Activities

    1.1 Identify Current and Future Business Drivers

    1.2 AI Readiness Assessment

    1.3 Integration Service Catalog Template

    Outputs

    High-level groupings of AI strategy business drivers.

    Determine the organization’s readiness for AI, and identify areas for improvement.

    Create a record of services and interfaces to reduce waste.

    2 Know Current Environment

    The Purpose

    Identify building blocks, common patterns, and decompose them.

    Key Benefits Achieved

    Develop an AI Architecture.

    Activities

    2.1 Integration Principles

    2.2 High-level Patterns

    2.3 Pattern decomposition and recomposition

    Outputs

    Set general AI architecture principles.

    Categorize future and existing interactions by pattern to establish your integration framework.

    Identification of common functional components across patterns.

    3 Perform a Gap Analysis

    The Purpose

    Analyze the gaps between the current and future environment in people, process, and technology.

    Key Benefits Achieved

    Uncover gaps between current and future capabilities and determine if your ideal environment is feasible.

    Activities

    3.1 Gap Analysis

    Outputs

    Identify gaps between the current environment and future AI vision.

    4 Build a Roadmap for Application Integration

    The Purpose

    Define strategic initiatives, know your resource constraints, and use a timeline for planning AI.

    Key Benefits Achieved

    Create a plan of strategic initiatives required to close gaps.

    Activities

    4.1 Identify and prioritize strategic initiatives

    4.2 Distribute initiatives on a timeline

    Outputs

    Use strategic initiatives to build the AI strategy roadmap.

    Establish when initiatives are going to take place.

    Create an Architecture for AI

    • Buy Link or Shortcode: {j2store}344|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: $604,999 Average $ Saved
    • member rating average days saved: 49 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    This research is designed to help organizations who are facing these challenges:

    • Deliver on the AI promise within the organization.
    • Prioritize the demand for AI projects and govern the projects to prevent overloading resources.
    • Have sufficient data management capability.
    • Have clear metrics in place to measure progress and for decision making.

    AI requires a high level of maturity in all data management capabilities, and the greatest challenge the CIO or CDO faces is to mature these capabilities sufficiently to ensure AI success.

    Our Advice

    Critical Insight

    • Build your target state architecture from predefined best-practice building blocks.
    • Not all business use cases require AI to increase business capabilities.
    • Not all organizations are ready to embark on the AI journey.
    • Knowing the AI pattern that you will use will simplify architecture considerations.

    Impact and Result

    • This blueprint will assist organizations with the assessment, planning, building, and rollout of their AI initiatives.
      • Do not embark on an AI project with an immature data management practice. Embark on initiatives to fix problems before they cripple your AI projects.
      • Using architecture building blocks will speed up the architecture decision phase.
    • The success rate of AI initiatives is tightly coupled with data management capabilities and a sound architecture.

    Create an Architecture for AI Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand why you need an underlying architecture for AI, review Info-Tech's methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess business use cases for AI readiness

    Define business use cases where AI may bring value. Evaluate each use case to determine the company’s AI maturity in people, tools, and operations for delivering the correct data, model development, model deployment, and the management of models in the operational areas.

    • Create an Architecture for AI – Phase 1: Assess Business Use Cases for AI Readiness
    • AI Architecture Assessment and Project Planning Tool
    • AI Architecture Assessment and Project Planning Tool – Sample

    2. Design your target state

    Develop a target state architecture to allow the organization to effectively deliver in the promise of AI using architecture building blocks.

    • Create an Architecture for AI – Phase 2: Design Your Target State
    • AI Architecture Templates

    3. Define the AI architecture roadmap

    Compare current state with the target state to define architecture plateaus and build a delivery roadmap.

    • Create an Architecture for AI – Phase 3: Define the AI Architecture Roadmap
    [infographic]

    Workshop: Create an Architecture for AI

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Answer “Where To?”

    The Purpose

    Define business use cases where AI may add value and assess use case readiness.

    Key Benefits Achieved

    Know upfront if all required data resources are available in the required velocity, veracity, and variety to service the use case.

    Activities

    1.1 Review the business vision.

    1.2 Identify and classify business use cases.

    1.3 Assess company readiness for each use case.

    1.4 Review architectural principles and download and install Archi.

    Outputs

    List of identified AI use cases

    Assessment of each use case

    Data sources needed for each use case

    Archi installed

    2 Define the Required Architecture Building Blocks

    The Purpose

    Define architecture building blocks that can be used across use cases and data pipeline.

    Key Benefits Achieved

    The architectural building blocks ensure reuse of resources and form the foundation of a stepwise rollout.

    Activities

    2.1 ArchiMate modelling language overview.

    2.2 Architecture building block overview

    2.3 Identify architecture building blocks by use case.

    2.4 Define the target state architecture.

    Outputs

    A set of building blocks created in Archi

    Defined target state architecture using architecture building blocks

    3 Assess the Current State Architecture

    The Purpose

    Assess your current state architecture in the areas identified by the target state.

    Key Benefits Achieved

    Only evaluating the current state architecture that will influence your AI implementation.

    Activities

    3.1 Identify the current state capabilities as required by the target state.

    3.2 Assess your current state architecture.

    3.3 Define a roadmap and design implementation plateaus.

    Outputs

    Current state architecture documented in Archi

    Assessed current state using assessment tool

    A roadmap defined using plateaus as milestones

    4 Bridge the Gap and Create the Roadmap

    The Purpose

    Assess your current state against the target state and create a plan to bridge the gaps.

    Key Benefits Achieved

    Develop a roadmap that will deliver immediate results and ensure long-term durability.

    Activities

    4.1 Assess the gaps between current- and target-state capabilities.

    4.2 Brainstorm initiatives to address the gaps in capabilities

    4.3 Define architecture delivery plateaus.

    4.4 Define a roadmap with milestones.

    4.5 Sponsor check-in.

    Outputs

    Current to target state gap assessment

    Architecture roadmap divided into plateaus

    Create a Work-From-Anywhere Strategy

    • Buy Link or Shortcode: {j2store}323|cart{/j2store}
    • member rating overall impact (scale of 10): 9.0/10 Overall Impact
    • member rating average dollars saved: 33 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    Work-from-anywhere isn’t going anywhere. During the initial rush to remote work, tech debt was highlighted and the business lost faith in IT. IT now needs to:

    • Rebuild trust with the CXO.
    • Identify gaps created from the COVID-19 rush to remote work.
    • Identify how IT can better support remote workers.

    IT went through an initial crunch to enable remote work. It’s time to be proactive and learn from our mistakes.

    Our Advice

    Critical Insight

    • It’s not about embracing the new normal; it’s about resiliency and long-term success. Your strategy needs to not only provide short-term operational value but also make the organization more resilient for the unknown risks of tomorrow.
    • The nature of work has fundamentally changed. IT departments must ensure service continuity, not for how the company worked in 2019, but for how the company is working now and will be working tomorrow.
    • Ensure short-term survival. Don’t focus on becoming an innovator until you are no longer stuck in firefighting.
    • Aim for near-term innovation. Once you’re a trusted operator, become a business partner by helping the business better adapt business processes and operations to work-from-anywhere.

    Impact and Result

    Follow these steps to build a work-from-anywhere strategy that resonates with the business:

    • Identify a vision that aligns with business goals.
    • Design the work-from-anywhere value proposition for critical business roles.
    • Benchmark your current maturity.
    • Build a roadmap for bridging the gap.

    Benefit employees’ remote working experience while ensuring that IT heads in a strategic direction.

    Create a Work-From-Anywhere Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create a work-from-anywhere strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define a target state

    Identify a vision that aligns with business goals, not for how the company worked in 2019, but for how the company is working now and will be working tomorrow.

    • Work-From-Anywhere Strategy Template
    • Work-From-Anywhere Value Proposition Template

    2. Analyze current fitness

    Don’t focus on becoming an innovator until you are no longer stuck in firefighting mode.

    3. Build a roadmap for improving enterprise apps

    Use these blueprints to improve your enterprise app capabilities for work-from-anywhere.

    • Microsoft Teams Cookbook – Sections 1-2
    • Rationalize Your Collaboration Tools – Phases 1-3
    • Adapt Your Customer Experience Strategy to Successfully Weather COVID-19 Storyboard
    • The Rapid Application Selection Framework Deck

    4. Build a roadmap for improving strategy, people & leadership

    Use these blueprints to improve IT’s strategy, people & leadership capabilities for work-from-anywhere.

    • Define Your Digital Business Strategy – Phases 1-4
    • Training Deck: Equip Managers to Effectively Manage Virtual Teams
    • Sustain Work-From-Home in the New Normal Storyboard
    • Develop a Targeted Flexible Work Program for IT – Phases 1-3
    • Maintain Employee Engagement During the COVID-19 Pandemic Storyboard
    • Adapt Your Onboarding Process to a Virtual Environment Storyboard
    • Manage Poor Performance While Working From Home Storyboard
    • The Essential COVID-19 Childcare Policy for Every Organization, Yesterday Storyboard

    5. Build a roadmap for improving infrastructure & operations

    Use these blueprints to improve infrastructure & operations capabilities for work-from-anywhere.

    • Stabilize Infrastructure & Operations During Work-From-Anywhere – Phases 1-3
    • Responsibly Resume IT Operations in the Office – Phases 1-5
    • Execute an Emergency Remote Work Plan Storyboard
    • Build a Digital Workspace Strategy – Phases 1-3

    6. Build a roadmap for improving IT security & compliance capabilities

    Use these blueprints to improve IT security & compliance capabilities for work-from-anywhere.

    • Cybersecurity Priorities in Times of Pandemic Storyboard
    • Reinforce End-User Security Awareness During Your COVID-19 Response Storyboard

    Infographic

    Workshop: Create a Work-From-Anywhere Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define a Target State

    The Purpose

    Define the direction of your work-from-anywhere strategy and roadmap.

    Key Benefits Achieved

    Base your decisions on senior leadership and user needs.

    Activities

    1.1 Identify drivers, benefits, and challenges.

    1.2 Perform a goals cascade to align benefits to business needs.

    1.3 Define a vision and success metrics.

    1.4 Define the value IT brings to work-from-anywhere.

    Outputs

    Desired benefits for work-from-anywhere

    Vision statement

    Mission statement

    Success metrics

    Value propositions for in-scope user groups

    2 Review In-Scope Capabilities

    The Purpose

    Focus on value. Ensure that major applications and IT capabilities will relieve employees’ pains and provide them with gains.

    Key Benefits Achieved

    Learn from past mistakes and successes.

    Increase adoption of resulting initiatives.

    Activities

    2.1 Review work-from-anywhere framework and identify capability gaps.

    2.2 Review diagnostic results to identify satisfaction gaps.

    2.3 Record improvement opportunities for each capability.

    2.4 Identify deliverables and opportunities to provide value for each.

    2.5 Identify constraints faced by each capability.

    Outputs

    SWOT assessment of work-from-anywhere capabilities

    Projects and initiatives to improve capabilities

    Deliverables and opportunities to provide value for each capability

    Constraints with each capability

    3 Build the Roadmap

    The Purpose

    Build a short-term plan that allows you to iterate on your existing strengths and provide early value to your users.

    Key Benefits Achieved

    Provide early value to address operational pain points.

    Build a plan to provide near-term innovation and business value.

    Activities

    3.1 Organize initiatives into phases.

    3.2 Identify tasks for short-term initiatives.

    3.3 Estimate effort with Scrum Poker.

    3.4 Build a timeline and tie phases to desired business benefits.

    Outputs

    Prioritized list of initiatives and phases

    Profiles for short-term initiatives

    Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk

    • Buy Link or Shortcode: {j2store}140|cart{/j2store}
    • member rating overall impact (scale of 10): 9.8/10 Overall Impact
    • member rating average dollars saved: $73,994 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • SAP has strict audit practices, which, in combination with 50+ types of user classifications and manual accounting for some licenses, make maintaining compliance difficult.
    • Mapping and matching SAP products to the environment can be highly complex, leading to overspending and an inability to reduce spend later.
    • Beware of indirect access to SAP applications from third-party applications (e.g. Salesforce).
    • Products that have been acquired by SAP may have altered licensing terms that are innocuously referred to in support renewal documents.

    Our Advice

    Critical Insight

    • Focus on needs first. Conduct a thorough requirements assessment and document the results. Well-documented license needs will be your core asset in navigating SAP licensing and negotiating your agreement.
    • Examine indirect access possibilities. Understanding how in-house or third-party applications may be accessing the SAP software is critical.
    • Know whats in the contract. Each customer agreement is different and there may be terms that are beneficial. Older agreements may provide both benefits and challenges when evaluating your SAP license position.

    Impact and Result

    • Conduct an analysis to remove inactive and duplicate users as multiple logins may exist and could end up costing the organization license fees when audited.
    • Adopt a cyclical approach to reviewing your SAP licensing and create a reference document to track your software needs, planned licensing, and purchase negotiation points.
    • Learn the “SAP way” of conducting business, which includes a best-in-class sales structure, unique contracts and license use policies, and a hyper-aggressive compliance function. Conducting business with SAP is not typical compared to other vendors, and you will need different tools to emerge successfully from a commercial transaction.
    • Manage SAP support and maintenance spend and policies. Once an agreement has been signed, it can be very difficult to decrease spend, as SAP will reprice products if support is dropped.

    Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you need to understand and document your SAP licensing strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish licensing requirements

    Begin your proactive SAP licensing journey by understanding which information to gather and assessing the current state and gaps.

    • Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk – Phase 1: Establish Licensing Requirements
    • SAP License Summary and Analysis Tool

    2. Evaluate licensing options

    Review current licensing models and determine which licensing models will most appropriately fit your environment.

    • Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk – Phase 2: Evaluate Licensing Options

    3. Evaluate agreement options

    Review SAP’s contract types and assess which best fit the organization’s licensing needs.

    • Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk – Phase 3: Evaluate Agreement Options

    4. Purchase and manage licenses

    Conduct negotiations, purchase licensing, and finalize a licensing management strategy.

    • Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk – Phase 4: Purchase and Manage Licenses
    [infographic]

    Enterprise Network Design Considerations

    • Buy Link or Shortcode: {j2store}502|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Network Management
    • Parent Category Link: /network-management

    Security, risk, and trust models play into how networks are designed and deployed. If these models are not considered during network design, band-aids and workarounds will be deployed to achieve the needed goals, potentially bypassing network controls.

    Our Advice

    Critical Insight

    The cloud “gold rush” has made it attractive for many enterprises to migrate services off the traditional network and into the cloud. These services are now outside of the traditional network and associated controls. This shifts the split of east-west vs. north-south traffic patterns, as well as extending the network to encompass services outside of enterprise IT’s locus of control.

    Impact and Result

    Where users access enterprise data or services and from which devices dictate the connectivity needed. With the increasing shift of work that the business is completing remotely, not all devices and data paths will be under the control of IT. This shift does not allow IT to abdicate from the responsibility to provide a secure network.

    Enterprise Network Design Considerations Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Enterprise Network Design Considerations Deck – A brief deck that outlines key trusts and archetypes when considering enterprise network designs.

    This blueprint will help you:

    • Enterprise Network Design Considerations Storyboard

    2. Enterprise Network Roadmap Technology Assessment Tool – Build an infrastructure assessment in an hour.

    Dispense with detailed analysis and customizations to present a quick snapshot of the road ahead.

    • Enterprise Network Roadmap Technology Assessment Tool
    [infographic]

    Further reading

    Enterprise Network Design Considerations

    It is not just about connectivity.

    Executive Summary

    Info-Tech Insight

    Connectivity and security are tightly coupled

    Security, risk, and trust models play into how networks are designed and deployed. If these models are not considered during network design, band-aids and workarounds will be deployed to achieve the needed goals, potentially bypassing network controls.

    Many services are no longer within the network

    The cloud “gold rush” has made it attractive for many enterprises to migrate services off the traditional network and into the cloud. These services are now outside of the traditional network and associated controls. This shifts the split of east-west vs. north-south traffic patterns, as well as extending the network to encompass services outside of enterprise IT’s locus of control.

    Users are demanding an anywhere, any device access model

    Where users access enterprise data or services and from which devices dictate the connectivity needed. With the increasing shift of work that the business is completing remotely, not all devices and data paths will be under the control of IT. This shift does not allow IT to abdicate from the responsibility to provide a secure network.

    Enterprise networks are changing

    The new network reality

    The enterprise network of 2020 and beyond is changing:

    • Services are becoming more distributed.
    • The number of services provided “off network” is growing.
    • Users are more often remote.
    • Security threats are rapidly escalating.

    The above statements are all accurate for enterprise networks, though each potentially to differing levels depending on the business being supported by the network. Depending on how affected the network in question currently is and will be in the near future, there are different common network archetypes that are best able to address these concerns while delivering business value at an appropriate price point.

    High-Level Design Considerations

    1. Understand Business Needs
    2. Understand what the business needs are and where users and resources are located.

    3. Define Your Trust Model
    4. Trust is a spectrum and tied tightly to security.

    5. Align With an Archetype
    6. How will the network be deployed?

    7. Understand Available Tooling
    8. What tools are in the market to help achieve design principles?

    Understand business needs

    Mission

    Never ignore the basics. Start with revisiting the mission and vision of the business to address relevant needs.

    Users

    Identify where users will be accessing services from. Remote vs. “on net” is a design consideration now more than ever.

    Resources

    Identify required resources and their locations, on net vs. cloud.

    Controls

    Identify required controls in order to define control points and solutions.

    Define a trust model

    Trust is a spectrum

    • There is a spectrum of trust, from fully trusted to not trusted at all. Each organization must decide for their network (or each area thereof) the appropriate level of trust to assign.
    • The ease of network design and deployment is directly proportional to the trust spectrum.
    • When resources and users are outside of direct IT control, the level of appropriate trust should be examined closely.

    Implicit

    Trust everything within the network. Security is perimeter based and designed to stop external actors from entering the large trusted zone.

    Controlled

    Multiple zones of trust within the network. Segmentation is a standard practice to separate areas of higher and lower trust.

    Zero

    Verify trust. The network is set up to recognize and support the principle of least privilege where only required access is supported.

    Align with an archetype

    Archetypes are a good guide

    • Using a defined archetype as a guiding principle in network design can help clarify appropriate tools or network structures.
    • Different aspects of a network can have different archetypes where appropriate (e.g. IT vs. OT [operational technology] networks).

    Traditional

    Services are provided from within the traditional network boundaries and security is provided at the network edge.

    Hybrid

    Services are provided both externally and from within the traditional network boundaries, and security is primarily at the network edge.

    Inverted

    Services are provided primarily externally, and security is cloud centric.

    Traditional networks

    Resources within network boundaries

    Moat and castle security perimeter

    Abstract

    A traditional network is one in which there are clear boundaries defined by a security perimeter. Trust can be applied within the network boundaries as appropriate, and traffic is generally routed through internally deployed control points that may be centralized. Traditional networks commonly include large firewalls and other “big iron” security and control devices.

    Network Design Tenets

    • The full network path from resource to user is designed, deployed, and controlled by IT.
    • Users external to the network must first connect to the network to gain access to resources.
    • Security, risk, and trust controls will be implemented by internal enterprise hardware/software devices.

    Control

    In the traditional network, it is assumed that all required control points can be adequately deployed across hardware/software that is “on prem” and under the control of central IT.

    Info-Tech Insight

    With increased cloud services provided to end users, this network is now more commonly used in data centers or OT networks.

    Traditional networks

    The image contains an example of what traditional networks look like, as described in the text below.

    Defining Characteristics

    • Traffic flows in a defined path under the control of IT to and from central IT resources.
    • Due to visibility into, and the control of, the traffic between the end user and resources, IT can relatively simply implement the required security controls on owned hardware.

    Common Components

    • Traditional offices
    • Remote users/road warriors
    • Private data center/colocation space

    Hybrid networks

    Resources internal and external to network

    Network security perimeter combined with cloud protection

    Abstract

    A hybrid network is one that combines elements of a traditional network with cloud resources. As some of these resources are not fully under the control of IT and may be completely “offnet” or loosely coupled to the on-premises network, the security boundaries and control points are less likely to be centralized. Hybrid networks allow the flexibility and speed of cloud deployment without leaving behind traditional network constructs. This generally makes them expensive to secure and maintain.

    Network Design Tenets

    • The network path from resource to user may not be in IT’s locus of control.
    • Users external to the network must first connect to the network to gain access to internal resources but may directly access publicly hosted ones.
    • Security, risk, and trust controls may potentially be implemented by a mixture of internal enterprise hardware/software devices and external control points.

    Control

    The hallmark of a hybrid network is the blending of public and private resources. This blending tends to necessitate both public and private points of control that may not be homogenous.

    Info-Tech Insight

    With multiple control points to address, take care in simplifying designs while addressing all concerns to ease operational load.

    Hybrid networks

    The image contains an example of what hybrid networks look like, as described in the text below.

    Defining Characteristics

    • Traffic flows to central resources across a defined path under the control of IT.
    • Traffic to cloud assets may be partially under the control of IT.
    • For central resources, the traffic to and from the end user can have the required security controls relatively simply implemented on owned hardware.
    • For public cloud assets, IT may or may not have some control over part of the path.

    Common Components

    • Traditional offices
    • Remote users/road warriors
    • Private data center/colocation space
    • Public cloud assets (IaaS/PaaS/SaaS)

    Inverted perimeter

    Resources primarily external to the network

    Security control points are cloud centric

    Abstract

    An inverted perimeter network is one in which security and control points cover the entire workflow, on or off net, from the consumer of services through to the services themselves with zero trust. Since the control plane is designed to encompass the workflow in a secure manner, much of the underlying connectivity can be abstracted. In an extreme version of this deployment, IT would abstract end-user access, and any cloud-based or on-premises resources would be securely published through the control plane with context-aware precision access.

    Network Design Tenets

    • The network path from resource to user is abstracted and controlled by IT through services like secure access service edge (SASE).
    • Users only need internet access and appropriate credentials to gain access to resources.
    • Security, risk, and trust controls will be implemented through external cloud based services.

    Control

    An inverted network abstracts the lower-layer connectivity away and focuses on implementing a cloud-based zero trust control plane.

    Info-Tech Insight

    This model is extremely attractive for organizations that consume primarily cloud services and have a large remote work force.

    Inverted networks

    The image contains an example of what inverted networks look like, as described in the text below.

    Defining Characteristics

    • The end user does not have to be in a defined location.
    • All central resources that are to be accessed are hosted on cloud resources.
    • IT has little to no control of the path between the end user and central resources.

    Common Components

    • Traditional offices
    • Regent offices/shared workspaces
    • Remote users/road warriors
    • Public cloud assets (IaaS/PaaS/SaaS)

    Understand available tooling

    Don’t buy a hammer and go looking for nails

    • A network archetype must be defined in order to understand what tools (hardware or software) are appropriate for consideration in a network build or refresh.
    • Tools are purpose built and generally designed to solve specific problems if implemented and operated correctly. Choose the tools to align with the challenges that you are solving as opposed to choosing tools and then trying to use those purchases to overcome challenges.
    • The purchase of a tool does not allow for abdication of proper design. Tools must be chosen appropriately and integrated properly to orchestrate the best solutions. Purchasing a tool and expecting the tool to solve all your issues rarely succeeds.

    “It is essential to have good tools, but it is also essential that the tools should be used in the right way.” — Wallace D. Wattles

    Software-defined WAN (SD-WAN)

    Simplified branch office connectivity

    Archetype Value: Traditional Networks

    What It Is Not

    SD-WAN is generally not a way to slash spending by lowering WAN circuit costs. Though it is traditionally deployed across lower cost access, to minimize risk and realize the most benefits from the platform many organizations install multiple circuits with greater bandwidths at each endpoint when replacing the more costly traditional circuits. Though this maximizes the value of the technology investment, it will result in the end cost being similar to the traditional cost plus or minus a small percentage.

    What It Is

    SD-WAN is a subset of software-defined networking (SDN) designed specifically to deploy a secure, centrally managed, connectivity agnostic, overlay network connecting multiple office locations. This technology can be used to replace, work in concert with, or augment more traditional costly connectivity such as MPLS or private point to point (PtP) circuits. In addition to the secure overlay, SD-WAN usually also enables policy-based, intelligent controls, based on traffic and circuit intelligence.

    Why Use It

    You have multiple endpoint locations connected by expensive lower bandwidth traditional circuits. Your target is to increase visibility and control while controlling costs if and where possible. Ease of centralized management and the ability to more rapidly turn up new locations are attractive.

    Cloud access security broker (CASB)

    Inline policy enforcement placed between users and cloud services

    Archetype Value: Hybrid Networks

    What It Is Not

    CASBs do not provide network protection; they are designed to provide compliance and enforcement of rules. Though CASBs are designed to give visibility and control into cloud traffic, they have limits to the data that they generally ingest and utilize. A CASB does not gather or report on cloud usage details, licencing information, financial costing, or whether the cloud resource usage is aligned with the deployment purpose.

    What It Is

    A CASB is designed to establish security controls beyond a company’s environment. It is commonly deployed to augment traditional solutions to extend visibility and control into the cloud. To protect assets in the cloud, CASBs are designed to provide central policy control and apply services primarily in the areas of visibility, data security, threat protection, and compliance.

    Why Use It

    You a mixture of on-premises and cloud assets. In moving assets out to the cloud, you have lost the traditional controls that were implemented in the data center. You now need to have visibility and apply controls to the usage of these cloud assets.

    Secure access service edge (SASE)

    Convergence of security and service access in the cloud

    Archetype Value: Inverted Networks

    What It Is Not

    Though the service will consist of many service offerings, SASE is not multiple services strung together. To present the value proposed by this platform, all functionality proposed must be provided by a single platform under a “single pane of glass.” SASE is not a mature and well-established service. The market is still solidifying, and the full-service definition remains somewhat fluid.

    What It Is

    SASE exists at the intersection of network-as-a-service and network-security-as-a-service. It is a superset of many network and security cloud offerings such as CASB, secure web gateway, SD-WAN, and WAN optimization. Any services offered by a SASE provider will be cloud hosted, presented in a single stack, and controlled through a single pane of glass.

    Why Use It

    Your network is inverting, and services are provided primarily as cloud assets. In a full realization of this deployment’s value, you would abstract how and where users gain initial network access yet remain in control of the communications and data flow.

    Activity

    Understand your enterprise network options

    Activity: Network assessment in an hour

    • Learn about the Enterprise Network Roadmap Technology Assessment Tool
    • Complete the Enterprise Network Roadmap Technology Assessment Tool

    This activity involves the following participants:

    • IT strategic direction decision makers.
    • IT managers responsible for network.
    • Organizations evaluating platforms for mission critical applications.

    Outcomes of this step:

    • Completed Enterprise Network Roadmap Technology Assessment Tool

    Info-Tech Insight

    Review your design options with security and compliance in mind. Infrastructure is no longer a standalone entity and now tightly integrates with software-defined networks and security solutions.

    Build an assessment in an hour

    Learn about the Enterprise Network Roadmap Technology Assessment Tool.

    This workbook provides a high-level analysis of a technology’s readiness for adoption based on your organization’s needs.

    • The workbook then places the technology on a graph that measures both the readiness and fit for your organization. In addition, it provides warnings for specific issues and lets you know if you have considerable uncertainty in your answers.
    • At a glance you can now communicate what you are doing to help the company:
      • Grow
      • Save money
      • Reduce risk
    • Regardless of your specific audience, these are important stories to be able to tell.
    The image contains three screenshots from the Enterprise Network Roadmap Technology Assessment Tool.

    Build an assessment in an hour

    Complete the Enterprise Network Roadmap Technology Assessment Tool.

    Dispense with detailed analysis and customizations to present a quick snapshot of the road ahead.

    1. Weightings: Adjust the Weighting tab to meet organizational needs. The provided weightings for the overall solution areas are based on a generic firm; individual firms will have different needs.
    2. Data Entry: For each category, answer the questions for the technology you are considering. When you have completed the questionnaire, go to the next tab for the results.
    3. Results: The Enterprise Network Roadmap Technology Assessment Tool provides a value versus readiness assessment of your chosen technology customized to your organization.

    The image contains three screenshots from the Enterprise Network Roadmap Technology Assessment Tool. It has a screenshot for each step as described in the text above.

    Related Info-Tech Research

    Effectively Acquire Infrastructure Services

    Acquiring a service is like buying an experience. Don’t confuse the simplicity of buying hardware with buying an experience.

    Outsource IT Infrastructure to Improve System Availability, Reliability, and Recovery

    There are very few IT infrastructure components you should be housing internally – outsource everything else.

    Build Your Infrastructure Roadmap

    Move beyond alignment: Put yourself in the driver’s seat for true business value.

    Drive Successful Sourcing Outcomes With a Robust RFP Process

    Leverage your vendor sourcing process to get better results.

    Research Authors

    The image contains a photo of Scott Young.

    Scott Young, Principal Research Advisor, Info-Tech Research Group

    Scott Young is a Director of Infrastructure Research at Info-Tech Research Group. Scott has worked in the technology field for over 17 years, with a strong focus on telecommunications and enterprise infrastructure architecture. He brings extensive practical experience in these areas of specialization, including IP networks, server hardware and OS, storage, and virtualization.

    The image contains a photo of Troy Cheeseman.

    Troy Cheeseman, Practice Lead, Info-Tech Research Group

    Troy has over 24 years of experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) startups.

    Bibliography

    Ahlgren, Bengt. “Design considerations for a network of information.” ACM Digital Library, 21 Dec. 2008.

    Cox Business. “Digital transformation is here. Is your business ready to upgrade your mobile work equation?” BizJournals, 1 April 2022. Accessed April 2022.

    Elmore, Ed. “Benefits of integrating security and networking with SASE.” Tech Radar, 1 April 2022. Web.

    Greenfield, Dave. “From SD-WAN to SASE: How the WAN Evolution is Progressing.” Cato Networks, 19 May 2020. Web

    Korolov, Maria. “What is SASE? A cloud service that marries SD-WAN with security.” Network World, 7 Sept. 2020. Web.

    Korzeniowski, Paul, “CASB tools evolve to meet broader set of cloud security needs.” TechTarget, 26 July 2019. Accessed March 2022.

    Build an IT Risk Management Program

    • Buy Link or Shortcode: {j2store}192|cart{/j2store}
    • member rating overall impact (scale of 10): 8.3/10 Overall Impact
    • member rating average dollars saved: $31,532 Average $ Saved
    • member rating average days saved: 17 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • Risk is unavoidable. Without a formal program to manage IT risk, you may be unaware of your severest IT risks.
    • The business could be making decisions that are not informed by risk.
    • Reacting to risks AFTER they occur can be costly and crippling, yet it is one of the most common tactics used by IT departments.

    Our Advice

    Critical Insight

    • IT risk is business risk. Every IT risk has business implications. Create an IT risk management program that shares accountability with the business.

    Impact and Result

    • Transform your ad hoc IT risk management processes into a formalized, ongoing program, and increase risk management success.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
    • Involve key stakeholders including the business senior management team to gain buy-in and to focus on IT risks most critical to the organization.

    Build an IT Risk Management Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build an IT Risk Management Program – A holistic approach to managing IT risks within your organization and involving key business stakeholders.

    Gain business buy-in to understanding the key IT risks that could negatively impact the organization and create an IT risk management program to properly identify, assess, respond, monitor, and report on those risks.

    • Build an IT Risk Management Program – Phases 1-3

    2. Risk Management Program Manual – A single source of truth for the risk management program to exist and be updated to reflect changes.

    Leverage this Risk Management Program Manual to ensure that the decisions around how IT risks will be governed and managed can be documented in a single source accessible by those involved.

    • Risk Management Program Manual

    3. Risk Register & Risk Costing Tool – A set of tools to document identified risk events. Assess each risk event and consider the appropriate response based on your organization’s threshold for risk.

    Engage these tools in your organization if you do not currently have a GRC tool to document risk events as they relate to the IT function. Consider the best risk response to high severity risk events to ensure all possible situations are considered.

    • Risk Register Tool
    • Risk Costing Tool

    4. Risk Event Action Plan and Risk Report – A template to document the chosen risk responses and ensure accountable owners agree on selected response method.

    Establish clear guidelines and responses to risk events that will leave your organization vulnerable to unwanted threats. Ensure risk owners have agreed to the risk responses and are willing to take accountability for that response.

    • Risk Event Action Plan
    • Risk Report

    Infographic

    Workshop: Build an IT Risk Management Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Review IT Risk Fundamentals and Governance

    The Purpose

    To assess current risk management maturity, develop goals, and establish IT risk governance.

    Key Benefits Achieved

    Identified obstacles to effective IT risk management.

    Established attainable goals to increase maturity.

    Clearly laid out risk management accountabilities and responsibilities for IT and business stakeholders.

    Activities

    1.1 Assess current program maturity

    1.2 Complete RACI chart

    1.3 Create the IT risk council

    1.4 Identify and engage key stakeholders

    1.5 Add organization-specific risk scenarios

    1.6 Identify risk events

    Outputs

    Maturity Assessment

    Risk Management Program Manual

    Risk Register

    2 Identify IT Risks

    The Purpose

    Identify and assess all IT risks.

    Key Benefits Achieved

    Created a comprehensive list of all IT risk events.

    Risk events prioritized according to risk severity – as defined by the business.

    Activities

    2.1 Identify risk events (continued)

    2.2 Augment risk event list using COBIT 5 processes

    2.3 Determine the threshold for (un)acceptable risk

    2.4 Create impact and probability scales

    2.5 Select a technique to measure reputational cost

    2.6 Conduct risk severity level assessment

    Outputs

    Finalized List of IT Risk Events

    Risk Register

    Risk Management Program Manual

    3 Identify IT Risks (continued)

    The Purpose

    Prioritize risks, establish monitoring responsibilities, and develop risk responses for top risks.

    Key Benefits Achieved

    Risk monitoring responsibilities are established.

    Risk response strategies have been identified for all key risks.

    Activities

    3.1 Conduct risk severity level assessment

    3.2 Document the proximity of the risk event

    3.3 Conduct expected cost assessment

    3.4 Develop key risk indicators (KRIs) and escalation protocols

    3.5 Root cause analysis

    3.6 Identify and assess risk responses

    Outputs

    Risk Register

    Risk Management Program Manual

    Risk Event Action Plans

    4 Monitor, Report, and Respond to IT Risk

    The Purpose

    Assess and select risk responses for top risks and effectively communicate recommendations and priorities to the business.

    Key Benefits Achieved

    Thorough analysis has been conducted on the value and effectiveness of risk responses for high severity risk events.

    Authoritative risk response recommendations can be made to senior leadership.

    A finalized Risk Management Program Manual is ready for distribution to key stakeholders.

    Activities

    4.1 Identify and assess risk responses

    4.2 Risk response cost-benefit analysis

    4.3 Create multi-year cost projections

    4.4 Review techniques for embedding risk management in IT

    4.5 Finalize the Risk Report and Risk Management Program Manual

    4.6 Transfer ownership of risk responses to project managers

    Outputs

    Risk Report

    Risk Management Program Manual

    Further reading

    Build an IT Risk Management Program

    Mitigate the IT risks that could negatively impact your organization.

    Table of Contents

    3 Executive Brief

    4 Analyst Perspective

    5 Executive Summary

    19 Phase 1: Review IT Risk Fundamentals & Governance

    43 Phase 2: Identify and Assess IT Risk

    74 Phase 3: Monitor, Communicate, and Respond to IT Risk

    102 Appendix

    108 Bibliography

    Build an IT Risk Management Program

    Mitigate the IT risks that could negatively impact your organization.

    EXECUTIVE BRIEF

    Analyst Perspective

    Siloed risks are risky business for any enterprise.

    Photo of Valence Howden, Principal Research Director, CIO Practice.
    Valence Howden
    Principal Research Director, CIO Practice
    Photo of Brittany Lutes, Senior Research Analyst, CIO Practice.
    Brittany Lutes
    Senior Research Analyst, CIO Practice

    Risk is an inherent part of life but not very well understood or executed within organizations. This has led to risk being avoided or, when it’s implemented, being performed in isolated siloes with inconsistencies in understanding of impact and terminology.

    Looking at risk in an integrated way within an organization drives a truer sense of the thresholds and levels of risks an organization is facing – making it easier to manage and leverage risk while reducing risks associated with different mitigation responses to the same risk events.

    This opens the door to using risk information – not only to prevent negative impacts but as a strategic differentiator in decision making. It helps you know which risks are worth taking, driving strong positive outcomes for your organization.

    Executive Summary

    Your Challenge

    IT has several challenges when it comes to addressing risk management:

    • Risk is unavoidable. Without a formal program to manage IT risk, you may be unaware of your severest IT risks.
    • The business could be making decisions that are not informed by risk.
    • Reacting to risks after they occur can be costly and crippling, yet it is one of the most common tactics used by IT departments.

    Common Obstacles

    Many IT organizations realize these obstacles:

    • IT risks and business risks are often addressed separately, causing inconsistencies in the approach.
    • Security risk receives such a high profile that it often eclipses other important IT risks, leaving the organization vulnerable.
    • Failing to include the business in IT risk management leaves IT leaders too accountable; the business must have accountability as well.

    Info-Tech’s Approach

    • Transform your ad hoc IT risk management processes into a formalized, ongoing program and increase risk management success.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
    • Involve key stakeholders, including the business senior management team, to gain buy-in and to focus on the IT risks most critical to the organization.

    Info-Tech Insight

    IT risk is business risk. Every IT risk has business implications. Create an IT risk management program that shares accountability with the business.

    Ad hoc approaches to managing risk fail because…

    If you are like the majority of IT departments, you do not have a consistent and comprehensive strategy for managing IT risk.

    1. Ad hoc risk management is reactionary.
    2. Ad hoc risk management is often focused only on IT security.
    3. Ad hoc risk management lacks alignment with business objectives.

    The results:

    • Increased business risk exposure caused by a lack of understanding of the impact of IT risks on the business.
    • Increased IT non-compliance, resulting in costly settlements and fines.
    • IT audit failure.
    • Ineffective management of risk caused by poor risk information and wrong risk response decisions.
    • Increased unnecessary and avoidable IT failures and fixes.

    58% of organizations still lack a systematic and robust method to actually report on risks (Source: AICPA, 2021)

    Data is an invaluable asset – ensure it’s protected

    Case Studies

    Logo for Cognyte.

    Cognyte, a vendor hired to be a cybersecurity analytics company, had over five billion records exposed in Spring 2021. The data was compromised for four days, providing attackers with plenty of opportunities to obtain personally identifying information. (SecureBlink., 2021 & Security Magazine, 2021)

    Logo for Facebook.

    Facebook, the world’s largest social media giant, had over 533 million Facebook users’ personal data breached when data sets were able to be cross-listed with one another. (Business Insider, 2021 & Security Magazine, 2021)

    Logo for MGM Resorts.

    In 2020, over 10.6 million customers experienced some sort of data being accessible, with 1,300 having serious personally identifying information breached. (The New York Times, 2020)

    Risk management is a business enabler

    Formalize risk management to increase your likelihood of success.

    By identifying areas of risk exposure and creating solutions proactively, obstacles can be removed or circumvented before they become a real problem.

    A certain amount of risk is healthy and can stimulate innovation:

    • A formal risk management strategy doesn’t mean trying to mitigate every possible risk; it means exposing the organization to the right amount of risk.
    • Taking a formal risk management approach allows an organization to thoughtfully choose which risks it is willing to accept.
    • Organizations with high risk management maturity will vault themselves ahead of the competition because they will be aware of which risks to prepare for, which risks to ignore, and which risks to take.

    Only 12% of organizations are using risk as a strategic tool most or all of the time (Source: AICPA, 2021)

    IT risk is enterprise risk

    Accountability for IT risks and the decisions made to address them should be shared between IT and the business.

    Multiple types of risk, 'Finance', 'IT', 'People', and 'Digital', funneling into 'ENTERPRISE RISKS'. IT risks have a direct and often aggregated impact on enterprise risks and opportunities in the same way other business risks can. This relationship must be understood and addressed through integrated risk management to ensure a consistent approach to risk.

    Follow the steps of this blueprint to build or optimize your IT risk management program

    Cycle of 'Goverance' beginning with '1. Identify', '2. Assess', '3. Respond', '4. Monitor', '5. Report'.

    Start Here

    PHASE 1
    Review IT Risk Fundamentals and Governance
    PHASE 2
    Identify and Assess IT Risk
    PHASE 3
    Monitor, Report, and Respond to IT Risk

    1.1

    Review IT Risk Management Fundamentals

    1.2

    Establish a Risk Governance Framework

    2.1

    Identify IT Risks

    2.2

    Assess and Prioritize IT Risks

    3.1

    Monitor IT Risks and Develop Risk Responses

    3.2

    Report IT Risk Priorities

    Integrate Risk and Use It to Your Advantage

    Accelerate and optimize your organization by leveraging meaningful risk data to make intelligent enterprise risk decisions.

    Risk management is more than checking an audit box or demonstrating project due diligence.

    Risk Drivers
    • Audit & compliance
    • Preserve value & avoid loss
    • Previous risk impact driver
    • Major transformation
    • Strategic opportunities
    Arrow pointing right. Only 7% of organizations are in a “leading” or “aspirational” level of risk maturity. (OECD, 2021) 63% of organizations struggle when it comes to defining their appetite toward strategy related risks. (“Global Risk Management Survey,” Deloitte, 2021) Late adopters of risk management were 70% more likely to use instinct over data or facts to inform an efficient process. (Clear Risk, 2020) 55% of organizations have little to no training on ERM to properly implement such practices. (AICPA, NC State Poole College of Management, 2021)
    1. Assess Enterprise Risk Maturity 3. Build a Risk Management Program Plan 4. Establish Risk Management Processes 5. Implement a Risk Management Program
    2. Determine Authority with Governance
    Unfortunately, less than 50% of those in risk focused roles are also in a governance role where they have the authority to provide risk oversight. (Governance Institute of Australia, 2020)
    IT can improve the maturity of the organization’s risk governance and help identify risk owners who have authority and accountability.

    Governance and related decision making is optimized with integrated and aligned risk data.

    List of 'Integrated Risk Maturity Categories': '1. Context & Strategic Direction', '2. Risk Culture and Authority', '3. Risk Management Process', and '4. Risk Program Optimization'. The five types of a risk in 'Enterprise Risk Management (ERM)': 'IT', 'Security', 'Digital', 'Vendor/TPRM', and 'Other'.

    ERM incorporates the different types of risk, including IT, security, digital, vendor, and other risk types.

    The program plan is meant to consider all the major risk types in a unified approach.

    The 'Risk Process' cycle starting with '1. Identify', '2. Assess', '3. Respond', '4. Monitor', '5. Report', and back to the beginning. Implementation of an integrated risk management program requires ongoing access to risk data by those with decision making authority who can take action.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Risk Management Program Manual

    Use the tools and activities in each phase of the blueprint to create a comprehensive, customized program manual for the ongoing management of IT risk.

    Sample of the key deliverable, Risk Manangement Program Fund.
    Integrated Risk Maturity Assessment

    Assess the organization's current maturity and readiness for integrated risk management (IRM).

    Sample of the Integrated Risk Maturity Assessment blueprint. Centralized Risk Register

    The repository for all the risks that have been identified within your environment.

    Sample of the Centralized Risk Register blueprint.
    Risk Costing Tool

    A potential cost-benefit analysis of possible risk responses to determine a good method to move forward.

    Sample of the Risk Costing Tool blueprint. Risk Report & Risk Event Action Plan

    A method to report risk severity and hold risk owners accountable for chosen method of responding.

    Samples of the Risk Report & Risk Event Action Plan blueprints.

    Benefit from industry-leading best practices

    As a part of our research process, we used the COSO, ISO 31000, and COBIT 2019 frameworks. Contextualizing IT risk management within these frameworks ensured that our project-focused approach is grounded in industry-leading best practices for managing IT risk.

    Logo for COSO.

    COSO’s Enterprise Risk Management — Integrating with Strategy and Performance addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment. (COSO)

    Logo for ISO.

    ISO 31000
    Risk Management can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats, and effectively allocate and use resources for risk treatment. (ISO 31000)

    Logo for COBIT.

    COBIT 2019’s IT functions were used to develop and refine our Ten IT Risk Categories used in our top-down risk identification methodology. (COBIT 2019)

    Abandon ad hoc risk management

    A strong risk management foundation is valuable when building your IT risk management program.

    This research covers the following IT risk fundamentals:

    • Benefits of formalized risk management
    • Key terms and definitions
    • Risk management within ERM
    • Risk management independent of ERM
    • Four key principles of IT risk management
    • Importance of a risk management program manual
    • Importance of buy-in and support from the business

    Drivers of Formalized Risk Management:

    Drivers External to IT
    External Audit Internal Audit
    Mandated by ERM
    Occurrence of Risk Event
    Demonstrating IT’s value to the business Proactive initiative
    Emerging IT risk awareness
    Grassroots Drivers

    Blueprint benefits

    IT Benefits

    • Increased on-time, in-scope, and on-budget completion of IT projects.
    • Meet the business’ service requirements.
    • Improved satisfaction with IT by senior leadership and business units.
    • Fewer resources wasted on fire-fighting.
    • Improved availability, integrity, and confidentiality of sensitive data.
    • More efficient use of resources.
    • Greater ability to respond to evolving threats.

    Business Benefits

    • Reduced operational surprises or failures.
    • Improved IT flexibility when responding to risk events and market fluctuations.
    • Reduced budget uncertainty.
    • Improved ability to make decisions when developing long-term strategies.
    • Improved stakeholder and shareholder confidence.
    • Achieved compliance with external regulations.
    • Competitive advantage over organizations with immature risk management practices.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 8 calls over the course of 3 to 6 months.

    What does a typical GI on this topic look like?

      Phase 1

    • Call #1: Assess current risk maturity and organizational buy-in.
    • Call #2: Establish an IT risk council and determine IT risk management program goals.
    • Phase 2

    • Call #3: Identify the risk categories used to organize risk events.
    • Call #4: Identify the threshold for risk the organization can withstand.
    • Phase 3

    • Call #5: Create a method to assess risk event severity.
    • Call #6: Establish a method to monitor priority risks and consider possible risk responses.
    • Call #7: Communicate risk priorities to the business and implement risk management plan.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Review IT Risk Fundamentals and Governance

    1.1 Assess current program maturity

    1.2 Complete RACI chart

    1.3 Create the IT risk council

    1.4 Identify and engage key stakeholders

    1.5 Add organization-specific risk scenarios

    1.6 Identify risk events

    Identify IT Risks

    2.1 Identify risk events (continued)

    2.2 Augment risk event list using COBIT5 processes

    2.3 Determine the threshold for (un)acceptable risk

    2.4 Create impact and probability scales

    2.5 Select a technique to measure reputational cost

    2.6 Conduct risk severity level assessment

    Assess IT Risks

    3.1 Conduct risk severity level assessment

    3.2 Document the proximity of the risk event

    3.3 Conduct expected cost assessment

    3.4 Develop key risk indicators (KRIs) and escalation protocols

    3.5 Perform root cause analysis

    3.6 Identify and assess risk responses

    Monitor, Report, and Respond to IT Risk

    4.1 Identify and assess risk responses

    4.2 Risk response cost-benefit analysis

    4.3 Create multi-year cost projections

    4.4 Review techniques for embedding risk management in IT

    4.5 Finalize the Risk Report and Risk Management Program Manual

    4.6 Transfer ownership of risk responses to project managers

    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Outcomes
    1. Maturity Assessment
    2. Risk Management Program Manual
    1. Finalized List of IT Risk Events
    2. Risk Register
    3. Risk Management Program Manual
    1. Risk Register
    2. Risk Event Action Plans
    3. Risk Management Program Manual
    1. Risk Report
    2. Risk Management Program Manual
    1. Workshop Report
    2. Risk Management Program Manual

    Build an IT Risk Management Program

    Phase 1

    Review IT Risk Fundamentals and Governance

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities

    This phase will walk you through the following activities:

    • Gain buy-in from senior leadership
    • Assess current program maturity
    • Identify obstacles and pain points
    • Determine the risk culture of the organization
    • Develop risk management goals
    • Develop SMART project metrics
    • Create the IT risk council
    • Complete a RACI chart

    This phase involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Step 1.1

    Review IT Risk Management Fundamentals

    Activities
    • 1.1.1 Gain buy-in from senior leadership
    • 1.1.2 Assess current program maturity

    This step involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Outcomes of this step

    • Reviewed key IT principles and terminology
    • Gained understanding of the relationship between IT risk management and ERM
    • Introduced to Info-Tech’s IT Risk Management Framework
    • Obtained the support of senior leadership
    Step 1.1 Step 1.2

    Effective IT risk management is possible with or without ERM

    Whether or not your organization has ERM, integrating your IT risk management program with the business is possible.

    Most IT departments find themselves in one of these two organizational frameworks for managing IT risk:

    Core Responsibilities With an ERM Without an ERM
    • Risk Decision-Making Authority
    • Final Accountability
    Senior Leadership Team Senior Leadership Team
    • Risk Governance
    • Risk Prioritization & Communication
    ERM IT Risk Management
    • Risk Identification
    • Risk Assessment
    • Risk Monitoring
    IT Risk Management
    Pro: IT’s risk management responsibilities are defined (assessment schedules, escalation and reporting procedures).
    Con: IT may lack autonomy to implement IT risk management best practices.
    Pro: IT is free to create its own IT risk council and develop customized processes that serve its unique needs.
    Con: Lack of clear reporting procedures and mechanisms to share accountability with the business.

    Info-Tech’s IT risk management framework walks you through each step to achieve risk readiness

    IT Risk Management Framework

    Risk Governance
    • Optimize Risk Management Processes
    • Assess Risk Maturity
    • Measure the Success of the Program
    A cycle surrounds the words 'Business Objectives', referring to the surrounding lists. On the top half is 'Communication', and the bottom is 'Monitoring'. Risk Identification
    • Engage Stakeholder Participation
    • Use Risk Identification Frameworks
    • Compile IT-Related Risks
    Risk Response
    • Establish Monitoring Responsibilities
    • Perform Cost-Benefit Analysis
    • Report Risk Response Actions
    Risk Assessment
    • Establish Thresholds for Unacceptable Risk
    • Calculate Expected Cost
    • Determine Risk Severity & Prioritize IT Risks

    Effective IT risk management benefits

    Obtain the support of the senior leadership team or IT steering committee by communicating how IT risk impacts their priorities.

    Risk management benefits To engage the business...
    IT is compliant with external laws and regulations. Identify the industry or legal legislation and regulations your organization abides by.
    IT provides support for business compliance. Find relevant business compliance issues, and relate compliance failures to cost.
    IT regularly communicates costs, benefits, and risks to the business. Acknowledge the number of times IT and the business miscommunicate critical information.
    Information and processing infrastructure are very secure. Point to past security breaches or potential vulnerabilities in your systems.
    IT services are usually delivered in line with business requirements. Bring up IT services that the business was unsatisfied with. Explain that their inputs in identifying risks are correlated with project quality.
    IT related business risks are managed very well. Make it clear that with no risk tracking process, business processes become exposed and tend to slow down.
    IT projects are completed on time and within budget. Point out late or over-budget projects due to the occurrence of unforeseen risks.

    1.1.1 Gain buy-in from senior leadership

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Buy-in from senior leadership for an IT risk management program

    Materials: Risk Management Program Manual

    Participants: IT executive leadership, Business executive leadership

    The resource demands of IT risk management will vary from organization to organization. Here are typical requirements:

    • Occasional participation of key IT personnel and select business stakeholders in IT risk council meetings (e.g. once every two weeks).
    • Periodic risk assessments (e.g. 4 days, twice a year).
    • IT personnel must take on risk monitoring responsibilities (e.g. 1-4 hours per week).
    • Record the results in the Program Manual sections 3.3, 3.4 and 3.5.

    Record the results in the Risk Management Program Manual.

    Integrated Risk Maturity Assessment

    The purpose of the Integrated Risk Maturity Assessment is to assess the organization's current maturity and readiness for integrated risk management (IRM)

    Frequently and continually assessing your organization’s maturity toward integrated risk ensures the right risk management program can be adopted by your organization.

    Integrated Risk Maturity Assessment
    A simple tool to understand if your organization is ready to embrace integrated risk management by measuring maturity across four key categories: Context & Strategic Direction, Risk Culture & Authority, Risk Management Process, and Risk Program Optimization.
    Sample of the Integrated Risk Maturity Assessment deliverable.

    Use the results from this integrated risk maturity assessment to determine the type of risk management program that can and should be adopted by your organizations.

    Some organizations will need to remain siloed and focused on IT risk management only, while others will be able to integrate risk-related information to start enabling automatic controls that respond to this data.

    1.1.2 Assess current program maturity

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Maturity scores across four key risk categories

    Materials: Integrated Risk Maturity Assessment Tool

    Participants: IT executive leadership, Business executive leadership

    This assessment is intended for frequent use; process completeness should be re-evaluated on a regular basis.

    How to Use This Assessment:

    1. Download the Integrated Risk Management Maturity Assessment Tool.
    2. Tab 2, "Data Entry:" This is a qualitative assessment of your integrated risk management process and is organized by the categories of integrated risk maturity. You will be asked to rate the extent to which you are executing the activities required to successfully complete each phase of the assessment. Use the drop-down menus provided to select the appropriate level of execution for each activity listed.
    3. Tab 3, "Results:" This tab will display your rate of IRM completeness/maturity. You will receive a score for each category as well as an overall score. The results will be displayed numerically, by percentage, and graphically.

    Record the results in the Integrated Risk Maturity Assessment.

    Integrated Risk Maturity Categories

    Semi-circle with colored points indicating four categories.

    1

    Context & Strategic Direction Understanding of the organization’s main objectives and how risk can support or enhance those objectives.

    2

    Risk Culture and Authority Examine if risk-based decisions are being made by those with the right level of authority and if the organization’s risk appetite is embedded in the culture.

    3

    Risk Management Process Determine if the current process to identify, assess, respond to, monitor, and report on risks is benefitting the organization.

    4

    Risk Program Optimization Consider opportunities where risk-related data is being gathered, reported, and used to make informed decisions across the enterprise.

    Step 1.2

    Establish a Risk Governance Framework

    Activities
    • 1.2.1 Identify pain points/obstacles and opportunities
    • 1.2.2 Determine the risk culture of the organization
    • 1.2.3 Develop risk management goals
    • 1.2.4 Develop SMART project metrics
    • 1.2.5 Create the IT risk council
    • 1.2.6 Complete a RACI chart

    This step involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Outcomes of this step

    • Developed goals for the risk management program
    • Established the IT risk council
    • Assigned accountability and responsibility for risk management processes

    Review IT Risk Fundamentals and Governance

    Step 1.1 Step 1.2

    Create an IT risk governance framework that integrates with the business

    Follow these best practices to make sure your requirements are solid:

    1. Self-assess your current approach to IT risk management.
    2. Identify organizational obstacles and set attainable risk management goals.
    3. Track the effectiveness and success of the program using SMART risk management metrics.
    4. Establish an IT risk council tasked with managing IT risk.
    5. Set clear risk management accountabilities and responsibilities for IT and business stakeholders.

    Key metrics for your IT risk governance framework

    Challenges:
    • Key stakeholders are left out or consulted once risks have already occurred.
    • Failure to employ consistent risk identification methodologies results in omitted and unknown risks.
    • Risk assessments do not reflect organizational priorities and may not align with thresholds for acceptable risk.
    • Risk assessment occurs sporadically or only after a major risk event has already occurred.
    Key metrics:
    • Number of risk management processes done ad hoc.
    • Frequency that IT risk appears as an agenda item at IT steering committee meetings.
    • Percentage of IT employees whose performance evaluations reflect risk management objectives.
    • Percentage of IT risk council members who are trained in risk management activities.
    • Number of open positions in the IT risk council.
    • Cost of risk management program operations per year.

    Info-Tech Insight

    Metrics provide the foundation for determining the success of your IT risk management program and ensure ongoing funding to support appropriate risk responses.

    IT risk management success factors

    Support and sponsorship from senior leadership

    IT risk management has more success when initiated by a member of the senior leadership team or the board, rather than emerging from IT as a grassroots initiative.

    Sponsorship increases the likelihood that risk management is prioritized and receives the necessary resources and attention. It also ensures that IT risk accountability is assumed by senior leadership.

    Risk culture and awareness

    A risk-aware organizational culture embraces new policies and processes that reflect a proactive approach to risk.

    An organization with a risk-aware culture is better equipped to facilitate communication vertically within the organization.

    Risk awareness can be embedded by revising job descriptions and performance assessments to reflect IT risk management responsibilities.

    Organization size

    Smaller organizations can often institute a mature risk management program much more quickly than larger organizations.

    It is common for key personnel within smaller organizations to be responsible for multiple roles associated with risk management, making it easier to integrate IT and business risk management.

    Larger organizations may find it more difficult to integrate a more complex and dispersed network of individuals responsible for various risk management responsibilities.

    1.2.1 Identify obstacles and pain points

    1-4 hours

    Input: Integrated Risk Maturity Assessment

    Output: Obstacles and pain points identified

    Materials: IT Risk Management Success Factors

    Participants: IT executive leadership, Business executive leadership

    Anticipate potential challenges and “blind spots” by determining which success factors are missing from your current situation.

    Instructions:

    1. List the potential obstacles and missing success factors that you must overcome to effectively manage IT risk and build a risk management program.
    2. Consider some opportunities that could be leveraged to increase the success of this program.
    3. Use this list in Activity 1.2.3 to develop program goals.

    Risk Management

    Replace the example pain points and opportunities with real scenarios in your organization.

    Pain Points/Obstacles
    • Lack of leadership buy-in
    • Skills and understanding around risk management within IT
    • Skills and understanding around risk management within the organization
    • Lack of a defined risk management posture
    Opportunities
    • Changes in regulations related to risk
    • Organization moving toward an integrated risk management program
    • Ability to leverage lessons learned from similar companies
    • Strong process management and adherence to policies by employees in the organization

    1.2.2 Determine the risk culture of your organization

    1-3 hours

    Determine how your organization fits the criteria listed below. Descriptions and examples do not have to match your organization perfectly.

    Risk Tolerant
    • You have no compliance requirements.
    • You have no sensitive data.
    • Customers do not expect you to have strong security controls.
    • Revenue generation and innovative products take priority and risk is acceptable.
    • The organization does not have remote locations.
    • It is likely that your organization does not operate within the following industries:
      • Finance
      • Health care
      • Telecom
      • Government
      • Research
      • Education
    Moderate
    • You have some compliance requirements, e.g.:
      • HIPAA
      • PIPEDA
    • You have sensitive data, and are required to retain records.
    • Customers expect strong security controls.
    • Information security is visible to senior leadership.
    • The organization has some remote locations.
    • Your organization most likely operates within the following industries:
      • Government
      • Research
      • Education
    Risk Averse
    • You have multiple, strict compliance and/or regulatory requirements.
    • You house sensitive data, such as medical records.
    • Customers expect your organization to maintain strong and current security controls.
    • Information security is highly visible to senior management and public investors.
    • The organization has multiple remote locations.
    • Your organization operates within the following industries:
      • Finance
      • Healthcare
      • Telecom

    Be aware of the organization’s attitude towards risk

    Risk culture is an organization’s attitude towards taking risks. This attitude manifests itself in two ways:

    One element of risk culture is what levels of risk the organization is willing to accept to pursue its objectives and what levels of risk are deemed unacceptable. This is often called risk appetite.
    Risk tolerant

    Risk-tolerant organizations embrace the potential of accelerating growth and the attainment of business objectives by taking calculated risks.

    Risk averse

    Risk-averse organizations prefer consistent, gradual growth and goal attainment by embracing a more cautious stance toward risk.

    The other component of risk culture is the degree to which risk factors into decision making.
    Risk conscious

    Risk-conscious organizations place a high priority on being aware of all risks impacting business objectives, regardless of whether they choose to accept or respond to those risks.

    Unaware

    Organizations that are largely unaware of the impact of risk generally believe there are few major risks impacting business objectives and choose to invest resources elsewhere.

    Info-Tech Insight

    Organizations typically fall in the middle of these spectrums. While risk culture will vary depending on the industry and maturity of the organization, a culture with a balanced risk appetite that is extremely risk conscious is able to make creative, dynamic decisions with reasonable limits placed on risk-related decision making.

    1.2.3 Develop goals for the IT risk management program

    1-4 hours

    Input: Integrated Risk Maturity Assessment, Risk Culture, Pain Points and Opportunities

    Output: Goals for the IT risk management program

    Materials: Risk Management Program Manual

    Participants: IT executive leadership, Business executive leadership

    Translate your maturity assessment and knowledge about organizational risk culture, potential obstacles, and success factors to develop goals for your IT risk management program.

    Instructions:

    1. In the Risk Management Program Manual, revise, replace, or add to the high-level goals provided in section 2.4.
    2. Make sure that you have three to five high-level goals that reflect the current and targeted maturity of IT risk management processes.
    3. Integrate potential obstacles, pain points, and insights from the organization’s risk culture.

    Record the results in the Risk Management Program Manual.

    1.2.4 Develop SMART project metrics

    1-3 hours

    Create metrics for measuring the success of the IT risk management program.

    Ensure that all success metrics are SMART Instructions
    1. Document a list of appropriate metrics to assess the success of the IT risk management program on a whiteboard.
    2. Use the sample metrics listed in the table on the next slide as a starting point.
    3. Fill in the chart to indicate the:
      1. Name of the success metric
      2. Method for measuring success
      3. Baseline measurement
      4. Target measurement
      5. Actual measurements at various points throughout the process of improving the risk management program
      6. A deadline for each metric to meet the target measurement
    Strong Make sure the objective is clear and detailed.
    Measurable Objectives are measurable if there are specific metrics assigned to measure success. Metrics should be objective.
    Actionable Objectives become actionable when specific initiatives designed to achieve the objective are identified.
    Realistic Objectives must be achievable given your current resources or known available resources.
    Time-Bound An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.

    1.2.4 Develop SMART project metrics (continued)

    1-3 hours

    Attach metrics to your goals to gauge the success of the IT risk management program.

    Replace the example metrics with accurate KPIs or metrics for your organization.

    Sample Metrics
    Name Method Baseline Target Deadline Checkpoint 1 Checkpoint 2 Final
    Number of risks identified (per year) Risk register 0 100 Dec. 31
    Number of business units represented (risk identification) Meeting minutes 0 5 Dec. 31
    Frequency of risk assessment Assessments recorded in risk management program manual 0 2 per year Year 2
    Percentage of identified risk events that undergo expected cost assessment Ratio of risks assessed in the risk costing tool to risks assessed in the risk register 0 20% Dec. 31
    Number of top risks without an identified risk response Risk register 5 0 March 1
    Cost of risk management program operations per year Meeting frequency and duration, multiplied by the cost of participation $2,000 $5,000 Dec. 31

    Create the IT risk committee (ITRC)

    Responsibilities of the ITRC:
    1. Formalize risk management processes.
    2. Identify and review major risks throughout the IT department.
    3. Recommend an appropriate risk appetite or level of exposure.
    4. Review the assessment of the impact and likelihood of identified risks.
    5. Review the prioritized list of risks.
    6. Create a mitigation plan to minimize risk likelihood and impact.
    7. Review and communicate overall risk impact and risk management success.
    8. Assign risk ownership responsibilities of key risks to ensure key risks are monitored and risk responses are effectively implemented.
    9. Address any concerns in regards to the risk management program, including, but not limited to, reviewing their risk management duties and resourcing.
    10. Communicate risk reports to senior management annually.
    11. Make any alterations to the committee roster and the individuals’ responsibilities as needed and document changes.
    Must be on the ITRC:
    • CIO
    • CRO (if applicable)
    • Senior Directors
    • Security Officer
    • Head of Operations

    Must be on the ITRC:

    • CFO
    • Senior representation from every business unit impacted by IT risk

    1.2.5 Create the IT risk council

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Goals for the IT risk management program

    Materials: Risk Management Program Manual

    Participants: CIO, CRO (if applicable), Senior Directors, Head of Operations

    Identify the essential individuals from both the IT department and the business to create a permanent committee that meets regularly and carries out IT risk management activities.

    Instructions:

    1. Review sections 3.1 (Mandate) and 3.2 (Agenda and Responsibilities) of the IT Risk Committee Charter, located in the Risk Management Program Manual. Make any necessary revisions.
    2. In section 3.3, document how frequently the council is scheduled to meet.
    3. In section 3.4, document members of the IT risk council.
    4. Obtain sign-off for the IT risk council from the CIO or another member of the senior leadership team in section 3.5 of the manual.

    Record the results in the Risk Management Program Manual.

    1.2.6 Complete RACI chart

    1-3 hours

    A RACI diagram is a useful visualization that identifies redundancies and ensures that every role, project, or task has an accountable party.

    RACI is an acronym made up of four participatory roles: Instructions
    1. Use the template provided on the following slide, and add key stakeholders who do not appear and are relevant for your organization.
    2. For each activity, assign each stakeholder a letter.
    3. There must be an accountable party for each activity (every activity must have an “A”).
    4. For activities that do not apply to a particular stakeholder, leave the space blank.
    5. Once the chart is complete, copy/paste it into section 4.1 of the Risk Management Program Manual.
    Responsible Stakeholders who undertake the activity.
    Accountable Stakeholders who are held responsible for failure or take credit for success.
    Consulted Stakeholders whose opinions are sought.
    Informed Stakeholders who receive updates.

    1.2.6 Complete RACI chart (continued)

    1-3 hours

    Assign risk management accountabilities and responsibilities to key stakeholders:

    Stakeholder Coordination Risk Identification Risk Thresholds Risk Assessment Identify Responses Cost-Benefit Analysis Monitoring Risk Decision Making
    ITRC A R I R R R A C
    ERM C I C I I I I C
    CIO I A A A A A I R
    CRO I R C I R
    CFO I R C I R
    CEO I R C I A
    Business Units I C C C
    IT I I I I I I R C
    PMO C C C
    Legend: Responsible Accountable Consulted Informed

    Build an IT Risk Management Program

    Phase 2

    Identify and Assess IT Risk

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities

    This phase will walk you through the following activities:

    • Add organization-specific risk scenarios
    • Identify risk events
    • Augment risk event list using COBIT 2019 processes
    • Conduct a PESTLE analysis
    • Determine the threshold for (un)acceptable risk
    • Create a financial impact assessment scale
    • Select a technique to measure reputational cost
    • Create a likelihood scale
    • Assess risk severity level
    • Assess expected cost

    This phase involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business Risk Owners

    Step 2.1

    Identify IT Risks

    Activities
    • 2.1.1 Add organization-specific risk scenarios
    • 2.1.2 Identify risk events
    • 2.1.3 Augment risk event list using COBIT 19 processes
    • 2.1.4 Conduct a PESTLE analysis

    This step involves the following participants:

    • IT executive leadership
    • IT Risk Council
    • Business executive leadership
    • Business risk owners

    Outcomes of this step

    • Participation of key stakeholders
    • Comprehensive list of IT risk events
    Identify and Assess IT Risk
    Step 2.1 Step 2.2

    Get to know what you don’t know

    1. Engage the right stakeholders in risk identification.
    2. Employ Info-Tech’s top-down approach to risk identification.
    3. Augment your risk event list using alternative frameworks.
    Key metrics:
    • Total risks identified
    • New risks identified
    • Frequency of updates to the Risk Register Tool
    • Number of realized risk events not identified in the Risk Register Tool
    • Level of business participation in enterprise IT risk identification
      • Number of business units represented
      • Number of meetings attended in person
      • Number of risk reports received

    Info-Tech Insight

    What you don’t know CAN hurt you. How do you identify IT-related threats and vulnerabilities that you are not already aware of? Now that you have created a strong risk governance framework that formalizes risk management within IT and connects it to the enterprise, follow the steps outlined in this section to reveal all of IT’s risks.

    Engage key stakeholders

    Ensure that all key risks are identified by engaging key business stakeholders.

    Benefits of obtaining business involvement during the risk identification stage:
    • You will identify risk events you had not considered or you weren’t aware of.
    • You will identify risks more accurately.
    • Risk identification is an opportunity to raise awareness of IT risk management early in the process.

    Executive Participation:

    • CIO participation is integral when building a comprehensive register of risk events impacting IT.
    • CIOs and IT directors possess a holistic view of all of IT’s functions.
    • CIOs and IT directors are uniquely placed to identify how IT affects other business units and the attainment of business objectives. If applicable, CRO and CTO participation is also critical.

    Prioritizing and Selecting Stakeholders

    1. Reliance on IT services and technologies to achieve business objectives.
    2. Relationship with IT, and willingness to engage in risk management activities.
    3. Unique perspectives, skills, and experiences that IT may not possess.

    Info-Tech Insight

    While IT personnel are better equipped to identify IT risk than anyone, IT does not always have an accurate view of the business’ exposure to IT risk. Strive to maintain a 3 to 1 ratio of IT to non-IT personnel involved in the process.

    Enable IT to target risk holistically

    Take a top-down approach to risk identification to guide brainstorming

    Info-Tech’s risk categories are consistent with a risk identification method called Risk Prompting.

    A risk prompt list is a list that categorizes risks into types or areas. The n10 risk categories encapsulate the services, activities, responsibilities, and functions of most IT departments. Use these categories and the example risk scenarios provided as prompts to guide brainstorming and organize risks.

    Risk Category: High-level groupings that describe risk pertaining to major IT functions. See the following slide for all ten of Info-Tech’s IT risk categories. Risk Scenario: An abstract profile representing common risk groups that are more specific than risk categories. Typically, organizations are able to identify two to five scenarios for each category. Risk Event: Specific threats and vulnerabilities that fall under a particular risk scenario. Organizations are able to identify anywhere between 1 and 20 events for each scenario. See the Appendix of the Risk Management Program Manual for a list of risk event examples.

    Risk Category

    Risk Scenario

    Risk Event

    Compliance Regulatory compliance Being fined for not complying/being aware of a new regulation.
    Externally originated attack Phishing attack on the organization.
    Operational Technology evaluation & selection Partnering with a vendor that is not in compliance with a key regulation.
    Capacity planning Not having sufficient resources to support a DRP.
    Third-Party Risk Vendor management Vendor performance requirements are improperly defined.
    Vendor selection Vendors are improperly selected to meet the defined use case.

    2.1.1 Add organization-specific risk scenarios

    1-3 hours

    Review Info-Tech’s ten IT risk categories and add risk scenarios to the examples provided.

    IT Reputational
    • Negative PR
    • Consumers writing negative reviews
    • Employees writing negative reviews
    IT Financial
    • Stock prices drop
    • Value of the organization is reduced
    IT Strategic
    • Organization prioritizes innovation but remains focused on operational
    • Unable to access data to support strategic initiative
    Operational
    • Enterprise architecture
    • Technology evaluation and selection
    • Capacity planning
    • Operational errors
    Availability
    • Power outage
    • Increased data workload
    • Single source of truth
    • Lacking knowledge transfer processes for critical tasks
    Performance
    • Network failure
    • Service levels not being met
    • Capacity overload
    Compliance
    • Regulatory compliance
    • Standards compliance
    • Audit compliance
    Security
    • Malware
    • Internally originated attack
    Third Party
    • Vendor selection
    • Vendor management
    • Contract termination
    Digital
    • No back-up process if automation fails

    2.1.2 Identify risk events

    1-4 hours

    Input: IT risk categories

    Output: Risk events identified and categorized

    Materials: Risk Register Tool

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owners, CRO (if applicable)

    Use Info-Tech’s IT risk categories and scenarios to brainstorm a comprehensive list of IT-related threats and vulnerabilities impacting your organization.

    Instructions:

    1. Document risk events in the Risk Register Tool.
    2. List risk scenarios (organized by risk category) in the Risk Events/Threats column.
    3. Disseminate the list to key stakeholders who were unable to participate and solicit their feedback.
      • Consult the RACI chart located in section 4.1 of the Risk Management Program Manual.
    4. Attack one scenario at a time, exhausting all realistic risk events for that grouping before moving onto the next scenario. Each scenario should take approximately 45-60 minutes.

    Tip: If disagreement arises regarding whether a specific risk event is relevant to the organization or not and it cannot be resolved quickly, include it in the list. The applicability of these risks will become apparent during the assessment process.

    Record the results in the Risk Register Tool.

    2.1.3 Augment the risk event list using COBIT 2019 processes (Optional)

    1-3 hours

    Other industry-leading frameworks provide alternative ways of conceptualizing the functions and responsibilities of IT and may help you uncover additional risk events.

    1. Managed IT Management Framework
    2. Managed Strategy
    3. Managed Enterprise Architecture
    4. Managed Innovation
    5. Managed Portfolio
    6. Managed Budget and Costs
    7. Managed Human Resources
    8. Managed Relationships
    9. Managed Service Agreements
    10. Managed Vendors
    11. Managed Quality
    12. Managed Risk
    13. Managed Security
    14. Managed Data
    15. Managed Programs
    16. Managed Requirements Definition
    17. Managed Solutions Identification and Build
    18. Managed Availability and Capacity
    19. Managed Organizational Change Enablement
    20. Managed IT Changes
    1. Managed IT Change Acceptance and Transitioning
    2. Managed Knowledge
    3. Managed Assets
    4. Managed Configuration
    5. Managed Projects
    6. Managed Operations
    7. Managed Service Requests and Incidents
    8. Managed Problems
    9. Managed Continuity
    10. Managed Security Services
    11. Managed Business Process Controls
    12. Managed Performance and Conformance Monitoring
    13. Managed System of Internal Control
    14. Managed Compliance with External Requirements
    15. Managed Assurance
    16. Ensured Governance Framework Setting and Maintenance
    17. Ensured Benefits Delivery
    18. Ensured Risk Optimization
    19. Ensured Resource Optimization
    20. Ensured Stakeholder Engagement

    Instructions:

    1. Review COBIT 2019’s 40 IT processes and identify additional risk events.
    2. Match risk events to the corresponding risk category and scenario and add them to the Risk Register Tool.

    2.1.4 Finalize your risk register by conducting a PESTLE analysis (Optional)

    1-3 hours

    Explore alternative identification techniques to incorporate external factors and avoid “groupthink.”

    Consider the External Environment – PESTLE Analysis

    Despite efforts to encourage equal participation in the risk identification process, key risks may not have been shared in previous exercises.

    Conduct a PESTLE analysis as a final safety net to ensure that all key risk events have been identified.

    Avoid “Groupthink” – Nominal Group Technique

    The Nominal Group Technique uses the silent generation of ideas and an enforced “safe” period of time where ideas are shared but not discussed to encourage judgement-free idea generation.

    • Ideas are generated silently and independently.
    • Ideas are then shared and documented; however, discussion is delayed until all of the group’s ideas have been recorded.
    • Idea generation can occur before the meeting and be kept anonymous.

    Note: Employing either of these techniques will lengthen an already time-consuming process. Only consider these techniques if you have concerns regarding the homogeneity of the ideas being generated or if select individuals are dominating the exercise.

    List the following factors influencing the risk event:
    • Political factors
    • Economic factors
    • Social factors
    • Technological factors
    • Legal factors
    • Environmental factors
    'PESTLE Analysis' presented as a wheel with the acronym's meanings surrounding the title. 'Political Factors', 'Economic Factors', 'Social Factors', 'Technological Factors', 'Legal Factors', and 'Environmental Factors'.

    Step 2.2

    Assess and Prioritize IT Risks

    Activities
    • 2.2.1 Determine the threshold for (un)acceptable risk
    • 2.2.2 Create a financial impact assessment scale
    • 2.2.3 Select a technique to measure reputational cost
    • 2.2.4 Create a likelihood scale
    • 2.2.5 Risk severity level assessment
    • 2.2.6 Expected cost assessment

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business risk owners

    Outcomes of this step

    • Business-approved thresholds for unacceptable risk
    • Completed Risk Register Tool with risks prioritized according to severity
    • Expected cost calculations for high-priority risks

    Identify and Assess IT Risk

    Step 2.1 Step 2.2

    Reveal the organization’s greatest IT threats and vulnerabilities

    1. Establish business-approved risk thresholds for acceptable and unacceptable risk.
    2. Conduct a streamlined assessment of all risks to separate acceptable and unacceptable risks.
    3. Perform a deeper, cost-based assessment of prioritized risks.
    Key metrics:
    • Frequency of IT risk assessments
      • (Annually, bi-annually, etc.)
    • Assessment accuracy
      • Percentage of risk assessments that are substantiated by later occurrences or testing
      • Ratio of cumulative actual costs to expected costs
    • Assessment consistency
      • Percentage of risk assessments that are substantiated by third-party audit
    • Assessment rigor
      • Percentage of identified risk events that undergo first-level assessment (severity scores)
      • Percentage of identified risk events that undergo second-level assessment (expected cost)
    • Stakeholder oversight and participation
      • Level of executive participation in IT risk assessment (attend in person, receive report, etc.)
      • Number of business stakeholder reviews per risk assessment

    Info-Tech Insight

    Risk is money. It’s impossible to make intelligent decisions about risks without knowing what their financial impact will be.

    Review risk assessment fundamentals

    Risk assessment provides you with the raw materials to conduct an informed cost-benefit analysis and make robust risk response decisions.

    In this section, you will be prioritizing your IT risks according to their risk severity, which is a reflection of their expected cost.

    Calculating risk severity

    How much you expect a risk event to cost if it were to occur:

    Likelihood of Risk Impact

    e.g. $250,000 or “High”

    X

    Calibrated by how likely the risk is to occur:

    Likelihood of Risk Occurrence

    e.g. 10% or “Low”

    =

    Produces a dollar value or “severity level” for comparing risks:

    Risk Severity

    e.g. $25,000 or “Medium”
    Which must be evaluated against thresholds for acceptable risk and the cost of risk responses.

    Risk Tolerance
    Risk Response

    CBA
    Cost-benefit analysis

    Maintain the engagement of key stakeholders in the risk assessment process

    1

    Engage the Business During Assessment Process

    Asking business stakeholders to make significant contributions to the assessment exercise may be unrealistic (particularly for members of the senior leadership team, other than the CIO).

    Ensure that they work with you to finalize thresholds for acceptable or unacceptable risk.

    2

    Verify the Risk Impact and Assessment

    If IT has ranked risk events appropriately, the business will be more likely to offer their input. Share impact and likelihood values for key risks to see if they agree with the calculated risk severity scores.

    3

    Identify Where the Business Focuses Attention

    While verifying, pay attention to the risk events that the business stresses as key risks. Keep these risks in mind when prioritizing risk responses as they are more likely to receive funding.

    Try to communicate the assessments of these risk events in terms of expected cost to attract the attention of business leaders.

    Info-Tech Insight

    If business executives still won’t provide the necessary information to update your initial risk assessments, IT should approach business unit leaders and lower-level management. Lean on strong relationships forged over time between IT and business managers or supervisors to obtain any additional information.

    Info-Tech recommends a two-level approach to risk assessment

    Review the two levels of risk assessment offered in this blueprint.

    Risk severity level assessment (mandatory)

    1

    Information

    Number of risks: Assess all risk events identified in Phase 1.
    Units of measurement: Use customized likelihood and impact “levels.”
    Time required: One to five minutes per risk event.

    Assess Likelihood

    Negligible
    Low
    Moderate
    High
    Very High

    X

    Assess Likelihood

    Negligible
    Low
    Moderate
    High
    Very High

    =

    Output


    Risk Security Level:

    Moderate

    Example of a risk severity level assessment chart.
    Chart risk events according to risk severity as this allows you to organize and prioritize IT risks.

    Assess all of your identified risk events with a risk severity-level assessment.

    • By creating a likelihood and impact assessment scale divided into three to nine “levels” (sometimes referred to as “buckets”), you can evaluate every risk event quickly while being confident that risks are being assessed accurately.
    • In the following activities, you will create likelihood and impact scales that align with your organizational risk appetite and tolerance.
    • Severity-level assessment is a “first pass” of your risk list, revealing your organization’s most severe IT risks, which can be assessed in greater detail by incorporating expected cost into your evaluation.

    Info-Tech recommends a two-level approach to risk assessment (continued)

    Expected cost assessment (optional)

    2

    Information

    Number of risks: Only assess high-priority risks revealed by severity-level assessment.
    Units of measurement: Use actual likelihood values (%) and impact costs ($).
    Time required: 10-20 minutes per risk event.

    Assess Likelihood

    15%

    Moderate

    X

    Assess Likelihood

    $100,000

    High

    =

    Output


    Expected Cost:

    $15,000

    Expected cost is useful for conducting cost-benefit analysis and comparing IT risks to non-IT risks and other budget priorities for the business.

    Conduct expected cost assessments for IT’s greatest risks.

    For risk events warranting further analysis, translate risk severity levels into hard expected-cost numbers.

    Why conduct expected cost assessments?
    • Expected cost represents how much you would expect to pay in an average year for each risk event.
    • Communicate risk priorities to the business in language they can understand.
    • While risk severity levels are useful for comparing one IT risk to another, expected cost data allows the business to compare IT risks to non-IT risks that may not use the same scales.
    Why is expected cost assessment optional?
    • Determining robust likelihood values and precise impact estimates can be challenging and time consuming.
    • Some risk events may require extensive data gathering and industry analysis.

    Implement and leverage a centralized risk register

    The purpose of the risk register is to act as the repository for all the risks that have been identified within your environment.

    Use this tool to:

    1. Collect and maintain a repository for all IT risk events impacting the organization and relevant information for each risk.
      • Capture all relevant IT risk information in one location.
      • Organize risk identification and assessment information for transparent risk management, stakeholder review, and/or internal audit.
    2. Calculate risk severity scores to prioritize risk events and determine which risks require a risk response.
      • Separate acceptable and unacceptable risks (as determined by the business).
      • Rank risks based on severity levels.
    3. Assess risk responses and calculate residual risk.
      • Evaluate the effect that proposed risk response actions will have on top risk events and quantify residual risk magnitude.
      • This step will be completed in section 3.1

    2.2.1 Determine the threshold for (un)acceptable risk

    1-4 hours

    Input: Risk events, Risk appetite

    Output: Threshold for risk identified

    Materials: Risk Register Tool, Risk Management Program Manual

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    There are times when the business needs to know about IT risks with high expected costs.

    1. Create an expected cost threshold that defines what constitutes an acceptable and unacceptable risk for the organization. This figure should be a concrete dollar value. In the next exercises, you will build risk impact and likelihood scales with this value in mind, ensuring that “high” or “extreme” risks are immediately communicated to senior leadership.
    2. Do not consider IT budget restrictions when developing this number. The acceptable risk threshold should reflect the business’ tolerance/appetite for risk.

    This threshold is typically based on the organization’s ability to absorb financial losses, and its tolerance/appetite towards risk.

    If your organization has ERM, adopt the existing acceptability threshold.

    Record this threshold in section 5.3 of the Risk Management Program Manual

    2.2.2 Create a financial impact assessment scale

    1-4 hours

    Input: Risk events, Risk threshold

    Output: Financial impact scale created

    Materials: Risk Register Tool, Risk Management Program Manual

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    1. Create a scale to assess the financial impact of risk events.
      • Typically, risk impacts are assessed on a scale of 1-5; however, some organizations may prefer to assess risks using 3, 4, 7, or 9-point scales.
    2. Ensure that the unacceptable risk threshold is reflected in the scale.
      • In the example provided, the unacceptable risk threshold ($100,000) is represented as “High” on the impact scale.
    3. Attach labels to each point on the scale. Effective labels will easily distinguish between risks on either side of the unacceptable risk threshold.

    Record the risk impact scale in section 5.3 of the Risk Management Program Manual

    Convert project overruns and service outages into costs

    Use the tables below to quickly convert impacts typically measured in units of time to financial cost. Replace the values in the table with those that reflect your own costs.

    • While project overruns and service outages may have intangible impacts beyond the unexpected costs stemming from paying employees and lost revenue (such as adding complexity to project management and undermining the business’ confidence in IT), these measurements will provide adequate impact estimations for risk assessment.
    • Remember, complex risk events can be analyzed further with an expected cost assessment.
    Project Overruns Scale for the use of cost assessment with dollar amounts associated with impact levels. '$250,000 - Extreme', '$100,000 - High', '$60,000 - Moderate', '$35,000 - Low', '$10,000 - Negligible'.

    Project

    Time (days)

    20 days

    Number of employees

    8

    Average cost per employee (per day)

    $300

    Estimated cost

    $48,000
    Service Outages

    Service

    Time (hours)

    4 hours

    Lost revenue (per hour)

    $10,000

    Estimated cost

    $40,000

    Impact scale

    Low

    2.2.3 Select a technique to measure reputational cost (1 of 3)

    1-3 hours

    Realized risk events may have profound reputational costs that do not immediately impact your bottom line.

    Reputational cost can take several forms, including the internal and external perception of:
    1. Brand likeability
    2. Product quality
    3. Leadership capability
    4. Social responsibility

    Based on your industry and the nature of the risk, select one of the three techniques described in this section to incorporate reputational costs into your risk assessment.

    Technique #1 – Use financial indicators:

    For-profit companies typically experience reputational loss as a gradual decline in the strength of their brand, exclusion from industry groups, or lost revenue.

    If possible, use these measures to put a price on reputational loss:

    • Lost revenue attributable to reputation loss
    • Loss of market share attributable to reputation loss
    • Drops in share price attributable to reputation loss (for public companies)

    Match this dollar value to the corresponding level on the impact scale created in Activity 2.2.2.

    • If you are not able to effectively translate all reputational costs into financial costs, proceed to techniques 2 and 3 on the following slides.

    2.2.3 Select a technique to measure reputational cost (2 of 3)

    1-3 hours
    It is common for public sector or not-for-profit organizations to have difficulty putting a price tag on intangible reputational costs.
    • For example, a government organization may be unable to directly quantify the cost of losing the confidence and/or support of the public.
    • A helpful technique is to reframe how reputation is assigned value.
    Technique #2 – Calculate the value of avoiding reputational cost:
    1. Imagine that the particular risk event you are assessing has occurred. Describe the resulting reputational cost using qualitative language.

    For example:

    A data breach, which caused the unsanctioned disclosure of 2,000 client files, has inflicted high reputational costs on the organization. These have impacted the organization in the following ways:

    • Loss of organizational trust in IT
    • IT’s reputation as a value provider to the organization is tarnished
    • Loss of client trust in the organization
    • Potential for a public reprimand of the organization by the government to restore public trust
  • Then, determine (hypothetically) how much money the organization would be willing to spend to prevent the reputational cost from being incurred.
  • Match this dollar value to the corresponding level on the impact scale created in Activity 2.2.2.
  • 2.2.3 Select a technique to measure reputational cost (3 of 3)

    1-3 hours

    If you feel that the other techniques have not reflected reputational impacts in the overall severity level of the risk, create a parallel scale that roughly matches your financial impact scale.

    Technique #3 – Create a parallel scale for reputational impact:

    Visibility is a useful metric for measuring reputational impact. Visibility measures how widely knowledge of the risk event has spread and how negatively the organization is perceived. Visibility has two main dimensions:

    • Internal vs. External
    • Low Amplification vs. High Amplification
    • Internal/External: The further outside of the organization that the risk event is visible, the higher the reputational impact.
      Low/High Amplification: The greater the ability of the actor to communicate and amplify the occurrence of a risk event, the higher the reputational impact.
      After establishing a scale for reputational impact, test whether it reflects the severity of the financial impact levels in the financial impact scale.

    • For example, if the media learns about a recent data breach, does that feel like a $100,000 loss?
    Example:
    Scale for the use of cost assessment  of reputational impact with dimension combinations associated with impact levels. 'External, High Amp, (regulators, lawsuits) - Extreme', 'Internal, High Amp, (CEO) - Low', 'Internal, Low Amp (IT) - Negligible'.

    2.2.4 Create a likelihood scale

    1-3 hours

    Instructions:
    1. Create a scale to assess the likelihood that a risk event will occur over a given period of time.
      • Info-Tech recommends assessing the likelihood that the risk event will occur over a period of one year (the IT risk council should be reassessing the risk event no less than once per year).
    2. Ensure that the likelihood scale contains the same number of levels as the financial impact scale (3, 4, 5, 7, or 9).
    3. The example provided is likely to satisfy most IT departments; however, you may customize the distribution of likelihood values to reflect the organization’s aversion towards uncertainty.
      • For example, an extremely risk-averse organization may consider any risk event with a likelihood greater than 20% to have a “High” likelihood of occurrence.
    4. Attach the same labels used for the financial impact scale (Low, Moderate, High, etc.)

    Record the risk impact scale in section 5.3 of the Risk Management Program Manual

    Scale to assess the likelihood that a risk event will occur. '80-99% - Extreme', '60-79% - High', '40-59% - Moderate' '20-39% - Low', '1-19% - Negligible'.

    Info-Tech Insight

    Note: Info-Tech endorses the use of likelihood values (1-99%) rather than frequency (3 times per year) as a measurement.
    For an explanation of why likelihood values lead to more precise and robust risk assessment, see the Appendix.

    2.2.5 Risk severity level assessment

    6-10 hours

    Input: Risk events identified

    Output: Assessed the likelihood of occurrence and impact for all identified risk events

    Materials: Risk Register Tool

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    1. Document the “Risk Category” and “Existing Controls.” in the Risk Register Tool.
      • (See the slide following this activity for tips on identifying existing controls.)
    2. Assign each risk event a likelihood and impact level.
      • Remember, you are assessing the impact that a risk event will have on the organization as a whole, not just on IT.
    3. When assigning a financial impact level to a risk event, factor in the likely number of instances that the event will occur within the time frame for which you are assessing (usually one year).
      • For risk events like third-party service outages that typically occur a few times each year, assign them an impact level that reflects the likelihood of financial impact the risk event will have over the entire year.
      • E.g. If your organization is likely to experience two major service outages next year and each outage costs the organization approximately $15,000, the total financial impact is $30,000.

    Record results in the Risk Register Tool

    2.2.5 Risk severity level assessment (continued)

    Instructions (continued):
    1. Assign a risk owner to non-negligible risk events.
      • For organizations that practice ongoing risk management and frequently reassess their risk portfolio (minimum once per year), risk ownership does not need to be assigned to “Negligible” or low-level risks.
      • View the following slides for advice on how to select a risk owner and information on their responsibilities.
    2. As you input the first few likelihood and impact values, compare them to one another to ensure consistency and accuracy:
      • Is a service outage really twice as impactful as our primary software provider going out of business?
      • Is a data breach far more likely than a ›1 hour web-services outage?
    Tips for Selecting Likelihood Values:

    Does ~10% sound right?

    Test a likelihood estimate by assessing the truth of the following statements:

    • The risk event will likely occur once in the next ten years (if the environment remains nearly identical).
    • If ten organizations existed that were nearly identical to our own, it is likely that one out of ten would experience the risk event this year.

    Screenshot of a risk severity level assessment.

    Identify current risk controls

    Consider how IT is already addressing key risks.

    Types of current risk control

    Tactical controls

    Apply to individual risks only.

    Example: A tactical control for backup/replication failure is faster WAN lines.

    Tactical risk control Strategic controls

    Apply to multiple risks.

    Example: A strategic control for backup/replication failure is implementing formal DR plans.

    Strategic risk control
    Risk event Risk event Risk event

    Screenshot of the column headings on the risk severity level assessment with 'Current Controls' highlighted.
    Consider both tactical and strategic controls already in place when filling out risk event information in the Risk Register Tool.

    Info-Tech Insight

    Identifying existing risk controls (past risk responses) provides a clear picture of the measures already in place to avoid, mitigate, or transfer key risks. This reveals opportunities to improve existing risk controls, or where new strategies are needed, to reduce risk severity levels below business thresholds.

    Assign a risk owner for each risk event

    Designate a member of the IT risk council to be responsible for each risk event.

    Selecting the Appropriate Risk Owner

    Use the following considerations to determine the best owner for each risk:

    • The risk owner should be familiar with the process, project, or IT function related to the risk event.
    • The risk owner should have access to the necessary data to monitor and measure the severity of the risk event.
    • The risk owner’s performance assessment should reflect their ability to demonstrate the ongoing management of their assigned risk events.

    Screenshot of the column headings on the risk severity level assessment with 'Risk Owner' highlighted.

    Risk Owner Responsibilities

    Risk ownership means that an individual is responsible for the following activities:

    • Monitoring the threat or vulnerability for changes in the likelihood of occurrence and/or likely impact.
    • Monitoring changes in the market and external environment that may alter the severity of the risk event.
    • Monitoring changes of closely related risks with interdependencies.
    • Developing and using key risk indicators (KRIs) to measure changes in risk severity.
    • Regularly reporting changes in risk severity to the IT risk council.
    • If necessary, escalating the risk event to other IT risk council personnel or senior management for reassessment.
    • Monitoring risk severity levels for risk events after a risk response has been implemented.

    Use Info-Tech’s Risk Costing Tool to calculate the expected cost of IT’s high-priority risks (optional)

    Sample of the Risk Costing Tool.

    Use this tool to:

    1. Conduct a deeper analysis of severe risks.
      • Determine specific likelihood and financial impact values to communicate the severity of the risk in the Expected Cost tab.
      • Identify the maximum financial impact that the risk event may inflict.
    2. Assess the effectiveness of multiple risk responses for each risk event.
      • Determine how proposed risk events will change the likelihood of occurrence and financial impact of the risk event.
    3. Incorporate risk proximity into your cost-benefit analysis of risk responses.
      • Illustrate how spending decisions will impact the expected cost of the risk event over time.

    2.2.6 Expected cost assessment (optional)

    Assign likelihood and financial impact values to high-priority risks.

    Select risks with these characteristics:

    Strongly consider conducting an expected cost assessment for risk events that meet one or more of the following criteria.

    The risk:

    • Has been assigned to the highest risk severity level.
    • Has exposed the organization previously and had severe implications.
    • Exceeds the organization’s threshold for financial impact.
    • Involves an IT function that is highly visible to the business.
    • Will likely require risk response actions that will exceed current IT budgetary constraints.
    • Is conducive to expected cost assessment:
      • There is general consensus on likelihood estimates.
      • There is general consensus on financial impact estimates.
      • Historical data exists to support estimates.
    Determine which risks require a deeper assessment:

    Info-Tech recommends conducting a second-level assessment for 5-15% of your IT risk register.

    Communicating the expected cost of high-priority risks significantly increases awareness of IT risks by the business.

    Communicating risks to the business using their language also increases the likelihood that risk responses will receive the necessary support and investment


    Record the list of risk events requiring second-level assessment in the Risk Costing Tool.

    • Transfer the likelihood and impact levels for each event into the Risk Costing Tool using data from the Risk Register Tool.

    2.2.6 Expected cost assessment (continued)

    Assign likelihood and financial impact values to high-priority risks.

    Instructions:
    1. Go through the list of prioritized risks in the Risk Costing Tool one by one. Indicate the likelihood and impact level (from the Risk Register Tool) for the risk event being assessed.
    2. Record likelihood values (1-99%) and impact values ($) from participants.
      • Only record values from individuals that indicate they are fairly confident with their estimates.
      • Keep likelihood estimates to values that are multiples of five.
    3. Estimate and record the maximum impact that the risk event could inflict.
      • See Appendix III for information on how the possibility of high-impact scenarios may influence your decision making.
    4. Discuss the estimates provided. Eliminate outliers and retracted estimates.
      • If you are unable to achieve consensus, take the average of the values provided.
    5. If you are having difficulty arriving at a likelihood or impact value, select the median value of the level assigned to the risk during the risk severity level assessment.
      • E.g. Risk event assigned to likelihood level “Moderate” (20-39%). Select a likelihood value of 30%.

    Screenshot of the column headings on the risk severity level assessment with 'Optional Inherent Likelihood Parameters' and 'Optional Inherent Impact Parameters' highlighted.

    Who should participate?
    • Depending on the size of your IT risk council, you may want to consider conducting this exercise in a smaller group.
    • Ideally, you should try to find the right balance between ensuring that the necessary experience and knowledge is in the room while insulating the exercise from outlier opinions, noise, and distractions.

    Evaluate likelihood and impact

    Refine your risk assessment process by developing more accurate measurements of likelihood and impact.

    Intersubjective likelihood

    The goal of the expected cost assessment is to develop robust intersubjective estimates of likelihood and financial impact.

    By aggregating a number of expert opinions of what they deem to be the “correct” value, you will arrive at a collectively determined value that better reflects reality than an individual opinion.

    Example: The Delphi Method

    The Delphi Method is a common technique to produce a judgement that is representative of the collective opinion of a group.

    • Participants are sent a series of sequential questionnaires (typically by email).
    • The first questionnaire asks them what the likelihood, likely impact, and expected cost is for a specific risk event.
    • Data from the questionnaire is compiled and then communicated in a subsequent questionnaire, which encourages participants to restate or revise their estimates given the group’s judgements.
    • With each successive questionnaire, responses will typically converge around a single intersubjective value.
    Justifying Your Estimates:

    When asked to explain the numbers you arrived at during the risk assessment, pointing to an assessment methodology gives greater credibility to your estimates.

    • Assign one individual to take notes during the assessment exercise.
    • Have them document the main rationale behind each value and the level of consensus.

    Info-Tech Insight

    The underlying assumption behind intersubjective forecasting is that group judgements are more accurate than individual judgements. However, this may not be the case at all.

    Sometimes, a single expert opinion is more valuable than many uninformed opinions. Defining whose opinion is valuable and whose is not is an unpleasant exercise; therefore, selecting the right personnel to participate in the exercise is crucially important.

    Build an IT Risk Management Program

    Phase 3

    Monitor, Respond, and Report on IT Risk

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities

    This phase will walk you through the following activities:

    • Develop key risk indicators (KRIs) and escalation protocols
    • Establish the reporting schedule
    • Identify and assess risk responses
    • Analyze risk response cost-benefit
    • Create multi-year cost projections
    • Obtain executive approval for risk action plans
    • Socialize the Risk Report
    • Transfer ownership of risk responses to project managers
    • Finalize the Risk Management Program Manual

    This phase involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Risk business owner

    Step 3.1

    Monitor IT Risks and Develop Risk Responses

    Activities
    • 3.1.1 Develop key risk indicators (KRIs) and escalation protocols
    • 3.1.2 Establish the reporting schedule
    • 3.1.3 Identify and assess risk responses
    • 3.1.4 Risk response cost-benefit analysis
    • 3.1.5 Create multi-year cost projections

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business risk owner

    Outcomes of this step

    • Completed risk event action plans
    • Risk responses identified and assessed for top risks
    • Risk response selected for top risks

    Monitor, Respond, and Report on IT Risk

    Step 3.1 Step 3.2

    Use Info-Tech’s Risk Event Action Plan to manage high-priority risks

    Manage risks in between risk assessments and create a paper trail for key risks that exceed the unacceptable risk threshold. Use a new form for every high-priority risk that requires tracking.

    Risk Event Action Plan Sample of the Risk Event Action Plan deliverable.

    Obtaining sign-off from the senior leadership team or from the ERM office is an important step of the risk management process. The Risk Event Action Plan ensures that high-priority risks are closely monitored and that changes in risk severity are detected and reported.

    Clear documentation is a way to ensure that critical information is shared with management so that they can make informed risk decisions. These reports should be succinct yet comprehensive; depending on time and resources, it is good practice to fill out this form and obtain sign-off for the majority of IT risks.

    3.1.1 Develop key risk indicators (KRIs) and escalation protocols

    The risk owner should be held accountable for monitoring their assigned risks but may delegate responsibility for these tasks.

    Instructions:
    1. Design key risk indicators (KRIs) for risks that measure changes in their severity and document them in the Risk Event Action Plan.
      • See the following slide for examples.
    2. Clearly document the risk owner and the individual(s) carrying out risk monitoring activities (delegates) in the Risk Event Action Plan.

    Note: Examples of KRIs can be found on the following slide.

    What are KRIs?
    • KRIs should be observable metrics that alert the IT risk council and management when risk severity exceeds acceptable risk thresholds.
    • KRIs should serve as tripwires or early-warning indicators that trigger further actions to be taken on the risk.
    • Further actions may include:
      • Escalation to the risk owner (if delegated) or to a member of the senior leadership team.
      • Reporting to the IT risk council or IT steering committee.
      • Reassessment.
      • Updating the risk monitoring schedule.

    Document KRIs, escalation thresholds, and escalation protocols for each risk in a Risk Event Action Plan.

    Developing KRIs for success

    Visualization of KRI development, from the 'Risk Event' to the 'Intermediate Steps' with 'KRI Measurements' to the image of a growing seed.

    Examples of KRIs

    • Number of resources who quit or were fired who had access to critical data
    • Number of risk mitigation initiatives unfunded
    • Changes in time horizon of mitigation implementation
    • Number of employees who did not report phishing attempts
    • Amount of time required to get critical operations access to necessary data
    • Number of days it takes to implement a new regulation or compliance control

    3.1.2 Establish the reporting schedule

    For each risk event, document how frequently the risk owner must report to the IT risk council in the Risk Event Action Plan.

    • A clear reporting schedule enforces accountability for each risk event, ensuring that risk owners are fulfilling their monitoring responsibilities.
    • The ongoing discussion of risks between assessment cycles also increases overall awareness of how IT risks are not static but constantly evolving.
    Reporting Risk Event
    Weekly reports to ITRC Risk event severity represented as a thermometer with levels 'Extreme', 'High', 'Moderate', 'Low', and 'Negligible'.
    Bi-weekly reports to ITRC
    Monthly reports to ITRC
    Report to ITRC only if KRI thresholds triggered
    No reports; reassessed bi-annually

    Use Info-Tech’s tools to identify, analyze, and select risk responses

    1

    (Mandatory)
    Tool

    Screenshot of the Risk Register Tool.

    Risk Register Tool

    Information
    • Develop risk responses for all risk events pre-populated on the “2. Risk Register” sheet of the Risk Register Tool.
    • Document the root cause of the risk (Activity 3.1.3) and other contributing factors (Activity 3.1.4).
    • Identify risk responses (Activity 3.1.5).
    • Predict the effectiveness of the risk response, if implemented, by estimating the residual likelihood and impact of the risk (Activity 3.1.5).
    • The tool will calculate the residual severity of the risk after applying the risk response.

    2

    (Optional)
    Tool

    Screenshot of the Risk Costing Tool.

    Risk Costing Tool

    Information
    • Continue your second-level risk analysis for top risks for which you calculated expected cost in section 2.2.
    • Activity 3.1.5:
      • Identify between one and four risk response options for each risk.
      • Develop precise values for residual likelihood and impact.
      • Compare expected cost of the risk event to expected residual cost.
      • Select the risk response to recommend to senior leadership and document it in the Risk Register Tool.

    Determine the root cause of IT risks

    Root cause analysis

    Use the “Five Whys” methodology to identify the root cause and contributing/exacerbating factors for each risk event.

    Diagnosing the root cause of a risk as well as the environmental factors that increase its potential impact and likelihood of occurring allow you to identify more effective risk responses.

    Risk responses that only address the symptoms of the risk are less likely to succeed than responses that address the core issue.

    Concentric circles with 'Root Cause' at the center, 'Contributing Factors' around it, and 'Symptoms' on the outer circle.

    Example of 'The Five Whys Methodology', tracing symptoms to their root cause. In 'Symptoms' we see 'Risk Event: Network outage', Why? 'Network congestion', Why? Then on to 'Contributing Factors' the answer is 'Inadequate bandwidth for latency-sensitive applications', Why? 'Increased business use of latency-sensitive applications', Why? And finally to the 'Root Cause', 'Business units rely on 'real-time' data gathered from latency-sensitive applications', Why?

    Identify factors that contribute to the severity of the risk

    Environmental factors interact with the root cause to increase the likelihood or impact of the risk event.

    What factors matter?

    Identify relevant actors and assets that amplify or diminish the severity of the risk.

    Actors

    • Internal (business units)
    • External (vendor, regulator, market, competitor, hostile actor)

    Assets/Resources

    • Infrastructure
    • Applications
    • Processes
    • Information/data
    • Personnel
    • Reputation
    • Operations
    Develop risk responses that target contributing factors.
    Root cause:
    Business units rely on “real-time” data gathered from latency-sensitive applications

    Actors: Enterprise App users (Finance, Product Development, Product Management)

    Asset/resource: Applications, network

    Risk response:
    Decrease the use of latency-sensitive applications.

    X

    Decreasing the use of key apps contradicts business objectives.

    Contributing factors:
    Unreliable router software

    Actors: Network provider, router vendor, router software vendor, IT department

    Asset/resource: Network, router, router software

    Risk response:
    Replace the vendor that provides routers and router software.

    Replacing the vendor would reduce network outages at a relatively low cost.

    Symptoms:
    Network outage

    Actors: All business units, network provider

    Asset/resource: Network, business operations, employee productivity

    Risk response:
    Replace legacy systems.

    X

    Replacing legacy systems would be too costly.

    3.1.3 Identify and assess risk responses

    Instructions:
    Complete the following steps for each risk event.
    1. Identify a risk response action that will help reduce the likelihood of occurrence or the impact if the event were to occur.
      • Indicate the type of risk response (avoidance, mitigation, transfer, acceptance, or no risk exists).
    2. Assign each risk response action a residual likelihood level and a residual impact level.
      • This is the same step performed in Activity 2.2.6, when initial likelihood and impact levels were determined; however, now you are estimating the likelihood and impact of the risk event after the risk response action has been implemented successfully.
      • The Risk Register Tool will generate a residual risk severity level for each risk event.
    3. Identify the potential Risk Action Owner (Project Manager) if the response is selected and turned into an IT project, and document this in the Risk Register Tool.
    Document the following in the Risk Event Action Plan for each risk event:
      • Risk response actions
      • Residual likelihood and impact levels
      • Residual risk severity level
    • Review the following slides about the four types of risk response to help complete the activity.
      1. Avoidance
      2. Mitigation
      3. Transfer
      4. Acceptance

    Record the results in the Risk Event Action Plan.

    Take actions to avoid the risk entirely

    Risk Avoidance

    • Risk avoidance involves taking evasive maneuvers to avoid the risk event.
    • Risk avoidance targets risk likelihood, decreasing the likelihood of the risk event occurring.
    • Since risk avoidance measures are fairly drastic, the likelihood is often reduced to negligible levels.
    • However, risk avoidance response actions often sacrifice potential benefits to eliminate the possibility of the risk entirely.
    • Typically, risk avoidance measures should only be taken for risk events with extremely high severity and when the severity (expected cost) of the risk event exceeds the cost (benefits sacrificed) of avoiding the risk.

    Example

    Risk event: Information security vulnerability from third-party cloud services provider.

    • Risk avoidance action: Store all data in-house.
    • Benefits sacrificed: Cost savings, storage flexibility, etc.
    Stock photo of a person hikiing along a damp, foggy, valley path.

    Pursue projects that reduce the likelihood or impact of the risk event

    Risk Mitigation

    • Risk mitigation actions are risk responses that reduce the likelihood and impact of the risk event.
    • Risk mitigation actions can be to either implement new controls or enhance existing ones.
    Example 1

    Most risk responses will reduce both the likelihood of the risk event occurring and its potential impact.

    Example

    Mitigation: Purchase and implement enterprise mobility management (EMM) software with remote wipe capability.

    • EMM reduces the likelihood that sensitive data is accessed by a nefarious actor.
    • The remote-wipe capability reduces the impact by closing the window that sensitive data can be accessed from.
    Example 2

    However, some risk responses will have a greater effect on decreasing the likelihood of a risk event with little effect on decreasing impact.

    Example

    Mitigation: Create policies that restrict which personnel can access sensitive data on mobile devices.

    • This mitigation decreases the number of corporate phones that have access to (or are storing) sensitive data, thereby decreasing the likelihood that a device is compromised.
    Example 3

    Others will reduce the potential impact without decreasing its likelihood of occurring.

    Example

    Mitigation: Use robust encryption for all sensitive data.

    • Corporate-issued mobile phones are just as likely to fall into the hands of nefarious actors, but the financial impact they can inflict on the organization is greatly reduced.

    Pursue projects that reduce the likelihood or impact of the risk event (continued)

    Use the following IT functions to guide your selection of risk mitigation actions:

    Process Improvement

    Key processes that would most directly improve the risk profile:

    • Change Management
    • Project Management
    • Vendor Management
    Infrastructure Management
    • Disaster Recovery Plan/Business Continuity Plan
    • Redundancy and Resilience
    • Preventative Maintenance
    • Physical Environment Security
    Personnel
    • Greater staff depth in key areas
    • Increased discipline around documentation
    • Knowledge Management
    • Training
    Rationalization and Simplification

    This is a foundational activity, as complexity is a major source of risk:

    • Application Rationalization – reducing the number of applications
    • Data Management – reducing the volume and locations of data

    Transfer risks to a third party

    Risk transfer: the exchange of uncertain future costs for fixed present costs.

    Insurance

    The most common form of risk transfer is the purchase of insurance.

    • The uncertain future cost of an IT risk event can be transferred to an insurance company who assumes the risk in exchange for insurance premiums.
    • The most common form of IT-relevant insurance is cyberinsurance.

    Not all risks can be insured. Insurable risks typically possess the following five characteristics:

    1. The loss must be accidental (the risk event cannot be insured if it could have been avoided by taking reasonable actions).
    2. The insured cannot profit from the occurrence of the risk event.
    3. The loss must be able to be measured in monetary terms.
    4. The organization must have an insurable interest (it must be the party that incurs the loss).
    5. An insurance company must offer insurance against that risk.
    Other Forms of Risk Transfer

    Other forms of risk transfer include:

    • Self-insurance
      • Appropriate funds can be set aside in advance to address the financial impact of a risk event should it occur.
    • Warranties
    • Contractual transfer
      • The financial impact of a risk event can be transferred to a third party through clauses agreed to in a contract.
      • For example, a vendor can be contractually obligated to assume all costs resulting from failing to secure the organization’s data.
    • Example email addressing fields of an IT Risk Transfer to an insurance company.

    Accept risks that fall below established thresholds

    Risk Acceptance

    Accepting a risk means tolerating the expected cost of a risk event. It is a conscious and deliberate decision to retain the threat.

    You may choose to accept a risk event for one of the following three reasons:

    1. The risk severity (expected cost) of the risk event falls below acceptability thresholds and does not justify an investment in a risk avoidance, mitigation, or transfer measure.
    2. The risk severity (expected cost) exceeds acceptability thresholds but all effective risk avoidance, mitigation, and transfer measures are ineffective or prohibitively expensive.
    3. The risk severity (expected cost) exceeds acceptability thresholds but there are no feasible risk avoidance, mitigation, and transfer measures to be implemented.

    Info-Tech Insight

    Constant monitoring and the assignment of responsibility and accountability for accepted risk events is crucial for effective management of these risks. No IT risk should be accepted without detailed documentation outlining the reasoning behind that decision and evidence of approval by senior management.

    3.1.4 Risk response cost-benefit analysis (optional)

    The purpose of a cost-benefit analysis (CBA) is to guide financial decision making.

    This helps IT make risk-conscious investment decisions that fall within the IT budget and helps the organization make sound budgetary decisions for risk response projects that cannot be addressed by IT’s existing budget.

    Instructions:
    1. Reopen the Risk Costing Tool. For each risk that you conducted an expected cost assessment in section 2.2 for, find the Excel sheet that corresponds to the risk number (e.g. R001).
    2. Identify between one and four risk response options for the risk event and document them in the Risk Costing Tool.
      • The “Risk Response 1” field will be automatically populated with expected cost data for a scenario where no action was taken (risk acceptance). This will serve as a baseline for comparing alternative responses.
      • For the following steps, go through the risk responses one by one.
    3. Estimate the first-year cost for the risk response.
      • This cost should reflect initial capital expenditures and first-year operating expenditures.
    Screenshot of the Risk Response cost-benefit-analysis from the Risk Costing Tool with 'Capital Expenditures' and 'Operating Expenditures' highlighted.

    Record the results in the Risk Costing Tool.

    3.1.4 Risk response cost-benefit analysis (continued)

    The purpose of a cost-benefit analysis (CBA) is to guide financial decision making.

    Instructions:

    1. Estimate residual risk likelihood and financial impact for Year 1 with the risk response in place.
      • Rather than estimating the likelihood level (low, medium, high), determine a precise likelihood value of the risk event occurring once the response has been implemented.
      • Estimate the dollar value of financial impacts if the risk event were to occur with the risk response in place.
      • Screenshot of the Risk Response cost-benefit-analysis from the Risk Costing Tool with figured for 'Financial Impact' and 'Probability' highlighted. The tool will calculate the expected residual cost of the risk event: (Financial Impact x Likelihood) - Costs = Expected Residual Cost
    2. Select the highest value risk response and document it in the Risk Register Tool.
    3. Document your analysis and recommendations in the Risk Event Action Plan.

    Note: See Activity 3.1.5 to build multi-year cost projections for risk responses.

    3.1.5 Create multi-year cost projections (optional)

    Select between risk response options by projecting their costs and benefits over multiple years.

    • It can be difficult to choose between risk response options that require different payment schedules. A risk response project with costs spread out over more than one year (e.g. incremental upgrades to an IT system) may be more advantageous than a project with costs concentrated up front that may cost less in the long run (e.g. replacing the system).
    • However, the impact that risk response projects have on reducing risk severity is not necessarily static. For example, an expensive project like replacing a system may drastically reduce the risk severity of a system failure. Whereas, incremental system upgrades may only marginally reduce risk severity in the short term but reach similar levels as a full system replacement in a few years.
    Instructions:

    Calculate expected cost for multiple years using the Risk Costing Tool for:

    • Risk events that are subject to change in severity over time.
    • Risk responses that reduce the severity of the risk gradually.
    • Risk responses that cannot be implemented immediately.

    Copy and paste the graphs into the Risk Report and the Risk Event Action Plan for the risk event.

    Sample charts on the cost of risk responses from the Risk Costing Tool.

    Record the results in the Risk Costing Tool.

    Step 3.2

    Report IT Risk Priorities

    Activities
    • 3.2.1 Obtain executive approval for risk action plans
    • 3.2.2 Socialize the Risk Report
    • 3.2.3 Transfer ownership of risk responses to project managers
    • 3.2.4 Finalize the Risk Management Program Manual

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team

    Outcomes of this step

    • Obtained approval for risk action plans
    • Communicated IT’s risk recommendations to senior leadership
    • Embedded risk management into day-to-day IT operations

    Monitor, Respond, and Report on IT Risk

    Step 3.1 Step 3.2

    Effectively deliver IT risk expertise to the business

    Communicate IT risk management in two directions:

    1. Up to senior leadership (and ERM if applicable)
    2. Down to IT employees (embedding risk awareness)
    3. Visualization of communicating Up to 'Senior Leadership' and Down to 'IT Personnel'.

    Create a strong paper trail and obtain sign-off for the ITRC’s recommendations.

    Now that you have collected all of the necessary raw data, you must communicate your insights and recommendations effectively.

    A fundamental task of risk management is communicating risk information to senior management. It is your responsibility to enable them to make informed risk decisions. This can be considered upward communication.

    The two primary goals of upward communication are:

    1. Transferring accountability for high-priority IT risks to the ERM or to senior leadership.
    2. Obtaining funds for risk response projects recommended by the ITRC.

    Good risk management also has a trickle-down effect impacting all of IT. This can be considered downward communication.

    The two primary goals of downward communication are:

    1. Fostering a risk-aware IT culture.
    2. Ensuring that the IT risk management program maintains momentum and runs effectively.

    3.2.1 Obtain executive approval for risk action plans

    Best Practices and Key Benefits

    Best practice is for all acceptable risks to also be signed-off by senior leadership. However, for ITRCs that brainstorm 100+ risks, this may not be possible. If this is the case, prioritize accepted risks that were assessed to be closest to the organization’s thresholds.

    By receiving a stamp of approval for each key risk from senior management, you ensure that:

    1. The organization is aware of important IT risks that may impact business objectives.
    2. The organization supports the risk assessment conducted by the ITRC.
    3. The organization supports the plan of action and monitoring responsibilities proposed by the ITRC.
    4. If a risk event were to occur, the organization holds ultimate accountability.
    Sample of the Risk Event Action Plan template.

    Task:
    All IT risks that were flagged for exceeding the organization’s severity thresholds must obtain sign-off by the CIO or another member of the senior leadership team.

    • In the assessment phase, you evaluated risks using severity thresholds approved by the business and determined whether or not they justified a risk response.
    • Whether your recommendation was to accept the risk or to analyze possible risk responses, the business should be made aware of most IT risks.

    3.2.2 Socialize the risk report

    Create a succinct, impactful document that summarizes the outcomes of risk assessment and highlights the IT risk council’s top recommendations to the senior leadership team.

    The Risk Report contains:
    • An executive summary page highlighting the main takeaways for senior management:
      • A short summary of results from the most recent risk assessment
      • Dashboard
      • A list of top 10 risks ordered from most severe to least
    • Subsequent individual risk analyses (1 to 10)
      • Detailed risk assessment data
      • Risk responses
      • Risk response analysis
      • Multi-year cost projection (see the following slide)
      • Dashboard
      • Recommendations
    Sample of the Risk Report template.

    Risk Report

    Pursue projects that reduce the likelihood or impact of the risk event

    Encourage risk awareness to extend the benefits of risk management to every aspect of IT.

    Benefits of risk awareness:

    • More preventative and proactive approaches to IT projects are discussed and considered.
    • Changes to the IT threat landscape are more likely to be detected, communicated, and acted upon.
    • IT possesses a realistic perception of its ability to perform functions and provide services.
    • Contingency plans are put in place to hedge against risk events.
    • Fewer IT risks go unidentified.
    • CIOs and business executives make better risk decisions.

    Consequences of low risk awareness:

    • False confidence about the number of IT risks impacting the organization and their severity.
    • Risk-relevant information is not communicated to the ITRC, which may result in inaccurate risk assessments.
    • Confusion surrounding whose responsibility it is to consider how risk impacts IT decision making.
    • Uncertainty and panic when unanticipated risks impact the IT department and the organization.

    Embedding risk management in the IT department is a full-time job

    Take concrete steps to increase risk-aware decision making in IT.

    The IT risk council plays an instrumental role in fostering a culture of risk awareness throughout the IT department. In addition to periodic risk assessments, fulfilling reporting requirements, and undertaking ongoing monitoring responsibilities, members of the ITRC can take a number of actions to encourage other IT employees to adopt a risk-focused approach, particularly at the project planning stage.

    Embed risk management in project planning

    Make time for discussing project risks at every project kick-off.
    • A main benefit of including senior personnel from across IT in the ITRC is that they are able to disseminate the IT risk council’s findings to their respective practices.
    • At project kick-off meetings, schedule time to identify and assess project-specific risks.
    • Encourage the project team to identify strategies to reduce the likelihood and impact of those risks and document these in the project charter.
    • Lead by example by being clear and open about what constitutes acceptable and unacceptable risks.

    Embed risk management with employee

    Train IT staff on the ITRC’s planned responses to specific risk events.
    • If a response to a particular risk event is not to implement a project but rather to institute new policies or procedures, ensure that changes are communicated to employees and that they receive training.
    Provide risk management education opportunities.
    • Remember that a more risk-aware IT employee provides more value to the organization.
    • Invest in your employees by encouraging them to pursue education opportunities like receiving risk management accreditation or providing them with educational experiences such as workshops, seminars, and eLearning.

    Embedding risk management in the IT department is a full-time job (continued)

    Encourage risk awareness by adjusting performance metrics and job titles.

    Performance metrics:

    Depending on the size of your IT department and the amount of resources dedicated to ongoing risk management, you may consider embedding risk management responsibilities into the performance assessments of certain ITRC members or other IT personnel.

    • Personalize the risk management program metrics you have documented in your Risk Management Program Manual.
    • Evidence that KPIs are monitored and frequently reported is also a good indicator that risk owners are fulfilling their risk management responsibilities.
    • Info-Tech Insight

      If risk management responsibilities are not built into performance assessments, it is less likely that they will invest time and energy into these tasks. Adding risk management metrics to performance assessments directly links good job performance with good risk management, making it more likely that ITRC activities and initiatives gain traction throughout the IT department.

    Job descriptions:

    Changing job titles to reflect the focus of an individual’s role on managing IT risk may be a good way to distinguish personnel tasked with developing KRIs and monitoring risks on a week-to-week basis.

    • Some examples include IT Risk Officer, IT Risk Manager, and IT Risk Analyst.

    3.2.3 Transfer ownership of risk responses to project managers

    Once risk responses have obtained approval and funding, it is time to transform them into fully-fledged projects.

    Image of a hand giving a key to another hand and a circle split into quadrants of Governance with 'Governance of Risks' being put into 'Governance of Projects'.

    3.2.4 Finalize the Risk Management Program Manual

    Go back through the Risk Management Program Manual and ensure that the material will accurately reflect your approach to risk management going forward.

    Remember, the program manual is a living document that should be evolving alongside your risk management program, reflecting best practices, knowledge, and experiences accrued from your own assessments and experienced risk events.

    The best way to ensure that the program manual continues to guide and document your risk management program is to make it the focal point of every ITRC meeting and ensure that one participant is tasked with making necessary adjustments and additions.

    Sample of the Risk Management Program Manual. Risk Management Program Manual

    “Upon completing the Info-Tech workshop, the deliverables that we were left with were really outstanding. We put together a 3-year project plan from a high level, outlining projects that will touch upon our high risk areas.” (Director of Security & Risk, Water Management Company)

    Don’t allow your risk management program to flatline

    54% of small businesses haven’t implemented controls to respond to the threat of cyber attacks (Source: Insurance Bureau of Canada, 2021)

    Don’t be lulled into a false sense of security. It might be your greatest risk.

    So you’ve identified the most important IT risks and implemented projects to protect IT and the business.

    Unfortunately, your risk assessment is already outdated.

    Perform regular health checks to keep your finger on the pulse of the key risks threatening the business and your reputation.

    To continue the momentum of your newly forged IT risk management program, read Info-Tech’s research on conducting periodic risk assessments and “health checks”:

    Revive Your Risk Management Program With a Regular Health Check

    • Complete Info-Tech’s Risk Management Health Check to seize the momentum you created by building a robust IT risk management program and create a process for conducting periodic health checks and embedding ongoing risk management into every aspect of IT.
    • Our focus is on using data to make IT risk assessment less like an art and more like a science. Ongoing data-driven risk management is self-improving and grounded in historical data.

    Appendix I: Familiarize yourself with key risk terminology

    Review important risk management terms and definitions.

    Risk

    An uncertain event or set of events which, should it occur, will have an effect on the achievement of objectives. A risk consists of a combination of the likelihood of a perceived threat or opportunity occurring and the magnitude of its impact on objectives (Office of Government Commerce, 2007).

    Threat

    An event that can create a negative outcome (e.g. hostile cyber/physical attacks, human errors).

    Vulnerability

    A weakness that can be taken advantage of in a system (e.g. weakness in hardware, software, business processes).

    Risk Management

    The systematic application of principles, approaches, and processes to the tasks of identifying and assessing risks, and then planning and implementing risk responses. This provides a disciplined environment for proactive decision making (Office of Government Commerce, 2007).

    Risk Category

    Distinct from a risk event, a category is an abstract profile of risk. It represents a common group of risks. For example, you can group certain types of risks under the risk category of IT Operations Risks.

    Risk Event

    A specific occurrence of an event that falls under a particular risk category. For example, a phishing attack is a risk event that falls under the risk category of IT Security Risks.

    Risk Appetite

    An organization’s attitude towards risk taking, which determines the amount of risk that it considers acceptable. Risk appetite also refers to an organization’s willingness to take on certain levels of exposure to risk, which is influenced by the organization’s capacity to financially bear risk.

    Enterprise Risk Management

    (ERM) – A strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of organizational risks and managing the combined impact of those risks as an interrelated risk portfolio (RIMS, 2015).

    Appendix II: Likelihood vs. Frequency

    Why we measure likelihood, not frequency:

    The basic formula of Likelihood x Impact = Severity is a common methodology used across risk management frameworks. However, some frameworks measure likelihood using Frequency rather than Likelihood.

    Frequency is typically measured as the number of instances an event occurs over a given period of time (e.g. once per month).

    • For risk assessment, historical data regarding the frequency of a risk event is commonly used to indicate the likelihood that the event will happen in the future.

    Likelihood is a numerical representation of the “degree of belief” that the risk event will occur in a given future timeframe (e.g. 25% likelihood that the event will occur within the next year).

    False Objectivity

    While some may argue that frequency provides an objective measurement of likelihood, it is well understood in the field of likelihood theory that historical data regarding the frequency of a risk event may have little bearing over the likelihood of that event happening in the future. Frequency is often an indication of future likelihood but should not be considered an objective measurement of it.

    Likelihood scales that use frequency underestimate the magnitude of risks that lack historical precedent. For example, an IT department that has never experienced a high-impact data breach would adopt a very low likelihood score using the frequentist approach. However, if all of the organization’s major competitors have suffered a major breach within the last two years, they ought to possess a much higher degree of belief that the risk event will occur within the next year.

    Likelihood is a more comprehensive measurement of future likelihood, as frequency can be used to inform the selection of a likelihood value. The process of selecting intersubjective likelihood values will naturally internalize historical data such as the frequency that the event occurred in the past. Further, the frequency that the event is expected to occur in the future can be captured by the expected impact value. For example, a risk event that has an expected impact per occurrence of $10,000 that is expected to occur three times over the next year has an expected impact of $30,000.

    Appendix III: Should max impacts sway decision making?

    Don’t just fixate on the most likely impact – be aware of high-impact outcomes.

    During assessment, risks are evaluated according to their most likely financial impact.

    • For example, a service outage will likely last for two hours and may have an expected cost of $14,000.

    Naturally, focusing on the most likely financial impact will exclude higher impacts that – while theoretically possible – are so unlikely that they do not warrant any real consideration.

    • For example, it is possible that a service outage could last for days; however, the likelihood for such an event may be well below 1%.

    While the risk severity level assessment allows you to present impacts as a range of values (e.g. $50,000 to $75,000), the expected cost assessment requires you to select specific values.

    • However, this analysis may fail to consider much higher potential impacts that have non-negligible likelihood values (likelihood values that you cannot ignore).
    • What you consider “non-negligible” will depend on your organizational risk tolerance/appetite.

    Sometimes called Black Swan events or Fat-Tailed outcomes, high-impact events may occur when the far right of the likelihood distribution – or the “tail” – is thicker than a normal distribution (see fig. 2).

    • A good example is a data breach. While small to medium impacts are far more likely to occur than a devastating intrusion, the high-impact scenario cannot be ignored completely.

    For risk events that contain non-negligible likelihoods (too high to be ignored) consider elevating the risk severity level or expected cost.

    Figure 1 is a graph presenting a 'Normal Likelihood Distribution', the axes being 'Likelihood' and 'Financial Impact'.
    Figure 2 is a graph presenting a 'Fat-Tailed Likelihood Distribution' with a point at the top of the parabola labelled 'Most Likely Impact' but with a much wider bottom labelled 'Fat-Tailed Outcomes', the axes being 'Likelihood' and 'Financial Impact'.

    Leverage Info-Tech’s research on security and compliance risk to identify additional risk events

    Title card of the Info-tech blueprint 'Take Control of Compliance Improvement to Conquer Every Audit' with subtitle 'Don't gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor.


    Take Control of Compliance Improvement to Conquer Every Audit

    Info-Tech Insight

    Don’t gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor.

    Take an agile approach to analyze your gaps and prioritize your remediations. You don’t always have to be fully compliant as long as your organization understands and can live with the consequences.

    Stock photo of a woman sitting at a computer surrounded by rows of computers.


    Develop and Implement a Security Risk Management Program

    Info-Tech Insight

    Security risk management equals cost effectiveness.

    Time spent upfront identifying and prioritizing risks can mean the difference between spending too much and staying on budget.

    Research Contributors and Experts

    Sandi Conrad
    Principal Research Director
    Info-Tech Research Group

    Christine Coz
    Executive Counsellor
    Info-Tech Research Group

    Milena Litoiu
    Principal Research Director
    Info-Tech Research Group

    Scott Magerfleisch
    Executive Advisor
    Info-Tech Research Group

    Aadil Nanji
    Research Director
    Info-Tech Research Group

    Andy Neill
    Associate Vice-President of Research
    Info-Tech Research Group

    Daisha Pennie
    IT Risk Management
    Oklahoma State University

    Ken Piddington
    CIO and Executive Advisor
    MRE Consulting

    Frank Sewell
    Research Director
    Info-Tech Research Group

    Andrew Sharpe
    Research Director
    Info-Tech Research Group

    Chris Warner
    Consulting Director- Security
    Info-Tech Research Group

    Sterling Bjorndahl
    Director of IT Operations
    eHealth Saskatchewan

    Research Contributors and Experts

    Ibrahim Abdel-Kader
    Research Analyst
    Info-Tech Research Group

    Tamara Dwarika
    Internal Auditor
    A leading North American Utility

    Anne Leroux
    Director
    ES Computer Training

    Ian Mulholland
    Research Director
    Info-Tech Research Group

    Michel Fossé
    Consulting Services Manager
    IBM Canada (LGS)

    Petar Hristov
    Research Director
    Info-Tech Research Group

    Steve Woodward
    Research Director
    CEO, Cloud Perspectives

    *Plus 10 additional interviewees who wish to remain anonymous.

    Bibliography

    “2021 State of the CIO.” IDG, 28 January 2021. Web.

    “4 Reasons Why CIOs Lose Their Jobs.” Silverton Consulting, 2012. Web.

    Beasley, Mark, Bruce Branson, and Bonnie Hancock. “The State of Risk Oversight,” AICPA, April 2021. Web.

    COBIT 2019. ISACA, 2019. Web.

    “Cognyte jeopardized its database exposing 5 billion records, including earlier data breaches.” SecureBlink, 21 June 2021. Web.

    Culp, Steve. “Accenture 2019 Global Risk Management Study, Financial Services Report.” Accenture, 2019. Web.

    Curtis, Patchin, and Mark Carey. “Risk Assessment in Practice.” COSO Committee of Sponsoring Organizations of the Treadway Commission, Deloitte & Touche LLP, 2012. Web.

    “Cyber Risk Management.” Insurance Bureau of Canada (IBC), 2022. Web.

    Eccles, Robert G., Scott C. Newquist, and Roland Schatz. “Reputation and Its Risks.” Harvard Business Review, February 2007. Web.

    Eden, C. and F. Ackermann. Making Strategy: The Journey of Strategic Management. Sage Publications, 1998.

    “Enterprise Risk Management Maturity Model.” OECD, 9 February 2021. Web.

    Ganguly, Saptarshi, Holger Harreis, Ben Margolis, and Kayvaun Rowshankish. “Digital Risks: Transforming risk management for the 2020s.” McKinsey & Company, 10 February 2017. Web.

    “Governance Institute of Australia Risk Management Survey 2020.” Governance Institute of Australia, 2020. Web.

    “Guidance on Enterprise Risk Management.” COSO, 2022. Web.

    Henriquez, Maria. “The Top 10 Data Breaches of 2021” Security Magazine, 9 December 2021. Web.

    Holmes, Aaron. “533 million Facebook users’ phone numbers and personal data have been leaked online.” Business Insider, 3 April 2021. Web.

    Bibliography

    “Integrated Risk and Compliance Management for Banks and Financial Services Organizations: Benefits of a Holistic Approach.” MetricStream, 2022. Web.

    “ISACA’s Risk IT Framework Offers a Structured Methodology for Enterprises to Manage Information and Technology Risk.” ISACA, 25 June 2020. Web.

    ISO 31000 Risk Management. ISO, 2018. Web.

    Lawton, George. “10 Enterprise Risk Management Trends in 2022.” TechTarget, 2 February 2022. Web.

    Levenson, Michael. “MGM Resorts Says Data Breach Exposed Some Guests’ Personal Information.” The New York Times, 19 February 2020. Web.

    Management of Risk (M_o_R): Guidance for Practitioners. Office of Government Commerce, 2007. Web.

    “Many small businesses vulnerable to cyber attacks.” Insurance Bureau of Canada (IBC), 5 October 2021.

    Maxwell, Phil. “Why risk-informed decision-making matters.” EY, 3 December 2019. Web.

    “Measuring and Mitigating Reputational Risk.” Marsh, September 2014. Web.

    Natarajan, Aarthi. “The Top 6 Business Risks you should Prepare for in 2022.” Diligent, 22 December 2021. Web.

    “Operational Risk Management Excellence – Get to Strong Survey: Executive Report.” KMPG and RMA, 2014. Web.

    “Third-party risk is becoming a first priority challenge.” Deloitte, 2022. Web.

    Thomas, Adam, and Dan Kinsella. “Extended Enterprise Risk Management Survey, 2020.” Deloitte, 2021. Web.

    Treasury Board Secretariat. “Guide to Integrated Risk Management.” Government of Canada, 12 May 2016. Web.

    Webb, Rebecca. “6 Reasons Data is Key for Risk Management.” ClearRisk, 13 January 2021. Web.

    “What is Enterprise Risk Management (ERM)?” RIMS, 2015. Web.

    Wiggins, Perry. “Do you spend enough time assessing strategic risks?” CFO, 26 January 2022. Web.

    Drive Successful Sourcing Outcomes With a Robust RFP Process

    • Buy Link or Shortcode: {j2store}216|cart{/j2store}
    • member rating overall impact (scale of 10): 9.4/10 Overall Impact
    • member rating average dollars saved: $25,860 Average $ Saved
    • member rating average days saved: 14 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Most IT organizations do not have standard RFP templates and tools.
    • Many RFPs lack sufficient requirements.
    • Most RFP team members are not adequately trained on RFP best practices.
    • Most IT departments underestimate the amount of time that is required to perform an effective RFP.

    Our Advice

    Critical Insight

    • Vendors generally do not like RFPs
      Vendors view RFPs as time consuming and costly to respond to and believe that the decision is already made.
    • Dont ignore the benefits of an RFI
      An RFI is too often overlooked as a tool for collecting information from vendors about their product offerings and services.
    • Leverage a pre-proposal conference to maintain an equal and level playing field
      Pre-proposal conference is a convenient and effective way to respond to vendors’ questions ensuring all vendors have the same information to provide a quality response.

    Impact and Result

    • A bad or incomplete RFP results in confusing and incomplete vendor RFP responses which consume time and resources.
    • Incomplete or misunderstood requirements add cost to your project due to the change orders required to complete the project.

    Drive Successful Sourcing Outcomes With a Robust RFP Process Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Storyboard – Leverage your vendor sourcing process to get better results

    Discover a proven process for your RFPs. Review Info-Tech’s process and understand how you can prevent your organization from leaking negotiation leverage while preventing vendors from taking control of your RFP. Our 7-phase process prevents a bad RFP from taking your time, money, and resources.

    • Drive Successful Sourcing Outcomes With a Robust RFP Process Storyboard

    2. Define your RFP Requirements Tool – A convenient tool to gather your requirements and align them to your negotiation strategy.

    Use this tool to assist you and your team in documenting the requirements for your RFP. Use the results of this tool to populate the requirements section of your RFP.

    • RFP Requirements Worksheet

    3. RFP Development Suite of Tools – Use Info-Tech’s RFP, pricing, and vendor response tools and templates to increase your efficiency in your RFP process.

    Configure this time-saving suite of tools to your organizational culture, needs, and most importantly the desired outcome of your RFP initiative. This suite contains four unique RFP templates. Evaluate which template is appropriate for your RFP. Also included in this suite are a response evaluation guidebook and several evaluation scoring tools along with a template to report the RFP results to stakeholders.

    • RFP Calendar and Key Date Tool
    • Vendor Pricing Tool
    • Lean RFP Template
    • Short-Form RFP Template
    • Long-Form RFP Template
    • Excel Form RFP Tool
    • RFP Evaluation Guidebook
    • RFP Evaluation Tool
    • Vendor TCO Tool
    • Consolidated Vendor RFP Response Evaluation Summary
    • Vendor Recommendation Presentation

    Infographic

    Workshop: Drive Successful Sourcing Outcomes With a Robust RFP Process

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Foundation for Creating Requirements

    The Purpose

    Problem Identification

    Key Benefits Achieved

    Current process mapped and requirements template configured

    Activities

    1.1 Overview and level-setting

    1.2 Identify needs and drivers

    1.3 Define and prioritize requirements

    1.4 Gain business authorization and ensure internal alignment

    Outputs

    Map Your Process With Gap Identification

    Requirements Template

    Map Your Process With Gap Identification

    Requirements Template

    Map Your Process With Gap Identification

    Requirements Template

    Map Your Process With Gap Identification

    Requirements Template

    2 Creating a Sourcing Process

    The Purpose

    Define Success Target

    Key Benefits Achieved

    Baseline RFP and evaluation templates

    Activities

    2.1 Create and issue RFP

    2.2 Evaluate responses/proposals and negotiate the agreement

    2.3 Purchase goods and services

    Outputs

    RFP Calendar Tool

    RFP Evaluation Guidebook

    RFP Respondent Evaluation Tool

    3 Configure Templates

    The Purpose

    Configure Templates

    Key Benefits Achieved

    Configured Templates

    Activities

    3.1 Assess and measure

    3.2 Review templates

    Outputs

    Long-Form RFP Template

    Short-Form RFP Template

    Excel-Based RFP Template

    Further reading

    Drive Successful Sourcing Outcomes With a Robust RFP Process

    Leverage your vendor sourcing process to get better results.

    EXECUTIVE BRIEF

    Drive Successful Sourcing Outcomes with a Robust RFP Process

    Lack of RFP Process Causes...
    • Stress
    • Confusion
    • Frustration
    • Directionless
    • Exhaustion
    • Uncertainty
    • Disappointment
    Solution: RFP Process
    Steps in an RFP Process, 'Identify Need', 'Define Business Requirements', 'Gain Business Authorization', 'Perform RFI/RFP', 'Negotiate Agreement', 'Purchase Good and Services', and 'Assess and Measure Performance'.
    • Best value solutions
    • Right-sized solutions
    • Competitive Negotiations
    • Better requirements that feed negotiations
    • Internal alignment on requirements and solutions
    • Vendor Management Governance Plan
    Requirements
    • Risk
    • Legal
    • Support
    • Security
    • Technical
    • Commercial
    • Operational
    • Vendor Management Governance
    Templates, Tools, Governance
    • RFP Template
    • Your Contracts
    • RFP Procedures
    • Pricing Template
    • Evaluation Guide
    • Evaluation Matrix
    Vendor Management
    • Scorecards
    • Classification
    • Business Review Meetings
    • Key Performance Indicators
    • Contract Management
    • Satisfaction Survey

    Analyst Perspective

    Consequences of a bad RFP

    Photo of Steven Jeffery, Principal Research Director, Vendor Management, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group

    “A bad request for proposal (RFP) is the gift that keeps on taking – your time, your resources, your energy, and your ability to accomplish your goal. A bad RFP is ineffective and incomplete, it creates more questions than it answers, and, perhaps most importantly, it does not meet your organization’s expectations.”

    Steven Jeffery
    Principal Research Director, Vendor Management
    Co-Author: The Art of Creating a Quality RFP
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Most IT organizations are absent of standard RFP templates, tools, and processes.
    • Many RFPs lack sufficient requirements from across the business (Legal, Finance, Security, Risk, Procurement, VMO).
    • Most RFP team members are not adequately trained on RFP best practices.
    • Most IT departments underestimate the amount of time required to perform an effective RFP.
    • An ad hoc sourcing process is a common recipe for vendor performance failure.

    Common Obstacles

    • Lack of time
    • Lack of resources
    • Right team members not engaged
    • Poorly defined requirements
    • Too difficult to change supplier
    • Lack of a process
    • Lack of adequate tools/processes
    • Lack of a vendor communications plan that includes all business stakeholders.
    • Lack of consensus as to what the ideal result should look like.

    Info-Tech’s Approach

    • Establish a repeatable, consistent RFP process that maintains negotiation leverage and includes all key components.
    • Create reusable templates to expedite the RFP evaluation and selection process.
    • Maximize the competition by creating an equal and level playing field that encourages all the vendors to respond to your RFP.
    • Create a process that is clear and understandable for both the business unit and the vendor to follow.
    • Include Vendor Management concepts in the process.

    Info-Tech Insight

    A well planned and executed sourcing strategy that focuses on solid requirements, evaluation criteria, and vendor management will improve vendor performance.

    Executive Summary

    Your Challenge

    Your challenge is to determine the best sourcing tool to obtain vendor information on capabilities, solution(s), pricing and contracting: RFI, RFP, eRFX.

    Depending on your organization’s knowledge of the market, your available funding, and where you are in the sourcing process, there are several approaches to getting the information you need.

    An additional challenge is to answer the question “What is the purpose of our RFX?”

    If you do not have in-depth knowledge of the market, available solutions, and viable vendors, you may want to perform an RFI to provide available market information to guide your RFP strategy.

    If you have defined requirements, approved funding, and enough time, you can issue a detailed, concise RFP.

    If you have “the basics” about the solution to be acquired and are on a tight timeframe, an “enhanced RFI” may fit your needs.

    This blueprint will provide you with the tools and processes and insights to affect the best possible outcome.

    Executive Summary

    Common Obstacles

    • Lack of process/tools
    • Lack of input from stakeholders
    • Stakeholders circumventing the process to vendors
    • Vendors circumventing the process to key stakeholders
    • Lack of clear, concise, and thoroughly articulated requirements
    • Waiting until the vendor is selected to start contract negotiations
    • Waiting until the RFP responses are back to consider vendor management requirements
    • Lack of clear communication strategy to the vendor community that the team adheres to

    Many organizations underestimate the time commitment for an RFP

    70 Days is the average duration of an IT RFP.

    The average number of evaluators is 5-6

    4 Is the average number of vendor submissions, each requiring an average of two to three hours to review. (Source: Bonfire, 2019. Note: The 2019 Bonfire report on the “State of the RFP” is the most recent published.)

    “IT RFPs take the longest from posting to award and have the most evaluators. This may be because IT is regarded as a complex subject requiring complex evaluation. Certainly, of all categories, IT offers the most alternative solutions. The technology is also changing rapidly, as are the requirements of IT users – the half-life of an IT requirement is less than six months (half the requirements specified now will be invalid six months from now). And when the RFP process takes up two of those months, vendors may be unable to meet changed requirements when the time to implement arrives. This is why IT RFPs should specify the problem to be resolved rather than the solution to be provided. If the problem resolution is the goal, vendors are free to implement the latest technologies to meet that need.” (Bonfire, “2019 State of the RFP”)

    Why Vendors Don’t Like RFPs

    Vendors’ win rate

    44%

    Vendors only win an average of 44% of the RFPs they respond to (Loopio, 2022).
    High cost to respond

    3-5%

    Vendors budget 3-5% of the anticipated contract value to respond (LinkedIn, 2017, Note: LinkedIn source is the latest information available).
    Time spent writing response

    23.8 hours

    Vendors spend on average 23.8 hours to write or respond to your RFP (Marketingprofs, 2021).

    Negative effects on your organization from a lack of RFP process

    Visualization titled 'Lack of RFP Process Causes' with the following seven items listed.

    Stress, because roles and responsibilities aren’t clearly defined and communication is haphazard, resulting in strained relationships.

    Confusion, because you don’t know what the expected or desired results are.

    Directionless, because you don’t know where the team is going.

    Uncertainty, with many questions of your own and many more from other team members.

    Frustration, because of all the questions the vendors ask as a result of unclear or incomplete requirements.

    Exhaustion, because reviewing RFP responses of insufficient quality is tedious.

    Disappointment in the results your company realizes.

    (Source: The Art of Creating a Quality RFP)

    Info-Tech’s approach

    Develop an inclusive and thorough approach to the RFP Process

    Steps in an RFP Process, 'Identify Need', 'Define Business Requirements', 'Gain Business Authorization', 'Perform RFI/RFP', 'Negotiate Agreement', 'Purchase Good and Services', and 'Assess and Measure Performance'.

    The Info-Tech difference:

    1. The secret to managing an RFP is to make it as manageable and as thorough as possible. The RFP process should be like any other aspect of business – by developing a standard process. With a process in place, you are better able to handle whatever comes your way, because you know the steps you need to follow to produce a top-notch RFP.
    2. The business then identifies the need for more information about a product/service or determines that a purchase is required.
    3. A team of stakeholders from each area impacted gather all business, technical, legal, and risk requirements. What are the expectations of the vendor relationship post-RFP? How will the vendors be evaluated?
    4. Based on the predetermined requirements, either an RFI or an RFP is issued to vendors with a predetermined due date.

    Insight Summary

    Overarching insight

    Without a well defined, consistent RFP process, with input from all key stakeholders, the organization will not achieve the best possible results from its sourcing efforts.

    Phase 1 insight

    Vendors are choosing to not respond to RFPs due to their length and lack of complete requirements.

    Phase 2 insight

    Be clear and concise in stating your requirements and include, in addition to IT requirements, procurement, security, legal, and risk requirements.

    Phase 3 insight

    Consider adding vendor management requirements to manage the ongoing relationship post contract.

    Tactical insight

    Consider the RFP Evaluation Process as you draft the RFP, including weighting the RFP components. Don’t underestimate the level of effort required to effectively evaluate responses – write the RFP with this in mind.

    Tactical insight

    Provide strict, prescriptive instructions detailing how the vendor should submit their responses. Controlling vendor responses will increase your team’s efficiency in evaluations while providing ease of reference responses across multiple vendors.

    Key deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverables:

    Info-Tech provides you with the tools you need to go to market in the most efficient manner possible, with guidance on how to achieve your goals.

    Sample of

    Long-Form RFP Template
    For when you have complete requirements and time to develop a thorough RFP.
    Sample of the Long-Form RFP Template deliverable. Short-Form RFP Template
    When the requirements are not as extensive, time is short, and you are familiar with the market.
    Sample of the Short-Form RFP Template deliverable.
    Lean RFP Template
    When you have limited time and some knowledge of the market and wish to include only a few vendors.
    Sample of the Lean RFP Template deliverable. Excel-Form RFP Template
    When there are many requirements, many options, multiple vendors, and a broad evaluation team.
    Sample of the Excel-Form RFP Template deliverable.

    Blueprint benefits

    IT Benefits
    • Side-by-side comparison of vendor capabilities
    • Pricing alternatives
    • No surprises
    • Competitive solutions to deliver the best results
    Mutual IT and Business Benefits
    • Reduced time to implement
    • Improved alignment between IT /Business
    • Improved vendor performance
    • Improved vendor relations
    Business Benefits
    • Budget alignment, reduced cost
    • Best value
    • Risk mitigation
    • Legal and risk protections

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is seven to twelve calls over the course of four to six months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Phase 5

    Phase 6

    Phase 7

    Call #1: Identify the need Call #3: Gain business authorization Call #5: Negotiate agreement strategy Call #7: Assess and measure performance
    Call #2: Define business requirements Call #4: Review and perform the RFX or RFP Call #6: Purchase goods and services

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Day 1 Day 2 Day 3
    Activities
    Answer “What problem do we need to solve?”

    1.1 Overview and level-setting

    1.2 Identify needs and drivers

    1.3 Define and prioritize requirements

    1.4 Gain business authorization and ensure internal alignment

    Define what success looks like?

    2.1 Create and issue RFP

    2.2 Evaluate responses/ proposals and negotiate the agreement.

    2.3 Purchase goods and services

    Configure Templates

    3.1 Assess and measure

    3.2 Review tools

    Deliverables
    1. Map your process with gap identification
    2. RFP Requirements Worksheet
    1. RFP Calendar and Key Date Tool
    2. RFP Evaluation Guidebook
    3. RFP Evaluation Tool
    1. Long-form RFP Template
    2. Short-form RFP Template
    3. Excel-based RFP Tool
    4. Lean RFP Template

    Phase 1

    Identify Need

    Steps

    1.1 Establish the need to either purchase goods/services (RFP) or acquire additional information from the market (RFI).

    Steps in an RFP Process with the first step, 'Identify Need', highlighted.

    This phase involves the following participants:

    • Business stakeholders
    • IT
    • Sourcing/Procurement
    • Finance

    Identify the need based on business requirements, changing technology, increasing vendor costs, expiring contracts, and changing regulatory requirements.

    Outcomes of this phase

    Agreement on the need to go to market to make a purchase (RFP) or to acquire additional information (RFI) along with a high-level agreement on requirements, rough schedule (is there time to do a full blown RFP or are you time constrained, which may result in an eRFP) and the RFP team is identified.

    Identify Need
    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Identify the Need for Your RFP

    • An RFP is issued to the market when you are certain that you intend to purchase a product/service and have identified an adequate vendor base from which to choose as a result of:

      • IT Strategy
      • Changes in technology
      • Marketplace assessment
      • Contract expiration/renewal
      • Changes in regulatory requirements
      • Changes in the business’ requirements
    • An RFI is issued to the market when you are uncertain as to available technologies or supplier capabilities and need budgetary costs for planning purposes.
    • Be sure to choose the right RFx tool for your situation!
    Stock photo of a pen circling the word 'needs' on a printed document.

    Phase 2

    Define Your RFP Requirements

    Steps

    2.1 Define and classify the technical, business, financial, legal, and support and security requirements for your business.

    Steps in an RFP Process with the second step, 'Define Business Requirements', highlighted.

    This phase involves the following participants:

    • IT
    • Legal
    • Finance
    • Risk management
    • Sourcing/Procurement
    • Business stakeholders

    Outcomes of this phase

    A detailed list of required business, technical, legal and procurement requirements classified as to absolute need(s), bargaining and concession need(s), and “nice to haves.”

    Define Business Requirements

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Define RFP Requirements

    Key things to consider when defining requirements

    • Must be inclusive of the needs of all stakeholders: business, technical, financial, and legal
    • Strive for clarity and completeness in each area of consideration.
    • Begin defining your “absolute,” “bargaining,” “concession,” and ‘”dropped/out of scope” requirements to streamline the evaluation process.
    • Keep the requirements identified as “absolute” to a minimum, because vendors that do not meet absolute requirements will be removed from consideration.
    • Do you have a standard contract that can be included or do you want to review the vendor’s contract?
    • Don’t forget Data Security!
    • Begin defining your vendor selection criteria.
    • What do you want the end result to look like?
    • How will you manage the selected vendor after the contract? Include key VM requirements.
    • Defining requirements can’t be rushed or you’ll find yourself answering many questions, which may create confusion.
    • Collect all your current spend and budget considerations regarding the needed product(s) and service(s).

    “Concentrate on the needs of the organization and not the wants of the individuals when creating requirements to avoid scope creep.” (Donna Glidden, ITRG Research Director)

    Leverage the “ABCD” approach found in our Prepare for Negotiations More Effectively blueprint:
    https://tymansgrpup.com/research/ss/prepare-for-negotiations-more-effectively

    2.1 Prioritize your requirements

    1 hr to several days

    Input: List of all requirements from IT and IT Security, Business, Sourcing/Procurement, Risk Management, and Legal

    Output: Prioritized list of RFP requirements approved by the stakeholder team

    Materials: The RFP Requirements Worksheet

    Participants: All stakeholders impacted by the RFP: IT, IT Security, the Business, Sourcing/ Procurement, Risk Management, Legal

    1. Use this tool to assist you and your team in documenting the requirements for your RFP. Leverage it to collect and categorize your requirements in preparation for negotiations. Use the results of this tool to populate the requirements section of your RFP.
    2. As a group, review each of the requirements and determine their priority as they will ultimately relate to the negotiations.
      • Prioritizing your requirements will set up your negotiation strategy and streamline the process.
      • By establishing the priority of each requirement upfront, you will save time and effort in the selection process.
    3. Review RFP requirements with stakeholders for approval.

    Download the RFP Requirements Worksheet

    Phase 3

    Gain Business Authorization

    Steps

    3.1 Obtain business authorization from the business, technology, finance and Sourcing/Procurement

    Steps in an RFP Process with the third step, 'Gain Business Authorization', highlighted.

    This phase involves the following participants:

    • Business stakeholders
    • Technology and finance (depending upon the business)
    • Sourcing/Procurement

    Outcomes of this phase

    Approval by all key stakeholders to proceed with the issuing of the RFP and to make a purchase as a result.

    Gain Business Authorization

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Gain Business Authorization

    Gain authorization for your RFP from all relevant stakeholders
    • Alignment of stakeholders
    • Agreement on final requirements
    • Financial authorization
    • Commitment of resources
    • Agreement on what constitutes vendor qualification
    • Finalization of selection criteria and their prioritization

    Obtaining cross-function alignment will clear the way for contract, SOW, and budget approvals and not waste any of your and your vendor’s resources in performing an RFP that your organization is not ready to implement or invest financial and human resources in.

    Stock photo of the word 'AUTHORIZED' stamped onto a white background with a much smaller stamp laying beside it.

    Phase 4

    Create and Issue

    Steps

    4.1 Build your RFP

    4.2 Decide RFI or not

    4.3 Create your RFP

    4.4 Receive & answer questions

    4.5 Perform Pre-Proposal Conference

    4.6 Evaluate responses

    Steps in an RFP Process with the fourth step, 'Perform RFI/RFP', highlighted.

    This phase involves the following participants:

    • The RFP owner
    • IT
    • Business SMEs/stakeholders

    Outcomes of this phase

    RFP package is issued to vendors and includes the date of the Pre-Proposal Conference, which should be held shortly after RFP release and includes all parties.

    SME’s/stakeholders participate in providing answers to RFP contact for response to vendors.

    Create and Issue Your RFP/RFI

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Build your RFP with evaluation in mind

    Easing evaluation frustrations

    At the beginning of your RFP creation process consider how your requirements will impact the vendor’s response. Concentrate on the instructions you provide the vendors and how you wish to receive their responses. View the RFP through the lens of the vendors and envision how they are going to respond to the proposal.

    Limiting the number of requirements included in the RFP will increase the evaluation team’s speed when reviewing vendors’ responses. This is accomplished by not asking questions for common features and functionality that all vendors provide. Don’t ask multiple questions within a question. Avoid “lifting” vendor-specific language to copy into the RFP as this will signal to vendors who their competition might be and may deter their participation. Concentrate your requirement questions to those areas that are unique to your solution to reduce the amount of time required to evaluate the vendors’ response.

    Things to Consider When Creating Your RFP:

    • Consistency is the foundation for ease of evaluation.
    • Provide templates, such as an Excel worksheet, for the vendor’s pricing submissions and for its responses to close-ended questions.
    • Give detailed instructions on how the vendor should organize their response.
    • Limit the number of open-ended questions requiring a long narrative response to must-have requirements.
    • Organize your requirements and objectives in a numerical outline and have the vendor respond in the same manner, such as the following:
      • 1
      • 1.1
      • 1.1.1

    Increase your response quality

    Inconsistent formatting of vendor responses prevents an apples-to-apples evaluation between vendor responses. Evaluation teams are frequently challenged and are unable to evaluate vendors’ responses equally against each other for the following reasons:

    Challenges
    • Vendor responses are submitted with different and confusing nomenclature
    • Inconsistent format in response
    • Disparate order of sections in the vendors responses
    • Different style of outlining their responses, e.g. 1.1 vs. I.(i)
    • Pricing proposal included throughout their response
    • Responses are comingled with marketing messages
    • Vendor answers to requirements or objectives are not consolidated in a uniform manner
    • Disparate descriptions for response subsections
    Prevention
    • Provide specific instructions as to how the vendor is to organize their response:
      • How to format and outline the response
      • No marketing material
      • No pricing in the body of the response
    • Provide templates for pricing, technical, operational, and legal aspects.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Perform Request for Information

    Don’t underestimate the importance of the RFI

    As the name implies, a request for information (RFI) is a tool for collecting information from vendors about the companies, their products, and their services. We find RFIs useful when faced with a lot of vendors that we don’t know much about, when we want to benchmark the marketplace for products and services, including budgetary information, and when we have identified more potential vendors than we care to commit a full RFP to.

    RFIs are simpler and less time-consuming than RFPs to prepare and evaluate, so it can make a lot of sense to start with an RFI. Eliminating unqualified vendors from further consideration will save your team from weeding through RFP responses that do not meet your objectives. For their part, your vendors will appreciate your efforts to determine up-front which of them are the best bets before asking them to spend resources and money producing a costly proposal.

    While many organizations rarely use RFIs, they can be an effective tool in the vendor manager’s toolbox when used at the right time in the right way. RFIs can be deployed in competitive targeted negotiations.

    A Lean RFP is a two-stage strategy that speeds up the typical RFP process. The first stage is like an RFI on steroids, and the second stage is targeted competitive negotiation.

    Don’t rely solely on the internet to qualify vendors; use an RFI to acquire additional information before finalizing an RFP.

    4.2.1 In a hurry? Consider a Lean RFP instead of an RFP

    Several days
    1. Create an RFI with all of the normal and customary components. Next, add a few additional RFP-like requirements (e.g. operational, technical, and legal requirements). Make sure you include a request for budgetary pricing and provide any significant features and functionality requirements so that the vendors have enough information to propose solutions. In addition, allow the vendors to ask questions through your single point of coordination and share answers with all of the vendors. Finally, notify the vendors that you will not be doing an RFP.
    2. Review the vendors’ proposals and evaluate their proposals against your requirements along with their notional or budgetary pricing.
    3. Have the evaluators utilize the Lean RFP Template to record their scores accordingly.
    4. After collecting the scores from the evaluators, consolidate the scores together to discuss which vendors – we recommend two or three – you want to present demos.
    5. Based on the vendors’ demos, the team selects at least two vendors to negotiate contract and pricing terms with intent of selecting the best-value vendor.
    6. The Lean RFP shortens the typical RFP process, maintains leverage for your organization, and works great with low- to medium-spend items (however your organization defines them). You’ll get clarification on vendors’ competencies and capabilities, obtain a fair market price, and meet your internal clients’ aggressive timelines while still taking steps to protect your organization.

    Download the Lean RFP Template

    Download the RFP Evaluation Tool

    4.2.1 In a hurry? Consider a Lean RFP instead of an RFP continued

    Input

    • List of technical, operational, business, and legal requirements
    • Budgetary pricing ask

    Output

    • A Lean RFP document that includes the primary components of an RFP
    • Lean RFP vendors response evaluation

    Materials

    • Lean RFP Template
    • RFP Evaluation Tool
    • Contracting requirements
    • Pricing

    Participants

    • IT
    • Business
    • Finance
    • Sourcing/Procurement

    Case Study

    A Lean RFP saves time
    INDUSTRY: Pharmaceutical
    SOURCE: Guided Implementation
    Challenge
    • The vendor manager (VM) was experiencing pressure to shorten the expected five-month duration to perform an RFP for software that planned, coordinated, and submitted regulatory documents to the US Food and Drug Administration.
    • The VM team was not completely familiar with the qualified vendors and their solutions.
    • The organization wanted to capitalize on this opportunity to enhance its current processes with the intent of improving efficiencies in documentation submissions.
    Solution
    • Leveraging the Lean RFP process, the team reduced the 200+ RFP questionnaire into a more manageable list of 34 significant questions to evaluate vendor responses.
    • The team issued the Lean RFP and requested the vendors’ responses in three weeks instead of the five weeks planned for the RFP process.
    • The team modified the scoring process to utilize a simple weighted-scoring methodology, using a scale of 1-5.
    Results
    • The Lean RFP scaled back the complexity of a large RFP.
    • The customer received three vendor responses ranging from 19 to 43 pages and 60-80% shorter than expected if the RFP had been used. This allowed the team to reduce the evaluation period by three weeks.
    • The duration of the RFx process was reduced by more than two months – from five months to just under three months.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    4.3.1 RFP Calendar

    1 hour

    Input: List duration in days of key activities, RFP Calendar and Key Date Tool, For all vendor-inclusive meetings, include the dates on your RFP calendar and reference them in the RFP

    Output: A timeline to complete the RFP that has the support of each stakeholder involved in the process and that allows for a complete and thorough vendor response.

    Materials: RFP Calendar and Key Date Tool

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    1. As a group, identify the key activities to be accomplished and the amount of time estimated to complete each task:
      1. Identify who is ultimately accountable for the completion of each task
      2. Determine the length of time required to complete each task
    2. Use the RFP Calendar and Key Date Tool to build the calendar specific to your needs.
    3. Include vendor-related dates in the RFP, i.e., Pre-Proposal Conference, deadline for RFP questions as well as response.

    Download the RFP Calendar and Key Date Tool

    Draft your RFP

    Create and issue your RFP, which should contain at least the following:
    • The ability for the vendors to ask clarifying questions (in writing, sent to the predetermined RFP contact)
    • Pre-Proposal/Pre-Bid Conference schedule where vendors can receive the same answer to all clarifying written questions
    • A calendar of events (block the time on stakeholder calendars – see template).
    • Instructions to potential vendors on how they should construct and return their response to enable effective and timely evaluation of each offer.
    • Requirements; for example: Functional, Operational, Technical, and Legal.
    • Specification drawings as if applicable.
    • Consider adding vendor management requirements – how do you want to manage the relationship after the deal is done?
    • A pricing template for vendors to complete that facilitates comparison across multiple vendors.
    • Contract terms required by your legal team (or your standard contract for vendors to redline as part of their response and rated/ranked accordingly).
    • Create your RFP with the evaluation process and team in mind to ensure efficiency and timeliness in the process. Be clear, concise, and complete in the document.
    • Consistency and completeness is the foundation for ease of evaluation.
    • Give vendors detailed instruction on how to structure and organize their response.
    • Limit the number of open-ended questions requiring a long narrative response.
    • Be sure to leverage Info-Tech’s proven and field-tested Short-Form, Long-Form, and Lean RFP Templates provided in this blueprint.

    Create a template for the vendors’ response

    Dictating to the vendors the format of their response will increase your evaluation efficiency
    Narrative Response:

    Create either a Word or Excel document that provides the vendor with an easy vehicle for their response. This template should include the question identifier that ties the response back to the requirement in the RFP. Instruct vendors to include the question number on any ancillary materials they wish to include.

    Pricing Response:

    Create a separate Excel template that the vendors must use to provide their financial offer. This template should include pricing for hardware, software, training, implementation, and professional services, as well as placeholders for any additional fees.

    Always be flexible in accepting alternative proposals after the vendor has responded with the information you requested in the format you require.

    Stock image of a paper checklist in front of a laptop computer's screen.

    4.3.2 Vendor Pricing Tool

    1 hour

    Input: Identify pricing components for hardware, software, training, consulting/services, support, and additional licenses (if needed)

    Output: Vendor Pricing Tool

    Materials: RFP Requirements Worksheet, Pricing template

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management

    1. Using a good pricing template will prevent vendors from providing pricing offers that create a strategic advantage designed to prevent you from performing an apples-to-apples comparison.
    2. Provide specific instructions as to how the vendor is to organize their pricing response, which should be submitted separate from the RFP response.
    3. Configure and tailor pricing templates that are specific to the product and/or services.
    4. Upon receipt of all the vendor’s responses, simply cut and paste their total response to your base template for an easy side-by-side pricing comparison.
    5. Do not allow vendors to submit financial proposals outside of your template.

    Download the Vendor Pricing Tool

    Three RFP Templates

    Choose the right template for the right sourcing initiative

    • Short-Form
    • Use the Short-Form RFP Template for simple, non-complex solutions that are medium to low dollar amounts that do not require numerous requirements.

    • Long-Form
    • We recommend the Long-Form RFP Template for highly technical and complex solutions that are high dollar and have long implementation duration.

    • Excel-Form
    • Leverage the Excel-Form RFP Tool for requirements that are more specific in nature to evaluate a vendor’s capability for their solution. This template is designed to be complete and inclusive of the RFP process, e.g., requirements, vendor response, and vendor response evaluation scoring.

    Like tools in a carpenters’ tool box or truck, there is no right or wrong template for any job. Take into account your organization culture, resources available, time frame, policies, and procedures to pick the right tool for the job. (Steve Jeffery, Principal Research Director, Vendor Management, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group)

    4.3.3 Short-Form RFP Template

    1-2 hours

    Input: List of technical, legal, business, and data security requirements

    Output: Full set of requirements, prioritized, that all participants agree to

    Materials: Short-Form RFP Template, Vendor Pricing Tool, Supporting exhibits

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    • This is a less complex RFP that has relatively basic requirements and perhaps a small window in which the vendors can respond. As with the long-form RFP, exhibits are placed at the end of the RFP, an arrangement that saves both your team and the vendors time. Of course, the short-form RFP contains less-specific instructions, guidelines, and rules for vendors’ proposal submissions.
    • We find that short-form RFPs are a good choice when you need to use something more than a request for quote (RFQ) but less than an RFP running 20 or more pages. It’s ideal, for example, when you want to send an RFP to only one vendor or to acquire items such as office supplies, contingent labor, or commodity items that don’t require significant vendor risk assessment.

    Download the Short-Form RFP Template

    4.3.4 Long-Form RFP Template

    1-3 hours

    Input: List of technical, legal, business, and data security requirements

    Output: Full set of requirements, prioritized, that all stakeholders agree to

    Materials: Long-Form RFP Template, Vendor Pricing Tool, Supporting exhibits

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    • A long-form or major RFP is an excellent tool for more complex and complicated requirements. This template is for a baseline RFP.
    • It starts with best-in-class RFP terms and conditions that are essential to maintaining your control throughout the RFP process. The specific requirements for the business, functional, technical, legal, and pricing areas should be included in the exhibits at the end of the template. That makes it easier to tailor the RFP for each deal, since you and your team can quickly identify specific areas that need modification. Grouping the exhibits together also makes it convenient for both your team to review and the vendors to respond.
    • You can use this sample RFP as the basis for your template RFP, taking it all as is or picking and choosing the sections that best meet the mission and objectives of the RFP and your organization.

    Download the Long-Form RFP Template

    4.3.5 Excel-Form RFP Tool

    Several weeks

    Input: List of technical, legal, business, and data security requirements

    Output: Full set of requirements, prioritized, that all stakeholders agree to

    Materials: Excel-Form RFP Template, Vendor Pricing Tool, Supporting exhibits

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    • The Excel-Form RFP Tool is used as an alternative to the other RFP toolsets if you have multiple requirements and have multiple vendors to choose from.
    • Requirements are written as a “statement” and the vendor can select from five answers as to their ability to meet the requirements, with the ability to provide additional context and materials to augment their answers, as needed.
    • Requirements are listed separately in each tab, for example, Business, Legal, Technical, Security, Support, Professional Services, etc.

    Download the Excel-Form RFP Template

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Answer Vendor Questions

    Maintaining your equal and level playing field among vendors

    • Provide an adequate amount of time from the RFP issue date to the deadline for vendor questions. There may be multiple vendor staff/departments that need to read the RFP and then discuss their response approach and gather any clarifying questions, so we generally recommend three to five business days.
    • There should be one point of contact for all Q&A, which should be submitted in writing via email only. Be sure to plan for enough time to get the answers back from the RFP stakeholders.
    • After the deadline, collect all Q&A and begin the process of consolidating into one document.
    Large silver question mark.
    • Be sure to anonymize both vendor questions and your responses, so as not to reveal who asked or answered the question.
    • Send the document to all RFP respondents via your sourcing tool or BCC in an email to the point of contact, with read receipt requested. That way, you can track who has received and opened the correspondence.
    • Provide the answers a few days prior to the Pre-Proposal Conference to allow all respondents time to review the document and prepare any additional questions.
    • Begin the preparation for the Pre-Proposal Conference.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Conduct Pre-Proposal Conference

    Maintain an equal and level playing field

    • Consolidate all Q&A to be presented to all vendors during the Pre-Proposal Conference.
    • If the Pre-Proposal Conference is conducted via conference call, be sure to record the session and advise all participants at the beginning of the call.
    • Be sure to have key stakeholders present on the call to answer questions.
    • Read each question and answer, after which ask if there are any follow up questions. Be sure to capture them and then add them to the Q&A document.
    • Remind respondents that no further questions will be entertained during the remainder of the RFP response period.
    • Send the updated and completed document to all vendors (even if circumstances prevented their attending the Pre-Proposal Conference). Use the same process as when you sent out the initial answers: via email, blind copy the respondents and request read/receipt.

    “Using a Pre-Proposal Conference allows you to reinforce that there is a level playing field for all of the vendors…that each vendor has an equal chance to earn your business. This encourages and maximizes competition, and when that happens, the customer wins.” (Phil Bode, Principal Research Director, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group)

    Pre-Proposal Conference Agenda

    Modify this agenda for your specific organization’s culture
    1. Opening Remarks & Welcome – RFP Manager
      1. Agenda review
      2. Purpose of the Pre-Proposal Conference
    2. Review Agenda
      1. Introduction of your (customer) attendees
    3. Participating Vendor Introduction (company name)
    4. Executive or Sr. Leadership Comments (limit to five minutes)
      1. Importance of the RFP
      2. High-level business objective or definition of success
    5. Review Key Dates in the RFP

    (Source: The Art of Creating a Quality RFP, Jeffery et al., 2019)
    1. Review of any Technical Drawings or Information
      1. Key technical requirements and constraints
      2. Key infrastructure requirements and constraints
    2. Review of any complex RFP Issues
      1. Project scope/out of scope
    3. Question &Answer
      1. Vendors’ questions in alphabetical order
    4. Review of Any Specific Instructions for the Respondents
    5. Conclusion/Closing
      1. Review how to submit additional questions
      2. Remind vendors of the single point of contact

    Allow your executive or leadership sponsor to leave the Pre-Proposal Conference after they provide their comments to allow them to continue their day while demonstrating to the vendors the importance of the project.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Evaluate Responses

    Other important information

    • Consider separating the pricing component from the RFP responses before sending them to reviewers to maintain objectivity until after you have received all ratings on the proposals themselves.
    • Each reviewer should set aside focused time to carefully read each vendor’s response
    • Read the entire vendor proposal – they spent a lot time and money responding to your request, so please read everything.
    • Remind reviewers that they should route any questions to the vendor through the RFP manager.
    • Using the predetermined ranking system for each section, rate each section of the response, capturing any notes, questions, or concerns as you proceed through the document(s).
    Stock photo of a 'Rating' meter with values 'Very Bad to 'Excellent'.

    Use a proven evaluation method

    Two proven methods to reviewing vendors’ proposals are by response and by objective

    The first, by response, is when the evaluator reviews each vendor’s response in its entirety.

    The second, reviewing by objective, is when the evaluator reviews each vendor’s response to a single objective before moving on to the next.

    By Response

    Two-way arrow with '+ Pros' in green on the left and 'Cons -' in red on the right.

    By Objective

    Two-way arrow with '+ Pros' in green on the left and 'Cons -' in red on the right.

    • Each response is thoroughly read all the way through.
    • Response inconsistencies are easily noticed.
    • Evaluators obtain a good feel for the vendor's response.
    • Evaluators will lose interest as they move from one response to another.
    • Evaluation will be biased if the beginning of response is subpar, influencing the rest of the evaluation.
    • Deficiencies of the perceived favorite vendor are overlooked.
    • Evaluators concentrate on how each objective is addressed.
    • Evaluators better understand the responses, resulting in identifying the best response for the objective.
    • Evaluators are less susceptible to supplier bias.
    • Electronic format of the response hampers response review per objective.
    • If a hard copy is necessary, converting electronic responses to hard copy is costly and cumbersome.
    • Discipline is required to score each vendor's response as they go.

    Maintain evaluation objectivity by reducing response evaluation biases

    Evaluation teams can be naturally biased during their review of the vendors’ responses.

    You cannot eliminate bias completely – the best you can do is manage it by identifying these biases with the team and mitigating their influence in the evaluation process.

    Vendor

    The evaluator only trusts a certain vendor and is uncomfortable with any other vendor.
    • Evaluate the responses blind of vendor names, if possible.
    Centerpiece for this table, titled 'BIAS' and surrounding by iconized representations of the four types listed.

    Account Representatives

    Relationships extend beyond business, and an evaluator doesn't want to jeopardize them.
    • Craft RFP objectives that are vendor neutral.

    Technical

    A vendor is the only technical solution the evaluator is looking for, and they will not consider anything else.
    • Conduct fair and open solution demonstrations.

    Price

    As humans, we can justify anything at a good price.
    • Evaluate proposals without awareness of price.

    Additional insights when evaluating RFPs

    When your evaluation team includes a member of the C-suite or senior leadership, ensure you give them extra time to sufficiently review the vendor's responses. When your questions require a definitive “Yes”/“True” or “No”/“False” responses, we recommend giving the maximum score for “Yes”/“True” and the minimum score for “No”/“False”.
    Increase your efficiency and speed of evaluation by evaluating the mandatory requirements first. If a vendor's response doesn't meet the minimum requirements, save time by not reviewing the remainder of the response. Group your RFP questions with a high-level qualifying question, then the supporting detailed requirements. The evaluation team can save time by not evaluating a response that does not meet a high-level qualifying requirement.

    Establish your evaluation scoring scale

    Define your ranking scale to ensure consistency in ratings

    Within each section of your RFP are objectives, each of which should be given its own score. Our recommended approach is to award on a scale of 0 to 5. With such a scale, you need to define every level. Below are the recommended definitions for a 0 to 5 scoring scale.

    Score Criteria for Rating
    5 Outstanding – Complete understanding of current and future needs; solution addresses current and future needs
    4 Competent – Complete understanding and adequate solution
    3 Average – Average understanding and adequate solution
    2 Questionable – Average understanding; proposal questionable
    1 Poor – Minimal understanding
    0 Not acceptable – Lacks understanding
    Stock photo of judges holding up their ratings.

    Weigh the sections of your RFP on how important or critical they are to the RFP

    Obtain Alignment on Weighting the Scores of Each Section
    • There are many ways to score responses, ranging from extremely simple to highly complicated. The most important thing is that everyone responsible for completing scorecards is in total agreement about how the scoring system should work. Otherwise, the scorecards will lose their value, since different weighting and scoring templates were used to arrive at their scores.
    • You can start by weighting the scores by section, with all sections adding up to 100%.
    Example RFP Section Weights
    Pie chart of example RFP section weights, 'Operational, 20%', 'Service-Level Agreements, 20%', 'Financial, 20%', 'Legal/Contractual, 15%', 'Technical, 10%' 'Functional, 15%'.
    (Source: The Art of Creating a Quality RFP, Jeffery et al., 2019)

    Protect your negotiation leverage with these best practices

    Protect your organization's reputation within the vendor community with a fair and balanced process.
    • Unless you regularly have the evaluators on your evaluation team, always assume that the team members are not familiar nor experienced with your process and procedures.
    • Do not underestimate the amount of preparations required to ensure that your evaluation team has everything they need to evaluate vendors’ responses without bias.
    • Be very specific about the expectations and time commitment required for the evaluation team to evaluate the responses.
    • Explain to the team members the importance of evaluating responses without conflicts of interest, including the fact that information contained within the responses and all discussions within the team are considered company owned and confidential.
    • Include examples of the evaluation and scoring processes to help the evaluators understand what they should be doing.
    • Finally – don’t forget to the thank the evaluation team and their managers for their time and commitment in contributing to this essential decision.
    Stock photo of a cork board with 'best practice' spelled out by tacked bits of paper, each with a letter in a different font.

    Evaluation teams must balance commercial vs. technical requirements

    Do not alter the evaluation weights after responses are submitted.
    • Evaluation teams are always challenged by weighing the importance of price, budget, and value against the technical requirements of “must-haves” and super cool “nice-to-haves.”
    • Encouraging the evaluation team not to inadvertently convert the nice-to-haves to must-haves will prevent scope creep and budget pressure. The evaluation team must concentrate on the vendors’ responses that drive the best value when balancing both commercial and technical requirements.
    Two blocks labelled 'Commercial Requirements' and 'Technical Requirements' balancing on either end of a flat sheet, which is balancing on a silver ball.

    4.6.1 Evaluation Guidebook

    1 hour

    Input: RFP responses, Weighted Scoring Matrix, Vendor Response Scorecard

    Output: One or two finalists for which negotiations will proceed

    Materials: RFP Evaluation Guidebook

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management

    1. Info-Tech provides an excellent resource for your evaluation team to better understand the process of evaluating vendor response. The guidebook is designed to be configured to the specifics of your RFP, with guidance and instructions to the team.
    2. Use this guidebook to provide instruction to the evaluation team as to how best to score and rate the RFP responses.
    3. Specific definitions are provided for applying the numerical scores to the RFP objectives will ensure consistency among the appropriate numerical score.

    Download the RFP Evaluation Guidebook

    4.6.2 RFP Vendor Proposal Scoring Tool

    1-4 hours

    Input: Each vendor’s RFP response, A copy of the RFP (less pricing), A list of the weighted criteria incorporated into a vendor response scorecard

    Output: A consolidated ranked and weighted comparison of the vendor responses with pricing

    Materials: Vendor responses, RFP Evaluation Tool

    Participants: Sourcing/Procurement, Vendor management

    1. Using the RFP outline as a base, develop a scorecard to evaluate and rate each section of the vendor response, based on the criteria predetermined by the team.
    2. Provide each stakeholder with the scorecard when you provide the vendor responses for them to review and provide the team with adequate time to review each response thoroughly and completely.
    3. Do not, at this stage, provide the pricing. Allow stakeholders to review the responses based on the technical, business, operational criteria without prejudice as to pricing.
    4. Evaluators should always be reminded that they are evaluating each vendor’s response against the objectives and requirements of the RFP. The evaluators should not be evaluating each vendor’s response against one another.
    5. While the team is reviewing and scoring responses, review and consolidate the vendor pricing submissions into one document for a side-by-side comparison.

    Download the RFP Evaluation Tool

    4.6.3 Total Cost of Owners (TCO)

    1-2 hours

    Input: Consolidated vendor pricing responses, Consolidated vendor RFP responses, Current spend within your organization for the product/service, if available, Budget

    Output: A completed TCO model summarizing the financial results of the RFP showing the anticipated costs over the term of the agreement, taking into consideration the impact of renewals.

    Materials: Vendor TCO Tool, Vendor pricing responses

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement

    • Use Info-Tech’s Vendor TCO Tool to normalize each vendor’s pricing proposal and account for the lifetime cost of the product.
    • Fill in pricing information (the total of all annual costs) from each vendor's returned Pricing Proposal.
    • The tool will summarize the net present value of the TCO for each vendor proposal.
    • The tool will also provide the rank of each pricing proposal.

    Download the Vendor TCO Tool

    Conduct an evaluation team results meeting

    Follow the checklist below to ensure an effective evaluation results meeting

    • Schedule the evaluation team’s review meeting well in advance to ensure there are no scheduling conflicts.
    • Collect the evaluation team’s scores in advance.
    • Collate scores and provide an initial ranking.
    • Do not reveal the pricing evaluation results until after initial discussions and review of the scoring results.
    • Examine both high and low scores to understand why the team members scored the response as they did.
    • Allow the team to discuss, debate, and arrive at consensus on the ranking.
    • After consensus, reveal the pricing to examine if or how it changes the ranking.
    • Align the team on the next steps with the applicable vendors.

    4.6.4 Consolidated RFP Response Scoring

    1-2 hours

    Input: Vendor Response Scorecard from each stakeholder, Consolidated RFP responses and pricing, Any follow up questions or items requiring further vendor clarification.

    Output: An RFP Response Evaluation Summary that identifies the finalists based on pre-determined criteria.

    Materials: RFP Evaluation Tool from each stakeholder, Consolidated RFP responses and pricing.

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management

    1. Collect from the evaluation team all scorecards and any associated questions requiring further clarification from the vendor(s). Consolidate the scorecards into one for presentation to the team and key decision makers.
    2. Present the final scores to the team, with the pricing evaluation, to determine, based on your needs, two or three finalists that will move forward to the next steps of negotiations.
    3. Discuss any scores that are have large gaps, e.g., a requirement with a score of one from one evaluator and the same requirement with a score five from different evaluator.
    4. Arrive at a consensus of your top one or two potential vendors.
    5. Determine any required follow-up actions with the vendors and include them in the Evaluation Summary.

    Download the Consolidated Vender RFP Response Evaluation Summary

    4.6.5 Vendor Recommendation Presentation

    1-3 hours
    1. Use the Vendor Recommendation Presentation to present your finalist and obtain final approval to negotiate and execute any agreements.
    2. The Vendor Recommendation Presentation provides leadership with:
      1. An overview of the RFP, its primary goals, and key requirements
      2. A summary of the vendors invited to participate and why
      3. A summary of each component of the RFP
      4. A side-by-side comparison of key vendor responses to each of the key/primary requirements, with ranking/weighting results
      5. A summary of the vendor’s responses to key legal terms
      6. A consolidated summary of the vendors’ pricing, augmented by the TCO calculations for the finalist(s).
      7. The RFP team’s vendor recommendations based on its findings
      8. A summary of next steps with dates
      9. Request approval to proceed to next steps of negotiations with the primary and secondary vendor

    Download the Vendor Recommendation Presentation

    4.6.5 Vendor Recommendation Presentation

    Input

    • Consolidated RFP responses, with a focus on key RFP goals
    • Consolidated pricing responses
    • TCO Model completed, approved by Finance, stakeholders

    Output

    • Presentation deck summarizing the key findings of the RFP results, cost estimates and TCO and the recommendation for approval to move to contract negotiations with the finalists

    Materials

    • Consolidated RFP responses, including legal requirements
    • Consolidated pricing
    • TCO Model
    • Evaluators scoring results

    Participants

    • IT
    • Finance
    • Business stakeholders
    • Legal
    • Sourcing/Procurement

    Caution: Configure templates and tools to align with RFP objectives

    Templates and tools are invaluable assets to any RFP process

    • Leveraging templates and tools saves time and provides consistency to your vendors.
    • Maintain a common repository of your templates and tools with different versions and variations. Include a few sentences with instructions on how to use the template and tools for team members who might not be familiar with them.

    Templates/Tools

    RFP templates and tools are found in a variety of places, such as previous projects, your favorite search engine, or by asking a colleague.

    Sourcing

    Regardless of the source of these documents, you must take great care and consideration to sanitize any reference to another vendor, company, or name of the deal.

    Review

    Then you must carefully examine the components of the deal before creating your final documents.

    Popular RFP templates include:

    • RFP documents
    • Pricing templates
    • Evaluation and scoring templates
    • RFP requirements
    • Info-Tech research

    Phase 5

    Negotiate Agreement(s)

    Steps

    5.1 Perform negotiation process

    Steps in an RFP Process with the fifth step, 'Negotiate Agreement', highlighted.

    This phase involves the following participants:

    • Procurement
    • Vendor management
    • Legal
    • IT stakeholders
    • Finance

    Outcomes of this phase

    A negotiated agreement or agreements that are a result of competitive negotiations.

    Negotiate Agreement(s)

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Negotiate Agreement

    You should evaluate your RFP responses first to see if they are complete and the vendor followed your instructions.


    Then you should:

    • Plan negotiation(s) with one or more vendors based on your questions and opportunities identified during evaluation.
    • Select finalist(s).
    • Apply selection criteria.
    • Resolve vendors’ exceptions.

    Info-Tech Insight

    Be certain to include any commitments made in the RFP, presentations, and proposals in the agreement – dovetails to underperforming vendor.

    Centerpiece of the table, titled 'Negotiation Process'.

    Leverage Info-Tech's negotiation process research for additional information

    Negotiate before you select your vendor:
    • Negotiating with two or more vendors will maintain your competitive leverage while decreasing the time it takes to negotiate the deal.
    • Perform legal reviews as necessary.
    • Use sound competitive negotiations principles.

    Info-Tech Insight

    Providing contract terms in an RFP can dramatically reduce time for this step by understanding the vendor’s initial contractual position for negotiation.

    Phase 6

    Purchase Goods and Services

    Steps

    6.1 Purchase Goods & Services

    Steps in an RFP Process with the sixth step, 'Purchase Goods and Services', highlighted.

    This phase involves the following participants:

    • Procurement
    • Vendor management
    • IT stakeholders

    Outcomes of this phase

    A purchase order that completes the RFP process.

    The beginning of the vendor management process.

    Purchase Goods and Services

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Purchase Goods and Services

    Prepare to purchase goods and services

    Prepare to purchase goods and services by completing all items on your organization’s onboarding checklist.
    • Have the vendor complete applicable tax forms.
    • Set up the vendor in accounts payable for electronic payment (ACH) set-up.
    Then transact day-to-day business:
    • Provide purchasing forecasts.
    • Complete applicable purchase requisition and purchase orders. Be sure to reference the agreement in the PO.
    Stock image of a computer monitor with a full grocery cart shown on the screen.

    Info-Tech Insight

    As a customer, honoring your contractual obligations and commitments will ensure that your organization is not only well respected but considered a customer of choice.

    Phase 7

    Assess and Measure Performance

    Steps

    7.1 Assess and measure performance against the agreement

    Steps in an RFP Process with the seventh step, 'Assess and Measure Performance', highlighted.

    This phase involves the following participants:

    • Vendor management
    • Business stakeholders
    • Senior leadership (as needed)
    • IT stakeholders
    • Vendor representatives & senior management

    Outcomes of this phase

    A list of what went well during the period – it’s important to recognize successes

    A list of areas needing improvement that includes:

    • A timeline for each item to be completed
    • The team member(s) responsible

    Purchase Goods and Services

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Assess and Measure Performance

    Measure to manage: the job doesn’t end when the contract is signed.

    • Classify vendor
    • Assess vendor performance
    • Manage improvement
    • Conduct periodic vendor performance reviews or quarterly business reviews
    • Ensure contract compliance for both the vendor and your organization
    • Build knowledgebase for future
    • Re-evaluate and improve appropriately your RFP processes

    Info-Tech Insight

    To be an objective vendor manager, you should also assess and measure your company’s performance along with the vendor’s performance.

    Summary of Accomplishment

    Problem Solved

    Upon completion of this blueprint, guided implementation, or workshop, your team should have a comprehensive, well-defined end-to-end approach to performing a quality sourcing event. Leverage Info-Tech’s industry-proven tools and templates to provide your organization with an effective approach to maintain your negotiation leverage, improve the ease with which you evaluate vendor proposals, and reduce your risk while obtaining the best market value for your goods and services.

    Additionally, your team will have a foundation to execute your vendor management principles. These principles will assist your organization in ensuring you receive the perceived value from the vendor as a result of your competitive negotiations.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Final Thoughts: RFP Do’s and Don’ts

    DO

    • Leverage your team’s knowledge
    • Document and explain your RFP process to stakeholders and vendors
    • Include contract terms in your RFP
    • Consider vendor management requirements up front
    • Plan to measure and manage performance after contract award leveraging RFP objectives
    • Seek feedback from the RFP team for process improvements

    DON'T

    • Reveal your budget
    • Do an RFP in a vacuum
    • Send an RFP to a vendor your team is not willing to award the business to
    • Hold separate conversations with candidate vendors during your RFP process
    • Skimp on the requirements definition to speed the process
    • Tell the vendor they are selected before negotiating

    Bibliography

    “2022 RFP Response Trends & Benchmarks.” Loopio, 2022. Web.

    Corrigan, Tony. “How Much Does it Cost to Respond to an RFP?” LinkedIn, March 2017. Accessed 10 Dec. 2019

    “Death by RFP:7 Reasons Not to Respond.” Inc. Magazine, 2013. Web.

    Jeffery, Steven, George Bordon, and Phil Bode. The Art of Creating a Quality RFP, 3rd ed. Info-Tech Research Group, 2019.

    “RFP Benchmarks: How Much Time and Staff Firms Devote to Proposals.” MarketingProfs, 2020. Web.

    “State of the RFP 2019.” Bonfire, 2019. Web.

    “What Vendors Want (in RFPs).” Vendorful, 2020. Web.

    Related Info-Tech Research

    Stock photo of two people looking at a tablet. Prepare for Negotiations More Effectively
    • Negotiations are about allocating risk and money – how much risk is a party willing to accept at what price point?
    • Using a cross-functional/cross-insight team structure for negotiation preparation yields better results.
    • Soft skills aren’t enough and theatrical negotiation tactics aren’t effective.
    Stock photo of two people in suits shaking hands. Understand Common IT Contract Provisions to Negotiate More Effectively
    • Focus on the terms and conditions, not just the price. Too often, organizations focus on the price contained within their contracts, neglecting to address core terms and conditions that can end up costing multiples of the initial price.
    • Lawyers can’t ensure you get the best business deal. Lawyers tend to look at general terms and conditions for legal risk and may not understand IT-specific components and business needs.
    Stock photo of three people gathered around a computer. Jump Start Your Vendor Management Initiative
    • Vendor management must be an IT strategy. Solid vendor management is an imperative – IT organizations must develop capabilities to ensure that services are delivered by vendors according to service-level objectives and that risks are mitigated according to the organization's risk tolerance.
    • Visibility into your IT vendor community. Understand how much you spend with each vendor and rank their criticality and risk to focus on the vendors you should be concentrating on for innovative solutions.

    2021 CIO Priorities Report

    • Buy Link or Shortcode: {j2store}83|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • It is a new year, but the challenges of 2020 remain: COVID-19 infection rates continue to climb, governments continue to enforce lockdown measures, we continue to find ourselves in the worst economic crisis since the Great Depression, and civil unrest grows in many democratic societies.
    • At the start of 2020, no business leader predicted the disruption that was to come. This left IT in a reactive but critical role as the health crisis hit. It was core to delivering the organization’s products and services, as it drove the radical shift to work-from-home.
    • For the year ahead, IT will continue to serve a critical function in uncertain times. However, unlike last year, CIOs can better prepare for 2021. That said, in the face of the uncertainty and volatility of the year ahead, what they need to prepare for is still largely undefined.
    • But despite the lack of confidence on knowing specifically what is to come, most business leaders will admit they need to get ready for it. This year’s priority report will help.

    Our Advice

    Critical Insight

    • “Resilience” is the theme for this year’s CIO Priorities Report. In this context, resilience is about building up the capacity and the capabilities to effectively respond to emergent and unforeseen needs.
    • Early in 2021 is a good time to develop resilience in several different areas. As we explore in this year’s Report, CIOs can best facilitate enterprise resilience through strategic financial planning, proactive risk management, effective organizational change management and capacity planning, as well as through remaining tuned into emergent technologies to capitalize on innovations to help weather the uncertainty of the year ahead.

    Impact and Result

    • Use Info-Tech’s 2021 CIO Priorities Report to prepare for the uncertainty of the year ahead. Across our five priorities we provide five avenues through which CIOs can demonstrate resilient planning, enabling the organization as a whole to better confront what’s coming in 2021.
    • Each of our priorities is backed up by a “call to action” that will help CIOs start to immediately implement the right drivers of resilience for their organization.
    • By building up resilience across our five key areas, CIOs will not only be able to better prepare for the year to come, but also strengthen business relations and staff morale in difficult times.

    2021 CIO Priorities Report Research & Tools

    Read the 2021 CIO Priorities Report

    Use Info-Tech’s 2021 CIO Priorities Report to prepare for the uncertainty of the year ahead. Across our five priorities we provide five avenues through which CIOs can demonstrate resilient planning, enabling the organization as a whole to better confront what’s coming in 2021.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create an appropriate budget reserve

    Identifying and planning sources of financial contingency will help ensure CIOs can meet unforeseen and emergent operational and business needs throughout the year.

    • 2021 CIO Priorities Report: Priority 1 – Create an Appropriate Budget Reserve

    2. Refocus IT risk planning

    The start of 2021 is a time to refocus and redouble IT risk management and business continuity planning to bring it up to the standards of our “new normal.” Indeed, if last year taught us anything, it’s that no “black swan” should be off the table in terms of scenarios or possibilities for business disruption.

    • 2021 CIO Priorities Report: Priority 2 – Refocus IT Risk Planning

    3. Strengthen organizational change management capabilities

    At its heart, resilience is having the capacity to deal with unexpected change. Organizational change management can help build up this capacity, providing the ability to strategically plot known changes while leaving some capacity to absorb the unknowns as they present themselves.

    • 2021 CIO Priorities Report: Priority 3 – Strengthen Organizational Change Management Capabilities

    4. Establish capacity awareness

    Capacity awareness facilitates resilience by providing capital in the form of resource data. With this data, CIOs can make better decisions on what can be approved and when it can be scheduled for.

    • 2021 CIO Priorities Report: Priority 4 – Establish Capacity Awareness

    5. Keep emerging technologies in view

    Having an up-to-date view of emerging technologies will enable the resilient CIO to capitalize on and deploy leading-edge innovations as the business requires.

    • 2021 CIO Priorities Report: Priority 5 – Keep Emerging Technologies in View
    [infographic]

    Reduce Manual Repetitive Work With IT Automation

    • Buy Link or Shortcode: {j2store}458|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $34,099 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • IT staff are overwhelmed with manual repetitive work.
    • You have little time for projects.
    • You cannot move as fast as the business wants.

    Our Advice

    Critical Insight

    • Optimize before you automate.
    • Foster an engineering mindset.
    • Build a process to iterate.

    Impact and Result

    • Begin by automating a few tasks with the highest value to score quick wins.
    • Define a process for rolling out automation, leveraging SDLC best practices.
    • Determine metrics and continually track the success of the automation program.

    Reduce Manual Repetitive Work With IT Automation Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why you should reduce manual repetitive work with IT automation.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify automation candidates

    Select the top automation candidates to score some quick wins.

    • Reduce Manual Repetitive Work With IT Automation – Phase 1: Identify Automation Candidates
    • IT Automation Presentation
    • IT Automation Worksheet

    2. Map and optimize process flows

    Map and optimize process flows for each task you wish to automate.

    • Reduce Manual Repetitive Work With IT Automation – Phase 2: Map & Optimize Process Flows

    3. Build a process for managing automation

    Build a process around managing IT automation to drive value over the long term.

    • Reduce Manual Repetitive Work With IT Automation – Phase 3: Build a Process for Managing Automation

    4. Build automation roadmap

    Build a long-term roadmap to enhance your organization's automation capabilities.

    • Reduce Manual Repetitive Work With IT Automation – Phase 4: Build Automation Roadmap
    • IT Automation Roadmap
    [infographic]

    Workshop: Reduce Manual Repetitive Work With IT Automation

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Automation Candidates

    The Purpose

    Identify top candidates for automation.

    Key Benefits Achieved

    Plan to achieve quick wins with automation for early value.

    Activities

    1.1 Identify MRW pain points.

    1.2 Drill down pain points into tasks.

    1.3 Estimate the MRW involved in each task.

    1.4 Rank the tasks based on value and ease.

    1.5 Select top candidates and define metrics.

    1.6 Draft project charters.

    Outputs

    MRW pain points

    MRW tasks

    Estimate of MRW involved in each task

    Ranking of tasks for suitability for automation

    Top candidates for automation & success metrics

    Project charter(s)

    2 Map & Optimize Processes

    The Purpose

    Map and optimize the process flow of the top candidate(s).

    Key Benefits Achieved

    Requirements for automation of the top task(s).

    Activities

    2.1 Map process flows.

    2.2 Review and optimize process flows.

    2.3 Clarify logic and finalize future-state process flows.

    Outputs

    Current-state process flows

    Optimized process flows

    Future-state process flows with complete logic

    3 Build a Process for Managing Automation

    The Purpose

    Develop a lightweight process for rolling out automation and for managing the automation program.

    Key Benefits Achieved

    Ability to measure and to demonstrate success of each task automation, and of the program as a whole.

    Activities

    3.1 Kick off your test plan for each automation.

    3.2 Define process for automation rollout.

    3.3 Define process to manage your automation program.

    3.4 Define metrics to measure success of your automation program.

    Outputs

    Test plan considerations

    Automation rollout process

    Automation program management process

    Automation program metrics

    4 Build Automation Roadmap

    The Purpose

    Build a roadmap to enhance automation capabilities.

    Key Benefits Achieved

    A clear timeline of initiatives that will drive improvement in the automation program to reduce MRW.

    Activities

    4.1 Build a roadmap for next steps.

    Outputs

    IT automation roadmap

    Further reading

    Reduce Manual Repetitive Work With IT Automation

    Free up time for value-adding jobs.

    ANALYST PERSPECTIVE

    Automation cuts both ways.

    Automation can be very, very good, or very, very bad.
    Do it right, and you can make your life a whole lot easier.
    Do it wrong, and you can suffer some serious pain.
    All too often, automation is deployed willy-nilly, without regard to the overall systems or business processes in which it lives.
    IT professionals should follow a disciplined and consistent approach to automation to ensure that they maximize its value for their organization.

    Derek Shank,
    Research Analyst, Infrastructure & Operations
    Info-Tech Research Group

    Executive summary

    Situation

    • IT staff are overwhelmed with manual repetitive work.
    • You have little time for projects.
    • You cannot move as fast as the business wants.

    Complication

    • Automation is simple to say, but hard to implement.
    • Vendors claim automation will solve all your problems.
    • You have no process for managing automation.

    Resolution

    • Begin by automating a few tasks with the highest value to score quick wins.
    • Define a process for rolling out automation, leveraging SDLC best practices.
    • Determine metrics and continually track the success of the automation program.

    Info-Tech Insight

    1. Optimize before you automate.The current way isn’t necessarily the best way.
    2. Foster an engineering mindset.Your team members may not be process engineers, but they should learn to think like one.
    3. Build a process to iterate.Effective automation can't be a one-and-done. Define a lightweight process to manage your program.

    Infrastructure & operations teams are overloaded with work

    • DevOps and digital transformation initiatives demand increased speed.
    • I&O is still tasked with security and compliance and audit.
    • I&O is often overloaded and unable to keep up with demand.

    Manual repetitive work (MRW) sucks up time

    • Manual repetitive work is a fact of life in I&O.
    • DevOps circles refer to this type of work simply as “toil.”
    • Toil is like treading water: it must be done, but it consumes precious energy and effort just to stay in the same place.
    • Some amount of toil is inevitable, but it's important to measure and cap toil, so it does not end up overwhelming your team's whole capacity for engineering work.

    Info-Tech Insight

    Follow our methodology to focus IT automation on reducing toil.

    Manual hand-offs create costly delays

    • Every time there is a hand-off, we lose efficiency and productivity.
    • In addition to the cost of performing manual work itself, we must also consider the impact of lost productivity caused by the delay of waiting for that work to be performed.

    Every queue is a tire fire

    Queues create waste and are extremely damaging. Like a tire fire, once you get started, they’re almost impossible to stamp out!

    Increase queues if you want

    • “More overhead”
    • “Lower quality”
    • “More variability”
    • “Less motivation”
    • “Longer cycle time”
    • “Increased risk”

    (Source: Edwards, citing Donald G. Reinersten: The Principles of Product Development Flow: Second Generation Lean Product Development )

    Increasing complexity makes I&O’s job harder

    Every additional layer of complexity multiplies points of failure. Beyond a certain level of complexity, troubleshooting can become a nightmare.

    Today, Operations is responsible for the outcomes of a full stack of a very complex, software-defined, API-enabled system running on infrastructure they may or may not own.
    – Edwards

    Growing technical debt means an ever-rising workload

    • Enterprises naturally accumulate technical debt.
    • All technology requires care and feeding.
    • I&O cannot control how much technology it’s expected to support.
    • I&O faces a larger and larger workload as technical debt accumulates.

    The systems built under each new technology paradigm never fully replace the systems built under the old paradigms. It’s not uncommon for an enterprise to have an accumulation of systems built over 10-15 years and have no budget, risk appetite, or even a viable path to replace them all. With each shift, who bares [SIC] the brunt of the responsibility for making sure the old and the new hang together? Operations, of course. With each new advance, Operations juggles more complexity and more layers of legacy technologies than ever before.
    – Edwards

    Most IT shops can’t have a dedicated engineering team

    • In most organizations, the team that builds things is best equipped to support them.
    • Often the knowledge to design systems and the knowledge to run those systems naturally co-exists in the same personnel resources.
    • When your I&O team is trying to do engineering work, they can end up frequently interrupted to perform operational tasks.
    A Venn Diagram is depicted which compares People who build things with People who run things. the two circles are almost completely overlapping, indicating the strong connection between the two groups.

    Personnel resources in most IT organizations overlap heavily between “build” and “run.”

    IT operations must become an engineering practice

    • Usually you can’t double your staff or double their hours.
    • IT professionals must become engineers.
    • We do this by automating manual repetitive work and reducing toil.
    Two scenarios are depicted. The first scenario is found at a hypothetical work camp, in which one employee performs the task of manually splitting firewood with an axe. In order to split twice as much firewood, the employee would need to spend twice the time. The second scenario is Engineering Operations. in this scenario, a wood processor is used to automate the task, allowing far more wood to be split in same amount of time.

    Build your Sys Admin an Iron Man suit

    Some CIOs see a Sys Admin and want to replace them with a Roomba. I see a Sys Admin and want to build them an Iron Man suit.
    – Deepak Giridharagopal, CTO, Puppet

    Two Scenarios are depicted. In one, an employee is replaced by automation, represented by a Roomba, reducing costs by laying off a single employee. In the second scenario, the single employee is given automated tools to do their job, represented by an iron-man suit, leading to a 10X boost in employee productivity.

    Use automation to reduce risk

    Consistency

    When we automate, we can make sure we do something the same way every time and produce a consistent result.

    Auditing and Compliance

    We can design an automated execution that will ship logs that provide the context of the action for a detailed audit trail.

    Change

    • Enterprise environments are continually changing.
    • When context changes, so does the procedure.
    • You can update your docs all you want, but you can't make people read them before executing a procedure.
    • When you update the procedure itself, you can make sure it’s executed properly.

    Follow Info-Tech’s approach: Start small and snowball

    • It’s difficult for I&O to get the staffing resources it needs for engineering work.
    • Rather than trying to get buy-in for resources using a “top down” approach, Info-Tech recommends that I&O score some quick wins to build momentum.
    • Show success while giving your team the opportunity to build their engineering chops.

    Because the C-suite relies on upwards communication — often filtered and sanitized by the time it reaches them — executives don’t see the bottlenecks and broken processes that are stalling progress.
    – Andi Mann

    Info-Tech’s methodology employs a targeted approach

    • You aren’t going to automate IT operations end-to-end overnight.
    • In fact, such a large undertaking might be more effort than it’s worth.
    • Info-Tech’s methodology employs a targeted approach to identify which candidates will score some quick wins.
    • We’ll demonstrate success, gain momentum, and then iterate for continual improvement.

    Invest in automation to reap long-term rewards

    • All too often people think of automation like a vacuum cleaner you can buy once and then forget.
    • The reality is you need to perform care and feeding for automation like for any other process or program.
    • To reap the greatest rewards you must continually invest in automation – and invest wisely.

    To get the full ROI on your automation, you need to treat it like an employee. When you hire an employee, you invest in that person. You spend time and resources training and nurturing new employees so they can reach their full potential. The investment in a new employee is no different than your investment in automation.– Edwards

    Measure the success of your automation program

    Example of How to Estimate Dollar Value Impact of Automation
    Metric Timeline Target Value
    Hours of manual repetitive work 12 months 20% reduction $48,000/yr.(1)
    Hours of project capacity 18 months 30% increase $108,000/yr.(2)
    Downtime caused by errors 6 months 50% reduction $62,500/yr.(3)

    1 15 FTEs x 80k/yr.; 20% of time on MRW, reduced by 20%
    2 15 FTEs x 80k/yr.; 30% project capacity, increased by 30%
    3 25k/hr. of downtime.; 5 hours per year of downtime caused by errors

    Automating failover for disaster recovery

    CASE STUDY

    Industry Financial Services
    Source Interview

    Challenge

    An IT infrastructure manager had established DR failover procedures, but these required a lot of manual work to execute. His team lacked the expertise to build automation for the failover.

    Solution

    The manager hired consultants to build scripts that would execute portions of the failover and pause at certain points to report on outcomes and ask the human operator whether to proceed with the next step.

    Results

    The infrastructure team reduced their achievable RTOs as follows:
    Tier 1: 2.5h → 0.5h
    Tier 2: 4h → 1.5h
    Tier 3: 8h → 2.5h
    And now, anyone on the team could execute the entire failover!

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Reduce Manual Repetitive Work With IT Automation – project overview

    1. Select Candidates 2. Map Process Flows 3. Build Process 4. Build Roadmap
    Best-Practice Toolkit

    1.1 Identify MRW pain points

    1.2 Drill down pain points into tasks

    1.3 Estimate the MRW involved in each task

    1.4 Rank the tasks based on value and ease

    1.5 Select top candidates and define metrics

    1.6 Draft project charters

    2.1 Map process flows

    2.2 Review and optimize process flows

    2.3 Clarify logic and finalize future-state process flows

    3.1 Kick off your test plan for each automation

    3.2 Define process for automation rollout

    3.3 Define process to manage your automation program

    3.4 Define metrics to measure success of your automation program

    4.1 Build automation roadmap

    Guided Implementations

    Introduce methodology.

    Review automation candidates.

    Review success metrics.

    Review process flows.

    Review end-to-end process flows.

    Review testing considerations.

    Review automation SDLC.

    Review automation program metrics.

    Review automation roadmap.

    Onsite Workshop Module 1:
    Identify Automation Candidates
    Module 2:
    Map and Optimize Processes
    Module 3:
    Build a Process for Managing Automation
    Module 4:
    Build Automation Roadmap
    Phase 1 Results:
    Automation candidates and success metrics
    Phase 2 Results:
    End-to-end process flows for automation
    Phase 3 Results:
    Automation SDLC process, and automation program management process
    Phase 4 Results:
    Automation roadmap

    Measure IT Project Value

    • Buy Link or Shortcode: {j2store}431|cart{/j2store}
    • member rating overall impact (scale of 10): 9.5/10 Overall Impact
    • member rating average dollars saved: $5,549 Average $ Saved
    • member rating average days saved: 6 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • People treat benefits as a box to tick on the business case, deflating or inflating them to facilitate project approval.
    • Even if benefits are properly defined, they are usually forgotten once the project is underway.
    • Subsequent changes to project scope may impact the viability of the project’s business benefits, resulting in solutions that do not deliver expected value.

    Our Advice

    Critical Insight

    • It is rare for project teams or sponsors to be held accountable for managing and/or measuring benefits. The assumption is often that no one will ask if benefits have been realized after the project is closed.
    • The focus is largely on the project’s schedule, budget, and scope, with little attention paid to the value that the project is meant to deliver to the organization.
    • Without an objective stakeholder to hold people accountable for defining benefits and demonstrating their delivery, benefits will continue to be treated as red tape.
    • Sponsors will not take the time to define benefits properly, if at all. The project team will not take the time to ensure they are still achievable as the project progresses. When the project is complete, no one will investigate actual project success.

    Impact and Result

    • The project sponsor and business unit leaders must own project benefits; IT is only accountable for delivering the solution.
    • IT can play a key role in this process by establishing and supporting a benefits realization process. They can help business unit leaders and sponsors define benefits properly, identify meaningful metrics, and report on benefits realization effectively.
    • The project management office is ideally suited to facilitate this process by providing tools and templates, and a consistent and comparable view across projects.
    • Project managers are accountable for delivering the project, not for delivering the benefits of the project itself. However, they must ensure that changes to project scope are assessed for impact on benefits viability.

    Measure IT Project Value Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should establish a benefits legitimacy practice, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish benefits legitimacy during portfolio Intake

    This phase will help you define a benefits management process to help support effective benefits definition during portfolio intake.

    • Deliver Project Value With a Benefits Legitimacy Initiative – Phase 1: Establish Benefits Legitimacy During Portfolio Intake
    • Project Sponsor Role Description Template
    • Benefits Commitment Form Template
    • Right-Sized Business Case Template

    2. Maintain benefits legitimacy throughout project planning and execution

    This phase will help you define a process for effective benefits management during project planning and the execution intake phase.

    • Deliver Project Value With a Benefits Legitimacy Initiative – Phase 2: Maintain Benefits Legitimacy Throughout Project Planning and Execution
    • Project Benefits Documentation Workbook
    • Benefits Legitimacy Workflow Template (PDF)
    • Benefits Legitimacy Workflow Template (Visio)

    3. Close the deal on project benefits

    This phase will help you define a process for effectively tracking and reporting on benefits realization post-project.

    • Deliver Project Value With a Benefits Legitimacy Initiative – Phase 3: Close the Deal on Project Benefits
    • Portfolio Benefits Tracking Tool
    • Benefits Lag Report Template
    • Benefits Legitimacy Handbook Template
    [infographic]

    Workshop: Measure IT Project Value

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Analyze the Current State of Benefits Management

    The Purpose

    Assess the current state of benefits management at your organization and establish a realistic target state.

    Establish project and portfolio baselines for benefits management.

    Key Benefits Achieved

    Set achievable workshop goals and align stakeholder expectations.

    Establish a solid foundation for benefits management success.

    Activities

    1.1 Introductions and overview.

    1.2 Discuss attendee expectations and goals.

    1.3 Complete Info-Tech’s PPM Current State Scorecard.

    1.4 Perform right-wrong-confusing-missing analysis.

    1.5 Define target state for benefits management.

    1.6 Refine project levels.

    Outputs

    Info-Tech’s PPM Current State Scorecard report

    Right-wrong-confusing-missing analysis

    Stakeholder alignment around workshop goals and target state

    Info-Tech’s Project Intake Classification Matrix

    2 Establish Benefits Legitimacy During Portfolio Intake

    The Purpose

    Establish organizationally specific benefit metrics and KPIs.

    Develop clear roles and accountabilities for benefits management.

    Key Benefits Achieved

    An articulation of project benefits and measurements.

    Clear checkpoints for benefits communication during the project are defined.

    Activities

    2.1 Map the current portfolio intake process.

    2.2 Establish project sponsor responsibilities and accountabilities for benefits management.

    2.3 Develop organizationally specific benefit metrics and KPIs.

    2.4 Integrate intake legitimacy into portfolio intake processes.

    Outputs

    Info-Tech’s Project Sponsor Role Description Template

    Info-Tech’s Benefits Commitment Form Template

    Intake legitimacy process flow and RASCI chart

    Intake legitimacy SOP

    3 Maintain Benefits Legitimacy Throughout Project Planning and Execution

    The Purpose

    Develop a customized SOP for benefits management during project planning and execution.

    Key Benefits Achieved

    Ensure that all changes to the project have been recorded and benefits have been updated in preparation for deployment.

    Updated benefits expectations are included in the final sign-off package.

    Activities

    3.1 Map current project management process and audit project management documentation.

    3.2 Identify appropriate benefits control points.

    3.3 Customize project management documentation to integrate benefits.

    3.4 Develop a deployment legitimacy process flow.

    Outputs

    Customized project management toolkit

    Info-Tech’s Project Benefits Documentation Workbook

    Deployment of legitimacy process flow and RASCI chart

    Deployment of legitimacy SOP

    4 Close the Deal on Project Benefits

    The Purpose

    Develop a post-project benefits realization process.

    Key Benefits Achieved

    Clear project sponsorship accountabilities for post-project benefits tracking and reporting.

    A portfolio level benefits tracking tool for reporting on benefits attainment.

    Activities

    4.1 Identify appropriate benefits control points in the post-project process.

    4.2 Configure Info-Tech’s Portfolio Benefits Tracking Tool.

    4.3 Define a post-project benefits reporting process.

    4.4 Formalize protocol for reporting on, and course correcting, benefit lags.

    4.5 Develop a post-project legitimacy process flow.

    Outputs

    Info-Tech’s Portfolio Benefits Tracking Tool

    Post-Project legitimacy process flow and RASCI chart

    Post-Project Legitimacy SOP

    Info-Tech’s Benefits Legitimacy Handbook

    Info-Tech’s Benefits Legitimacy Workflow Template

    Create a Right-Sized Disaster Recovery Plan

    • Buy Link or Shortcode: {j2store}410|cart{/j2store}
    • member rating overall impact (scale of 10): 9.6/10 Overall Impact
    • member rating average dollars saved: $83,037 Average $ Saved
    • member rating average days saved: 32 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Any time a natural disaster or major IT outage occurs, it increases executive awareness and internal pressure to create a disaster recovery plan (DRP).
    • Traditional DRP templates are onerous and result in a lengthy, dense plan that might satisfy auditors but will not be effective in a crisis.
    • The myth that a DRP is only for major disasters leaves organizations vulnerable to more common incidents.
    • The growing use of outsourced infrastructure services has increased reliance on vendors to meet recovery timeline objectives.

    Our Advice

    Critical Insight

    • At its core, disaster recovery (DR) is about ensuring service continuity. Create a plan that can be leveraged for both isolated and catastrophic events.
    • Remember Murphy’s Law. Failure happens. Focus on improving overall resiliency and recovery, rather than basing DR on risk probability analysis.
    • Cost-effective DR and service continuity starts with identifying what is truly mission critical so you can focus resources accordingly. Not all services require fast failover.

    Impact and Result

    • Define appropriate objectives for service downtime and data loss based on business impact.
    • Document an incident response plan that captures all of the steps from event detection to data center recovery.
    • Create a DR roadmap to close gaps between current DR capabilities and recovery objectives.

    Create a Right-Sized Disaster Recovery Plan Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Disaster Recovery Plan (DRP) Research – A step-by-step document that helps streamline your DR planning process and build a plan that's concise, usable, and maintainable.

    Any time a major IT outage occurs, it increases executive awareness and internal pressure to create an IT DRP. This blueprint will help you develop an actionable DRP by following our four-phase methodology to define scope, current status, and dependencies; conduct a business impact analysis; identify and address gaps in the recovery workflow; and complete, extend, and maintain your DRP.

    • Create a Right-Sized Disaster Recovery Plan – Phases 1-4

    2. DRP Case Studies – Examples to help you understand the governance and incident response components of a DRP and to show that your DRP project does not need to be as onerous as imagined.

    These examples include a client who leveraged the DRP blueprint to create practical, concise, and easy-to-maintain DRP governance and incident response plans and a case study based on a hospital providing a wide range of healthcare services.

    • Case Study: Practical, Right-Sized DRP
    • Case Study: Practical, Right-Sized DRP – Healthcare Example

    3. DRP Maturity Scorecard – An assessment tool to evaluate the current state of your DRP.

    Use this tool to measure your current DRP maturity and identify gaps to address. It includes a comprehensive list of requirements for your DRP program, including core and industry requirements.

    • DRP Maturity Scorecard

    4. DRP Project Charter Template – A template to communicate important details on the project purpose, scope, and parameters.

    The project charter template includes details on the project overview (description, background, drivers, and objectives); governance and management (project stakeholders/roles, budget, and dependencies); and risks, assumptions, and constraints (known and potential risks and mitigation strategy).

    • DRP Project Charter Template

    5. DRP Business Impact Analysis Tool – An evaluation tool to estimate the impact of downtime to determine appropriate, acceptable recovery time objectives (RTOs) and recovery point objectives (RPOs) and to review gaps between objectives and actuals.

    This tool enables you to identify critical applications/systems; identify dependencies; define objective scoring criteria to evaluate the impact of application/system downtime; determine the impact of downtime and establish criticality tiers; set recovery objectives (RTO/RPO) based on the impact of downtime; record recovery actuals (RTA/RPA) and identify any gaps between objectives and actuals; and identify dependencies that regularly fail (and have a significant impact when they fail) to prioritize efforts to improve resiliency.

    • DRP Business Impact Analysis Tool
    • Legacy DRP Business Impact Analysis Tool

    6. DRP BIA Scoring Context Example – A tool to record assumptions you made in the DRP Business Impact Analysis Tool to explain the results and drive business engagement and feedback.

    Use this tool to specifically record assumptions made about who and what are impacted by system downtime and record assumptions made about impact severity.

    • DRP BIA Scoring Context Example

    7. DRP Recovery Workflow Template – A flowchart template to provide an at-a-glance view of the recovery workflow.

    This simple format is ideal during crisis situations, easier to maintain, and often quicker to create. Use this template to document the Notify - Assess - Declare disaster workflow, document current and planned future state recovery workflows, including gaps and risks, and review an example recovery workflow.

    • DRP Recovery Workflow Template (PDF)
    • DRP Recovery Workflow Template (Visio)

    8. DRP Roadmap Tool – A visual roadmapping tool that will help you plan, communicate, and track progress for your DRP initiatives.

    Improving DR capabilities is a marathon, not a sprint. You likely can't fund and resource all the measures for risk mitigation at once. Instead, use this tool to create a roadmap for actions, tasks, projects, and initiatives to complete in the short, medium, and long term. Prioritize high-benefit, low-cost mitigations.

    • DRP Roadmap Tool

    9. DRP Recap and Results Template – A template to summarize and present key findings from your DR planning exercises and documents.

    Use this template to present your results from the DRP Maturity Scorecard, BCP-DRP Fitness Assessment, DRP Business Impact Analysis Tool, tabletop planning exercises, DRP Recovery Workflow Template, and DRP Roadmap Tool.

    • DRP Recap and Results Template

    10. DRP Workbook – A comprehensive tool that enables you to organize information to support DR planning.

    Leverage this tool to document information regarding DRP resources (list the documents/information sources that support DR planning and where they are located) and DR teams and contacts (list the DR teams, SMEs critical to DR, and key contacts, including business continuity management team leads that would be involved in declaring a disaster and coordinating response at an organizational level).

    • DRP Workbook

    11. Appendix

    The following tools and templates are also included as part of this blueprint to use as needed to supplement the core steps above:

    • DRP Incident Response Management Tool
    • DRP Vendor Evaluation Questionnaire
    • DRP Vendor Evaluation Tool
    • Severity Definitions and Escalation Rules Template
    • BCP-DRP Fitness Assessment
    [infographic]

    Workshop: Create a Right-Sized Disaster Recovery Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Parameters for Your DRP

    The Purpose

    Identify key applications and dependencies based on business needs.

    Key Benefits Achieved

    Understand the entire IT “footprint” that needs to be recovered for key applications. 

    Activities

    1.1 Assess current DR maturity.

    1.2 Determine critical business operations.

    1.3 Identify key applications and dependencies.

    Outputs

    Current challenges identified through a DRP Maturity Scorecard.

    Key applications and dependencies documented in the Business Impact Analysis (BIA) Tool.

    2 Determine the Desired Recovery Timeline

    The Purpose

    Quantify application criticality based on business impact.

    Key Benefits Achieved

    Appropriate recovery time and recovery point objectives defined (RTOs/RPOs).

    Activities

    2.1 Define an objective scoring scale to indicate different levels of impact.

    2.2 Estimate the impact of downtime.

    2.3 Determine desired RTO/RPO targets for applications based on business impact.

    Outputs

    Business impact analysis scoring criteria defined.

    Application criticality validated.

    RTOs/RPOs defined for applications and dependencies.

    3 Determine the Current Recovery Timeline and DR Gaps

    The Purpose

    Determine your baseline DR capabilities (your current state).

    Key Benefits Achieved

    Gaps between current and desired DR capability are quantified.

    Activities

    3.1 Conduct a tabletop exercise to determine current recovery procedures.

    3.2 Identify gaps between current and desired capabilities.

    3.3 Estimate likelihood and impact of failure of individual dependencies.

    Outputs

    Current achievable recovery timeline defined (i.e. the current state).

    RTO/RPO gaps identified.

    Critical single points of failure identified.

    4 Create a Project Roadmap to Close DR Gaps

    The Purpose

    Identify and prioritize projects to close DR gaps.

    Key Benefits Achieved

    DRP project roadmap defined that will reduce downtime and data loss to acceptable levels.

    Activities

    4.1 Determine what projects are required to close the gap between current and desired DR capability.

    4.2 Prioritize projects based on cost, effort, and impact on RTO/RPO reduction.

    4.3 Validate that the suggested projects will achieve the desired DR capability.

    Outputs

    Potential DR projects identified.

    DRP project roadmap defined.

    Desired-state incident response plan defined, and project roadmap validated.

    5 Establish a Framework for Documenting Your DRP, and Summarize Next Steps

    The Purpose

    Outline how to create concise, usable DRP documentation.

    Summarize workshop results. 

    Key Benefits Achieved

    A realistic and practical approach to documenting your DRP.

    Next steps documented. 

    Activities

    5.1 Outline a strategy for using flowcharts and checklists to create concise, usable documentation.

    5.2 Review Info-Tech’s DRP templates for creating system recovery procedures and a DRP summary document.

    5.3 Summarize the workshop results, including current potential downtime and action items to close gaps.

    Outputs

    Current-state and desired-state incident response plan flowcharts.

    Templates to create more detailed documentation where necessary.

    Executive communication deck that outlines current DR gaps, how to close those gaps, and recommended next steps.

    Further reading

    Create a Right-Sized Disaster Recovery Plan

    Close the gap between your DR capabilities and service continuity requirements.

    ANALYST PERSPECTIVE

    An effective disaster recovery plan (DRP) is not just an insurance policy.

    "An effective DRP addresses common outages such as hardware and software failures, as well as regional events, to provide day-to-day service continuity. It’s not just insurance you might never cash in. Customers are also demanding evidence of an effective DRP, so organizations without a DRP risk business impact not only from extended outages but also from lost sales. If you are fortunate enough to have executive buy-in, whether it’s due to customer pressure or concern over potential downtime, you still have the challenge of limited time to dedicate to disaster recovery (DR) planning. Organizations need a practical but structured approach that enables IT leaders to create a DRP without it becoming their full-time job."

    Frank Trovato,

    Research Director, Infrastructure

    Info-Tech Research Group

    Is this research for you?

    This Research Is Designed For:

    • Senior IT management responsible for executing DR.
    • Organizations seeking to formalize, optimize, or validate an existing DRP.
    • Business continuity management (BCM) professionals leading DRP development.

    This Research Will Help You:

    • Create a DRP that is aligned with business requirements.
    • Prioritize technology enhancements based on DR requirements and risk-impact analysis.
    • Identify and address process and technology gaps that impact DR capabilities and day-to-day service continuity.

    This Research Will Also Assist:

    • Executives who want to understand the time and resource commitment required for DRP.
    • Members of BCM and crisis management teams who need to understand the key elements of an IT DRP.

    This Research Will Help Them:

    • Scope the time and effort required to develop a DRP.
    • Align business continuity, DR, and crisis management plans.

    Executive summary

    Situation

    • Any time a natural disaster or major IT outage occurs, it increases executive awareness and internal pressure to create a DRP.
    • Industry standards and government regulations are driving external pressure to develop business continuity and IT DR plans.
    • Customers are asking suppliers and partners to provide evidence that they have a workable DRP before agreeing to do business.

    Complication

    • Traditional DRP templates are onerous and result in a lengthy, dense plan that might satisfy auditors, but will not be effective in a crisis.
    • The myth that a DRP is only for major disasters leaves organizations vulnerable to more common incidents.
    • The growing use of outsourced infrastructure services has increased reliance on vendors to meet recovery timeline objectives.

    Resolution

    • Create an effective DRP by following a structured process to discover current capabilities and define business requirements for continuity:
      • Define appropriate objectives for service downtime and data loss based on business impact.
      • Document an incident response plan that captures all of the steps from event detection to data center recovery.
      • Create a DR roadmap to close gaps between current DR capabilities and recovery objectives.

    Info-Tech Insight

    1. At its core, DR is about ensuring service continuity. Create a plan that can be leveraged for both isolated and catastrophic events.
    2. Remember Murphy’s Law. Failure happens. Focus on improving overall resiliency and recovery, rather than basing DR on risk probability analysis.
    3. Cost-effective DR and service continuity starts with identifying what is truly mission critical so you can focus resources accordingly. Not all services require fast failover.

    An effective DRP is critical to reducing the cost of downtime

    If you don’t have an effective DRP when failure occurs, expect to face extended downtime and exponentially rising costs due to confusion and lack of documented processes.

    Image displayed is a graph that shows that delay in recovery causes exponential revenue loss.

    Potential Lost Revenue

    The impact of downtime tends to increase exponentially as systems remain unavailable (graph at left). A current, tested DRP will significantly improve your ability to execute systems recovery, minimizing downtime and business impact. Without a DRP, IT is gambling on its ability to define and implement a recovery strategy during a time of crisis. At the very least, this means extended downtime – potentially weeks or months – and substantial business impact.

    Adapted from: Philip Jan Rothstein, 2007

    Cost of Downtime for the Fortune 1000

    Cost of unplanned apps downtime per year: $1.25B to $2.5B.

    Cost of critical apps failure per hour: $500,000 to $1M.

    Cost of infrastructure failure per hour: $100,000.

    35% reported to have recovered within 12 hours.

    17% of infrastructure failures took more than 24 hours to recover.

    13% of application failures took more than 24 hours to recover.

    Source: Stephen Elliot, 2015

    Info-Tech Insight

    The cost of downtime is rising across the board, and not just for organizations that traditionally depend on IT (e.g. e-commerce). Downtime cost increase since 2010:

    Hospitality: 129% increase

    Transportation: 108% increase

    Media organizations: 104% increase

    An effective DRP also sets clear recovery objectives that align with system criticality to optimize spend

    The image displays a disaster recovery plan example, where different tiers are in place to support recovery in relation to time.

    Take a practical approach that creates a more concise and actionable DRP

    DR planning is not your full-time job, so it can’t be a resource- and time-intensive process.

    The Traditional Approach Info-Tech’s Approach

    Start with extensive risk and probability analysis.

    Challenge: You can’t predict every event that can occur, and this delays work on your actual recovery procedures.

    Focus on how to recover regardless of the incident.

    We know failure will happen. Focus on improving your ability to failover to a DR environment so you are protected regardless of what causes primary site failure.

    Build a plan for major events such as natural disasters.

    Challenge: Major destructive events only account for 12% of incidents while software/hardware issues account for 45%. The vast majority of incidents are isolated local events.

    An effective DRP improves day-to-day service continuity, and is not just for major events.

    Leverage DR planning to address both common (e.g. power/network outage or hardware failure) as well as major events. It must be documentation you can use, not shelfware.

    Create a DRP manual that provides step-by-step instructions that anyone could follow.

    Challenge: The result is lengthy, dense manuals that are difficult to maintain and hard to use in a crisis. The usability of DR documents has a direct impact on DR success.

    Create concise documentation written for technical experts.

    Use flowcharts, checklists, and diagrams. They are more usable in a crisis and easier to maintain. You aren’t going to ask a business user to recover your SQL Server databases, so you can afford to be concise.

    DR must be integrated with day-to-day incident management to ensure service continuity

    When a tornado takes out your data center, it’s an obvious DR scenario and the escalation towards declaring a disaster is straightforward.

    The challenge is to be just as decisive in less-obvious (and more common) DR scenarios such as a critical system hardware/software failure, and knowing when to move from incident management to DR. Don’t get stuck troubleshooting for days when you could have failed over in hours.

    Bridge the gap with clearly-defined escalation rules and criteria for when to treat an incident as a disaster.

    Image displays two graphs. The graph on the left measures the extent that service management processes account for disasters by the success meeting RTO and RPO. The graph on the right is a double bar graph that shows DRP being integrated and not integrated in the following categories: Incident Classifications, Severity Definitions, Incident Models, Escalation Procedures. These are measured based on the success meeting RTO and RPO.

    Source: Info-Tech Research Group; N=92

    Myth busted: The DRP is separate from day-to-day ops and incident management.

    The most common threats to service continuity are hardware and software failures, network outages, and power outages

    The image displayed is a bar graph that shows the common threats to service continuity. There are two areas of interest that have labels. The first is: 45% of service interruptions that went beyond maximum downtime guidelines set by the business were caused by software and hardware issues. The second label is: Only 12% of incidents were caused by major destructive events.

    Source: Info-Tech Research Group; N=87

    Info-Tech Insight

    Does this mean I don’t need to worry about natural disasters? No. It means DR planning needs to focus on overall service continuity, not just major disasters. If you ignore the more common but less dramatic causes of service interruptions, you are diminishing the business value of a DRP.

    Myth busted: DRPs are just for destructive events – fires, floods, and natural disasters.

    DR isn’t about identifying risks; it’s about ensuring service continuity

    The traditional approach to DR starts with an in-depth exercise to identify risks to IT service continuity and the probability that those risks will occur.

    Here’s why starting with a risk register is ineffective:

    • Odds are, you won’t think of every incident that might occur. If you think of twenty risks, it’ll be the twenty-first that gets you. If you try to guard against that twenty-first risk, you can quickly get into cartoonish scenarios and much more costly solutions.
    • The ability to failover to another site mitigates the risk of most (if not all) incidents (fire, flood, hardware failure, tornado, etc.). A risk and probability analysis doesn’t change the need for a plan that includes a failover procedure.

    Where risk is incorporated in this methodology:

    • Use known risks to further refine your strategy (e.g. if you are prone to hurricanes, plan for greater geographic separation between sites; ensure you have backups, in addition to replication, to mitigate the risk of ransomware).
    • Identify risks to your ability to execute DR (e.g. lack of cross-training, backups that are not tested) and take steps to mitigate those risks.

    Myth busted: A risk register is the critical first step to creating an effective DR plan.

    You can’t outsource accountability and you can’t assume your vendor’s DR capabilities meet your needs

    Outsourcing infrastructure services – to a cloud provider, co-location provider, or managed service provider (MSP) – can improve your DR and service continuity capabilities. For example, a large public cloud provider will generally have:

    • Redundant telecoms service providers, network infrastructure, power feeds, and standby power.
    • Round-the-clock infrastructure and security monitoring.
    • Multiple data centers in a given region, and options to replicate data and services across regions.

    Still, failure is inevitable – it’s been demonstrated multiple times1 through high-profile outages. When you surrender direct control of the systems themselves, it’s your responsibility to ensure the vendor can meet your DR requirements, including:

    • A DR site and acceptable recovery times for systems at that site.
    • An acceptable replication/backup schedule.

    Sources: Kyle York, 2016; Shaun Nichols, 2017; Stephen Burke, 2017

    Myth busted: I outsource infrastructure services so I don’t have to worry about DR. That’s my vendor’s responsibility.

    Choose flowcharts over process guides, checklists over procedures, and diagrams over descriptions

    IT DR is not an airplane disaster movie. You aren’t going to ask a business user to execute a system recovery, just like you wouldn’t really want a passenger with no flying experience to land a plane.

    In reality, you write a DR plan for knowledgeable technical staff, which allows you to summarize key details your staff already know. Concise, visual documentation is:

    • Quicker to create.
    • Easier to use.
    • Simpler to maintain.

    "Without question, 300-page DRPs are not effective. I mean, auditors love them because of the detail, but give me a 10-page DRP with contact lists, process flows, diagrams, and recovery checklists that are easy to follow."

    – Bernard Jones, MBCI, CBCP, CORP, Manager Disaster Recovery/BCP, ActiveHealth Management

    A graph is displayed. It shows a line graph where the DR success is higher by using flowcharts, checklists, and diagrams.

    Source: Info-Tech Research Group; N=95

    *DR Success is based on stated ability to meet recovery time objectives (RTOs) and recovery point objectives (RPOs), and reported confidence in ability to consistently meet targets.

    Myth busted: A DRP must include every detail so anyone can execute recovery.

    A DRP is part of an overall business continuity plan

    A DRP is the set of procedures and supporting documentation that enables an organization to restore its core IT services (i.e. applications and infrastructure) as part of an overall business continuity plan (BCP), as described below. Use the templates, tools, and activities in this blueprint to create your DRP.

    Overall BCP
    IT DRP BCP for Each Business Unit Crisis Management Plan
    A plan to restore IT services (e.g. applications and infrastructure) following a disruption. This includes:
    • Identifying critical applications and dependencies.
    • Defining an appropriate (desired) recovery timeline based on a business impact analysis (BIA).
    • Creating a step-by-step incident response plan.
    A set of plans to resume business processes for each business unit. Info-Tech’s Develop a Business Continuity Plan blueprint provides a methodology for creating business unit BCPs as part of an overall BCP for the organization. A set of processes to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage. This includes emergency response plans, crisis communication plans, and the steps to invoke BC/DR plans when applicable. Info-Tech’s Implement Crisis Management Best Practices blueprint provides a structured approach to develop a crisis management process.

    Note: For DRP, we focus on business-facing IT services (as opposed to the underlying infrastructure), and then identify required infrastructure as dependencies (e.g. servers, databases, network).

    Take a practical but structured approach to creating a concise and effective DRP

    Image displayed shows the structure of this blueprint. It shows the structure of phases 1-4 and the related tools and templates for each phase.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Info-Tech advisory services deliver measurable value

    Info-Tech members save an average of $22,983 and 22 days by working with an Info-Tech analyst on DRP (based on client response data from Info-Tech Research Group’s Measured Value Survey, following analyst advisory on this blueprint).

    Why do members report value from analyst engagement?

    1. Expert advice on your specific situation to overcome obstacles and speed bumps.
    2. Structured project and guidance to stay on track.
    3. Project deliverables review to ensure the process is applied properly.

    Guided implementation overview

    Your trusted advisor is just a call away.

    Define DRP scope (Call 1)

    Scope requirements, objectives, and your specific challenges. Identify applications/ systems to focus on first.

    Define current status and system dependencies (Calls 2-3)

    Assess current DRP maturity. Identify system dependencies.

    Conduct a BIA (Calls 4-6)

    Create an impact scoring scale and conduct a BIA. Identify RTO and RPO for each system.

    Recovery workflow (Calls 7-8)

    Create a recovery workflow based on tabletop planning. Identify gaps in recovery capabilities.

    Projects and action items (Calls 9-10)

    Identify and prioritize improvements. Summarize results and plan next steps.

    Your guided implementations will pair you with an advisor from our analyst team for the duration of your DRP project.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Image displays the workshop overview for this blueprint. It is a workshop that runs for 4 days and covers various activities and produces many deliverables.

    End-user complaints distract from serious IT-based risks to business continuity

    Case Study

    Industry: Manufacturing
    Source: Info-Tech Research Group Client Engagement

    A global manufacturer with annual sales over $1B worked with Info-Tech to improve DR capabilities.

    DRP BIA

    Conversations with the IT team and business units identified the following impact of downtime over 24 hours:

    • Email: Direct Cost: $100k; Goodwill Impact Score: 8.5/16
    • ERP: Direct Cost: $1.35mm; Goodwill Impact Score: 12.5/16

    Tabletop Testing and Recovery Capabilities

    Reviewing the organization’s current systems recovery workflow identified the following capabilities:

    • Email: RTO: minutes, RPO: minutes
    • ERP: RTO: 14 hours, RPO: 24 hours

    Findings

    Because of end-user complaints, IT had invested heavily in email resiliency though email downtime had a relatively minimal impact on the business. After working through the methodology, it was clear that the business needed to provide additional support for critical systems.

    Insights at each step:

    Identify DR Maturity and System Dependencies

    Conduct a BIA

    Outline Incident Response and Recovery Workflow With Tabletop Exercises

    Mitigate Gaps and Risks

    Create a Right-Sized Disaster Recovery Plan

    Phase 1

    Define DRP Scope, Current Status, and Dependencies

    Step 1.1: Set Scope, Kick-Off the DRP Project, and Create a Charter

    This step will walk you through the following activities:

    • Establish a team for DR planning.
    • Retrieve and review existing, relevant documentation.
    • Create a project charter.

    This step involves the following participants:

    • DRP Coordinator
    • DRP Team (Key IT SMEs)
    • IT Managers

    Results and Insights

    • Set scope for the first iteration of the DRP methodology.
    • Don’t try to complete your DR and BCPs all at once.
    • Don’t bite off too much at once.

    Kick-off your DRP project

    You’re ready to start your DR project.

    This could be an annual review – but more likely, this is the first time you’ve reviewed the DR plan in years.* Maybe a failed audit might have provided a mandate for DR planning, or a real disaster might have highlighted gaps in DR capabilities. First, set appropriate expectations for what the project is and isn’t, in terms of scope, outputs, and resource commitments. Very few organizations can afford to hire a full-time DR planner, so it’s likely this won’t be your full-time job. Set objectives and timelines accordingly.

    Gather a team

    • Often, DR efforts are led by the infrastructure and operations leader. This person can act as the DRP coordinator or may delegate this role.
    • Key infrastructure subject-matter experts (SMEs) are usually part of the team and involved through the project.

    Find and review existing documentation

    • An existing DRP may have information you can re-purpose rather than re-create.
    • High-level architecture diagrams and network diagrams can help set scope (and will become part of your DR kit).
    • Current business-centric continuity of operations plans (COOPs) or BCPs are important to understand.

    Set specific, realistic objectives

    • Create a project charter (see next slide) to record objectives, timelines, and assumptions.
    *Only 20% of respondents to an Info-Tech Research Group survey (N=165) had a complete DRP; only 38% of respondents with a complete or mostly complete DRP felt it would be effective in a crisis.

    List DRP drivers and challenges

    1(a) Drivers and roadblocks

    Estimated Time: 30 minutes

    Identify the drivers and challenges to completing a functional DRP plan with the core DR team.

    DRP Drivers

    • Past outages (be specific):
      • Hardware and software failures
      • External network and power outages
      • Building damage
      • Natural disaster(s)
    • Audit findings
    • Events in the news
    • Other?

    DRP Challenges

    • Lack of time
    • Insufficient DR budget
    • Lack of executive support
    • No internal DRP expertise
    • Challenges making the case for DRP
    • Other?

    Write down insights from the meeting on flip-chart paper or a whiteboard and use the findings to inform your DRP project (e.g. challenges to address).

    Clarify expectations with a project charter

    1(b) DRP Project Charter Template

    DRP Project Charter Template components:

    Define project parameters, roles, and objectives, and clarify expectations with the executive team. Specific subsections are listed below and described in more detail in the remainder of this phase.

    • Project Overview: Includes objectives, deliverables, and scope. Leverage relevant notes from the “Project Drivers” brainstorming exercise (e.g. past outages and near misses which help make the case).
    • Governance and Management: Includes roles, responsibilities, and resource requirements.
    • Project Risks, Assumptions, and Constraints: Includes risks and mitigation strategies, as well as any assumptions and constraints.
    • Project Sign-Off: Includes IT and executive sign-off (if required).

    Note: Identify the initial team roles and responsibilities first so they can assist in defining the project charter.

    The image is a screenshot of the first page of the DRP Project Charter Template.

    Step 1.2: Assess Current State DRP Maturity

    This step will walk you through the following activities:

    • Complete Info-Tech’s DRP Maturity Scorecard.

    This step involves the following participants:

    • DRP Coordinator
    • IT SMEs

    Results and Insights

    • Identify the current state of the organization’s DRP and continuity management. Set a baseline for improvement.
    • Discover where improvement is most needed to create an effective plan.

    Only 38% of IT departments believe their DRPs would be effective in a real crisis

    Even organizations with documented DRPs struggle to make them actionable.

    • Even when a DRP does become a priority (e.g. due to regulatory or customer drivers), the challenge is knowing where to start and having a methodical step-by-step process for doing the work. With no guide to plan and resource the project, it becomes work that you complete piecemeal when you aren’t working on other projects, or at night after the kids go to bed.
    • Far too many organizations create a document to satisfy auditors rather than creating a usable plan. People in this group often just want a fill-in-the-blanks template. What they will typically find is a template for the traditional 300-page manual that goes in a binder that sits on a shelf, is difficult to maintain, and is not effective in a crisis.
    Two bar graphs are displayed. The graph on the left shows that only 20% of survey respondents indicate they have a complete DRP. The graph on the right shows that 38% of those who have a mostly completed or full DRP actually feel it would be effective in a crisis.

    Use the DRP Maturity Scorecard to assess the current state of your DRP and identify areas to improve

    1(c) DRP Maturity Scorecard

    Info-Tech’s DRP Maturity Scorecard evaluates completion status and process maturity for a comprehensive yet practical assessment across three aspects of an effective DRP program – Defining Requirements, Implementation, and Maintenance.

    Image has three boxes. One is labelled Completion status, another below it is labelled Process Maturity. There is an addition sign in between them. With an arrow leading from both boxes is another box that is labelled DRP Maturity Assessment

    Completion Status: Reflects the progress made with each component of your DRP Program.

    Process Maturity: Reflects the consistency and quality of the steps executed to achieve your completion status.

    DRP Maturity Assessment: Each component (e.g. BIA) of your DRP Program is evaluated based on completion status and process maturity to provide an accurate holistic assessment. For example, if your BIA completion status is 4 out of 5, but process maturity is a 2, then requirements were not derived from a consistent defined process. The risk is inconsistent application prioritization and misalignment with actual business requirements.

    Step 1.3: Identify Applications, Systems, and Dependencies

    This step will walk you through the following activities:

    • Identify systems, applications, and services, and the business units that use them.
    • Document applications, systems, and their dependencies in the DRP Business Impact Analysis Tool.

    This step involves the following participants:

    • DRP Coordinator
    • DRP Team

    Results and Insights

    • Identify core services and the applications that depend on them.
    • Add applications and dependencies to the DRP Business Impact Analysis Tool.

    Select 5-10 services to get started on the DRP methodology

    1(d) High-level prioritization

    Estimated Time: 30 minutes

    Working through the planning process the first time can be challenging. If losing momentum is a concern, limit the BIA to a few critical systems to start.

    Run this exercise if you need a structured exercise to decide where to focus first and identify the business users you should ask for input on the impact of system downtime.

    1. On a whiteboard or flip-chart paper, list business units in a column on the left. List key applications/systems in a row at the top. Draw a grid.
    2. At a high level, review how applications are used by each unit. Take notes to keep track of any assumptions you make.
      • Add a ✓ if members of the unit use the application or system.
      • Add an ✱ if members of the unit are heavy users of the application or system and/or use it for time sensitive tasks.
      • Leave the box blank if the app isn’t used by this unit.
    3. Use the chart to prioritize systems to include in the BIA (e.g. systems marked with an *) but also include a few less-critical systems to illustrate DRP requirements for a range of systems.

    Image is an example of what one could complete from step 1(d). There is a table shown. In the column on the left lists sales, marketing, R&D, and Finance. In the top row, there is listed: dialer, ERP. CRM, Internet, analytics, intranet

    Application Notes
    CRM
    • Supports time-critical sales and billing processes.
    Dialer
    • Used for driving the sales-call queue, integration with CRM.

    Draw a high-level sketch of your environment

    1(e) Sketch your environment

    Estimated Time: 1-2 hours

    A high-level topology or architectural diagram is an effective way to identify dependencies, application ownership, outsourced services, hardware redundancies, and more.

    Note:

    • Network diagrams or high-level architecture diagrams help to identify dependencies and redundancies. Even a rough sketch is a useful reference tool for participants, and will be valuable documentation in the final DR plan.
    • Keep the drawings tidy. Visualize the final diagram before you start to draw on the whiteboard to help with spacing and placement.
    • Collaborate with relevant SMEs to identify dependencies. Keep the drawing high-level.
    • Illustrate connections between applications or components with lines. Use color coding to illustrate where applications are hosted (e.g. in-house, at a co-lo, in a cloud or MSP environment).
    Example of a high-level topology or architectural diagram

    Document systems and dependencies

    Collaborate with system SMEs to identify dependencies for each application or system. Document the dependencies in the DRP Business Impact Analysis Tool (see image below)

    • When listing applications, focus on business-facing systems or services that business users will recognize and use terminology they’ll understand.
    • Group infrastructure components that support all other services as a single core infrastructure service to simplify dependency mapping (e.g. core router, virtual hosts, ID management, and DNS).
    • In general, each data center will have its own core infrastructure components. List each data center separately – especially if different services are hosted at each data center.
    • Be specific when documenting dependencies. Use existing asset tracking tables, discovery tools, asset management records, or configuration management tools to identify specific server names.
    • Core infrastructure dependencies, such as the network infrastructure, power supply, and centralized storage, will be a common set of dependencies for most applications, so group these into a separate category called “Core Infrastructure” to minimize repetition in your DR planning.
    • Document production components in the BIA tool. Capture in-production, redundant components performing the same work on a single dependency line. List standby systems in the notes.

    Info-Tech Best Practice

    In general, visual documentation is easier to use in a crisis and easier to maintain over time. Use Info-Tech’s research to help build your own visual SOPs.

    Document systems and dependencies

    1(f) DRP Business Impact Analysis Tool – Record systems and dependencies

    A screenshot of Info-Tech's DRP Business Impact Analysis Tool.

    Stories from the field: Info-Tech clients find value in Phase 1 in the following ways

    An organization uncovers a key dependency that needed to be treated as a Tier 1 system

    Reviewing the entire ecosystem for applications identified key dependencies that were previously considered non-critical. For example, a system used to facilitate secure data transfers was identified as a key dependency for payroll and other critical business processes, and elevated to Tier 1.

    A picture’s worth a thousand words (and 1600 servers)

    Drawing a simple architectural diagram was an invaluable tool to identify key dependencies and critical systems, and to understand how systems and dependencies were interconnected. The drawing was an aha moment for IT and business stakeholders trying to make sense of their 1600-server environment.

    Make the case for DRP

    A member of the S&P 500 used Info-Tech’s DRP Maturity Scorecard to provide a reliable objective assessment and make the case for improvements to the board of directors.

    State government agency initiates a DRP project to complement an existing COOP

    Info-Tech's DRP Project Charter enabled the CIO to clarify their DRP project scope and where it fit into their overall COOP. The project charter example provided much of the standard copy – objectives, scope, project roles, methodology, etc. – required to outline the project.

    Phase 1: Insights and accomplishments

    Image has two screenshots from Info-Tech's Phase 1 tools and templates.

    Created a charter and identified current maturity

    Image has two screenshots. One is from Info-Tech's DRP Business Impact Analysis Tool and the other is from the example in step 1(d).

    Identified systems and dependencies for the BIA

    Summary of Accomplishments:

    • Created a DRP project charter.
    • Completed the DRP Maturity Scorecard and identified current DRP maturity.
    • Prioritized applications/systems for a first pass through DR planning.
    • Identified dependencies for each application and system.

    Up Next: Conduct a BIA to establish recovery requirements

    Create a Right-Sized Disaster Recovery Plan

    Phase 2

    Conduct a BIA to Determine Acceptable RTOs and RPOs

    Step 2.1: Define an Objective Impact Scoring Scale

    This step will walk you through the following activities:

    • Create a scoring scale to measure the business impact of application and system downtime.

    This step involves the following participants:

    • DRP Coordinator
    • DRP Team

    Results and Insights

    • Use a scoring scale tied to multiple categories of real business impact to develop a more objective assessment of application and system criticality.

    Align capabilities to appropriate and acceptable RTOs and RPOs with a BIA

    Too many organizations avoid a BIA because they perceive it as onerous or unneeded. A well-managed BIA is straightforward and the benefits are tangible.

    A BIA enables you to identify appropriate spend levels, maintain executive support, and prioritize DR planning for a more successful outcome. Info-Tech has found that a BIA has a measurable impact on the organization’s ability to set appropriate objectives and investment goals.

    Two bar graphs are depicted. The one on the left shows 93% BIA impact on appropriate RTOs. The graph on the right shows that with BIA, there is 86% on BIA impact on appropriate spending.

    Info-Tech Insight

    Business input is important, but don’t let a lack of it delay a draft BIA. Complete a draft based on your knowledge of the business. Create a draft within IT, and use it to get input from business leaders. It’s easier to edit estimates than to start from scratch; even weak estimates are far better than a blank sheet.

    Pick impact categories that are relevant to your business to develop a holistic view of business impact

    Direct Cost Impact Categories

    • Revenue: permanently lost revenue.
      • Example: one third of daily sales are lost due to a website failure.
    • Productivity: lost productivity.
      • Example: finance staff can’t work without the accounting system.
    • Operating costs: additional operating costs.
      • Example: temporary staff are needed to re-key data.
    • Financial penalties: fines/penalties that could be incurred due to downtime.
      • Example: failure to meet contractual service-level agreements (SLAs) for uptime results in financial penalties.

    Goodwill, Compliance, and Health and Safety Categories

    • Stakeholder goodwill: lost customer, staff, or business partner goodwill due to harm, frustration, etc.
      • Example: customers can’t access needed services because the website is down.
      • Example: a payroll system outage delays paychecks for all staff.
      • Example: suppliers are paid late because the purchasing system is down.
    • Compliance, health, and safety:
      • Example: financial system downtime results in a missed tax filing.
      • Example: network downtime disconnects security cameras.

    Info-Tech Insight

    You don’t have to include every impact category in your BIA. Include categories that could affect your business. Defer or exclude other categories. For example, the bulk of revenue for governmental organizations comes from taxes, which won’t be permanently lost if IT systems fail.

    Modify scoring criteria to help you measure the impact of downtime

    The scoring scales define different types of business impact (e.g. costs, lost goodwill) using a common four-point scale and 24-hour timeframe to simplify BIA exercises and documentation.

    Use the suggestions below as a guide as you modify scoring criteria in the DRP Business Impact Analysis Tool:

    • All the direct cost categories (revenue, productivity, operating costs, financial penalties) require the user to define only a maximum value; the tool will populate the rest of the criteria for that category. Use the suggestions below to find the maximum scores for each of the direct cost categories:
      • Revenue: Divide total revenue for the previous year by 365 to estimate daily revenue. Assume this is the most revenue you could lose in a day, and use this number as the top score.
      • Loss of Productivity: Divide fully-loaded labor costs for the organization by 365 to estimate daily productivity costs. Use this as a proxy measure for the work lost if all business stopped for one day.
      • Increased Operating Costs: Isolate this to known additional costs that result from a disruption (e.g. costs for overtime or temporary staff). Estimate the maximum cost for the organization.
      • Financial Penalties: Isolate this to known financial penalties (e.g. due to failure to meet SLAs or compliance requirements). Use the estimated maximum penalty as the highest value on the scale.
    • Impact on Goodwill: Use an estimate of the percentage of all stakeholders impacted to assess goodwill impact.
    • Impact on Compliance; Impact on Health and Safety: The BIA tool contains default scoring criteria that account for the severity of the impact, the likelihood of occurrence, and in the case of compliance, whether a grace period is available. Use this scale as-is, or adapt this scale to suit your needs.

    Modify the default scoring scale in the DRP Business Impact Analysis Tool to reflect your organization

    2(a) DRP Business Impact Analysis Tool – Scoring criteria


    A screenshot of Info-Tech's DRP Business Impact Analysis Tool's scoring criteria

    Step 2.2: Estimate the Impact of Downtime

    This step will walk you through the following activities:

    • Identify the business impact of service/system/application downtime.

    This step involves the following participants:

    • DRP Coordinator
    • DRP Team
    • IT Service SMEs
    • Business-Side Technology Owners (optional)

    Results and Insights

    • Apply the scoring scale to develop a more objective assessment of the business impact of downtime.
    • Create criticality tiers based on the business impact of downtime.

    Estimate the impact of downtime for each system and application

    2(b) Estimate the impact of systems downtime

    Estimated Time: 3 hours

    On tab 3 of the DRP Business Impact Analysis Tool indicate the costs of downtime, as described below:

    1. Have a copy of the “Scoring Criteria” tab available to use as a reference (e.g. printed or on a second display). In tab 3 use the drop-down menu to assign a score of 0 to 4 based on levels of impact defined in the “Scoring Criteria” tab.
    2. Work horizontally across all categories for a single system or application. This will familiarize you with your scoring scales for all impact categories, and allow you to modify the scoring scales if needed before you proceed much further.
    3. For example, if a core call center phone system was down:

    • Loss of Revenue would be the portion of sales revenue generated through the call center. This might score a 1 or 2 depending on the percent of sales that are processed by the call center.
    • The Impact on Customers might be a 2 or 3 depending on the extent that some customers might be using the call center to receive support or purchase new products or services.
    • The Legal/Regulatory Compliance and Health or Safety Risk might be a 0, as the call center has no impact in either area.
  • Next, work vertically across all applications or systems within a single impact category. This will allow you to compare scores within the category as you create them to ensure internal consistency.
  • Add impact scores to the DRP Business Impact Analysis Tool

    2(c) DRP Business Impact Analysis Tool

    Screenshot of Info-Tech's DRP Business Impact Analysis Tool

    Record business reasons and assumptions that drive BIA scores

    2(d) DRP BIA Scoring Context Example

    Info-Tech suggests that IT leadership and staff identify the impact of downtime first to create a version that you can then validate with relevant business owners. As you work through the BIA as a team, have a notetaker record assumptions you make to help you explain the results and drive business engagement and feedback.

    Some common assumptions:

    • You can’t schedule a disaster, so Info-Tech suggests you assume the worst possible timing for downtime. Base the impact of downtime on the worst day for a disaster (e.g. year-end close, payroll run).
    • Record assumptions made about who and what are impacted by system downtime.
    • Record assumptions made about impact severity.
    • If you deviate from the scoring scale, or if a particular impact doesn’t fit well into the defined scoring scale, document the exception.

    Screenshot of Info-Tech's DRP BIA Scoring Context Example

    Use Info-Tech’s DRP BIA Scoring Context Example as a note-taking template.

    Info-Tech Insight

    You can’t build a perfect scoring scale. It’s fine to make reasonable assumptions based on your judgment and knowledge of the business. Just write down your assumptions. If you don’t write them down, you’ll forget how you arrived at that conclusion.

    Assign a criticality rating based on total direct and indirect costs of downtime

    2(e) DRP Business Impact Analysis Tool – Assign criticality tiers

    Once you’ve finished estimating the impact of downtime, use the following rough guideline to create an initial sort of applications into Tiers 1, 2, and 3.

    1. In general, sort applications based on the Total Impact on Goodwill, Compliance, and Safety first.
      • An effective tactic for a quick sort: assign a Tier 1 rating where scores are 50% or more of the highest total score, Tier 2 where scores are between 25% and 50%, and Tier 3 where scores are below 25%. Some organizations will also include a Tier 0 for the highest-scoring systems.
      • Then review and validate these scores and assignments.
    2. Next, consider the Total Cost of Downtime.
      • The Total Cost is calculated by the tool based on the Scoring Criteria in tab 2 and the impact scores on tab 3.
      • Decide if the total cost impact justifies increasing the criticality rating (e.g. from Tier 2 to Tier 1 due to high cost impact).
    3. Review the assigned impact scores and tiers to check that they’re in alignment. If you need to make an exception, document why. Keep exceptions to a minimum.

    Example: Highest total score is 12

    Screenshot of Info-Tech's DRP Business Impact Analysis Tool

    Step 2.3: Determine Acceptable RTO/RPO Targets

    This step will walk you through the following activities:

    • Review the “Debate Space” approach to setting RTO and RPO (recovery targets).
    • Set preliminary RTOs and RPOs by criticality tier.

    This step involves the following participants:

    • DRP Coordinator
    • DRP Team

    Results and Insights

    • Align recovery targets with the business impact of downtime and data loss.

    Use the “Debate Space” approach to align RTOs and RPOs with the impact of downtime

    The business must validate acceptable and appropriate RTOs and RPOs, but IT can use the guidelines below to set an initial estimate.

    Right-size recovery.

    A shorter RTO typically requires higher investment. If a short period of downtime has minimal impact, setting a low RTO may not be justifiable. As downtime continues, impact begins to increase exponentially to a point where downtime is intolerable – an acceptable RTO must be shorter than this. Apply the same thinking to RPOs – how much data loss is unnoticeable? How much is intolerable?

    A diagram to show the debate space in relation to RTOs and RPOs

    The “Debate Space” is between minimal impact and maximum tolerance for downtime.

    Estimate appropriate, acceptable RTOs and RPOs for each tier

    2(f) Set recovery targets

    Estimated Time: 30 minutes

    RTO and RPO tiers simplify management by setting similar recovery goals for systems and applications with similar criticality.

    Use the “Debate Space” approach to set appropriate and acceptable targets.

    1. For RTO, establish a recovery time range that is appropriate based on impact.
      • Overall, the RTO tiers might be 0-4 hours for gold, 4-24 hours for silver, and 24-48 hours for bronze.
    2. RPOs reflect target data protection measures.
      • Identify the lowest RPO within a tier and make that the standard.
      • For example, RPO for gold data might be five minutes, silver might be four hours, and bronze might be one day.
      • Use this as a guideline. RPO doesn’t always align perfectly with RTO tiers.
    3. Review RTOs and RPOs and make sure they accurately reflect criticality.

    Info-Tech Insight

    In general, the more critical the system, the shorter the RPO. But that’s not always the case. For example, a service bus might be Tier 1, but if it doesn’t store any data, RPO might be longer than other Tier 1 systems. Some systems may have a different RPO than most other systems in that tier. As long as the targets are acceptable to the business and appropriate given the impact, that’s okay.

    Add recovery targets to the DRP Business Impact Analysis Tool

    2(g) DRP Business Impact Analysis Tool – Document recovery objectives

    A screenshot of Info-Tech's DRP Business Impact Analysis Tool – Document recovery objectives

    Stories from the field: Info-Tech clients find value in Phase 2 in the following ways

    Most organizations discover something new about key applications, or the way stakeholders use them, when they work through the BIA and review the results with stakeholders. For example:

    Why complete a BIA? There could be a million reasons

    • A global manufacturer completed the DRP BIA exercise. When email went down, Service Desk phones lit up until it was resolved. That grief led to a high availability implementation for email. However, the BIA illustrated that ERP downtime was far more impactful.
    • ERP downtime would stop production lines, delay customer orders, and ultimately cost the business a million dollars a day.
    • The BIA results clearly showed that the ERP needed to be prioritized higher, and required business support for investment.

    Move from airing grievances to making informed decisions

    The DRP Business Impact Analysis Tool helped structure stakeholder consultations on DR requirements for a large university IT department. Past consultations had become an airing of grievances. Using objective impact scores helped stakeholders stay focused and make informed decisions around appropriate RTOs and RPOs.

    Phase 2: Insights and accomplishments

    Screenshots of the tools and templates from this phase.

    Estimated the business impact of downtime

    Screenshot of a tools from this phase

    Set recovery targets

    Summary of Accomplishments

    • Created a scoring scale tied to different categories of business impact.
    • Applied the scoring scale to estimate the business impact of system downtime.
    • Identified appropriate, acceptable RTOs and RPOs.

    Up Next:Conduct a tabletop planning exercise to establish current recovery capabilities

    Create a Right-Sized Disaster Recovery Plan

    Phase 3

    Identify and Address Gaps in the Recovery Workflow

    Step 3.1: Determine Current Recovery Workflow

    This step will walk you through the following activities:

    • Run a tabletop exercise.
    • Outline the steps for the initial response (notification, assessment, disaster declaration) and systems recovery (i.e. document your recovery workflow).
    • Identify any gaps and risks in your initial response and systems recovery.

    This step involves the following participants:

    • DRP Coordinator
    • IT Infrastructure SMEs (for systems in scope)
    • Application SMEs (for systems in scope)

    Results and Insights

    • Use a repeatable practical exercise to outline and document the steps you would use to recover systems in the event of a disaster, as well as identify gaps and risks to address.
    • This is also a knowledge-sharing opportunity for your team, and a practical means to get their insights, suggestions, and recovery knowledge down on paper.

    Tabletop planning: an effective way to test and document your recovery workflow

    In a tabletop planning exercise, the DRP team walks through a disaster scenario to map out what should happen at each stage, and effectively defines a high-level incident response plan (i.e. recovery workflow).

    Tabletop planning had the greatest impact on meeting recovery objectives (RTOs/RPOs) among survey respondents.

    A bar graph is displayed that shows that tabletop planning has the greatest impact on meeting recovery objectives (RTOs/RPOs) among survey respondents.

    *Note: Relative importance indicates the contribution an individual testing methodology, conducted at least annually, had on predicting success meeting recovery objectives, when controlling for all other types of tests in a regression model. The relative-importance values have been standardized to sum to 100%.

    Success was based on the following items:

    • RTOs are consistently met.
    • IT has confidence in the ongoing ability to meet RTOs.
    • RPOs are consistently met.
    • IT has confidence in the ongoing ability to meet RPOs.

    Why is tabletop planning so effective?

    • It enables you to play out a wider range of scenarios than technology-based testing (e.g. full-scale, parallel) due to cost and complexity factors.
    • It is non-intrusive, so it can be executed more frequently than other testing methodologies.
    • It easily translates into the backbone of your recovery documentation, as it allows you to review all aspects of your recovery plan.

    Focus first on IT DR

    Your DRP is IT contingency planning. It is not crisis management or BCP.

    The goal is to define a plan to restore applications and systems following a disruption. For your first tabletop exercise, Info-Tech recommends you use a non-life-threatening scenario that requires at least a temporary relocation of your data center (i.e. failing over to a DR site/environment). Assume a gas leak or burst water pipe renders the data center inaccessible. Power is shut off and IT must failover systems to another location. Once you create the master procedure, review the plan to ensure it addresses other scenarios.

    Info-Tech Insight

    When systems fail, you are faced with two high-level options: failover or recover in place. If you document the plan to failover systems to another location, you’ll have documented the core of your DR procedures. This differs from traditional scenario planning where you define separate plans for different what-if scenarios. The goal is one plan that can be adapted to different scenarios, which reduces the effort to build and maintain your DRP.

    Conduct a tabletop planning exercise to outline DR procedures in your current environment

    3(a) Tabletop planning

    Estimated Time: 2-3 hours

    For each high-level recovery step, do the following:

    1. On white cue cards:
      • Record the step.
      • Indicate the task owner (if required for clarity).
      • Note time required to complete the step. After the exercise, use this to build a running recovery time where 00:00 is when the incident occurred.
    2. On yellow cue cards, document gaps in people, process, and technology requirements to complete the step.
    3. On red cue cards, indicate risks (e.g. no backup person for a key staff member).
    An example is shown on what can be done during step 3(a). Three cue cards are showing in white, yellow, and red.

    Do:

    • Review the complete workflow from notification all the way to user acceptance testing.
    • Keep focused; stay on task and on time.
    • Revisit each step and record gaps and risks (and known solutions, but don’t dwell on this).
    • Revise and improve the plan with task owners.

    Don't:

    • Get weighed down by tools.
    • Document the details right away – stick to the high-level plan for the first exercise.
    • Try to find solutions to every gap/risk as you go. Save in-depth research/discussion for later.

    Flowchart the current-state incident response plan (i.e. document the recovery workflow)

    3(b) DRP Recovery Workflow Template and Case Study: Practical, Right-Sized DRP

    Why use flowcharts?

    • Flowcharts provide an at-a-glance view, ideal for disaster scenarios where pressure is high and quick upward communication is necessary.
    • For experienced staff, a high-level reminder of key steps is sufficient.

    Use the completed tabletop planning exercise results to build this workflow.

    "We use flowcharts for our declaration procedures. Flowcharts are more effective when you have to explain status and next steps to upper management." – Assistant Director, IT Operations, Healthcare Industry

    Source: Info-Tech Research Group Interview

    Screenshot of Info-Tech's DRP Recovery Workflow Template

    For a formatted template you can use to capture your plan, see Info-Tech’s DRP Recovery Workflow Template.

    For a completed example of tabletop planning results, review Info-Tech’s Case Study: Practical, Right-Sized DRP.

    Identify RPA

    What’s my RPA? Consider the following case:

    • Once a week, a full backup is taken of the complete ERP system and is transferred over the WAN to a secondary site 250 miles away, where it is stored on disk.
    • Overnight, an incremental backup is taken of the day’s changes, and is transferred to the same secondary site, and also stored on disk.
    • During office hours, the SAN takes a snapshot of changes which are kept on local storage (information on the accounting system usually only changes during office hours).
    • So what’s the RPA? One hour (snapshots), one day (incrementals), or one week (full backups)?

    When identifying RPA, remember the following:

    You are planning for a disaster scenario, where on-site systems may be inaccessible and any copies of data taken during the disaster may fail, be corrupt, or never make it out of the data center (e.g. if the network fails before the backup file ships). In the scenario above, it seems likely that off-site incremental backups could be restored, leading to a 24-hour RPA. However, if there were serious concerns about the reliability of the daily incrementals, the RPA could arguably be based on the weekly full backups.

    Info-Tech Best Practice

    The RPA is a commitment to the maximum data you would lose in a DR scenario with current capabilities (people, process, and technology). Pick a number you can likely achieve. List any situations where you couldn’t meet this RPA, and identify those for a risk tolerance discussion. In the example above, complete loss of the primary SAN would also mean losing the snapshots, so the last good copy of the data could be up to 24-hours old.

    Add recovery actuals (RTA/RPA) to your copy of the BIA

    3(c) DRP Business Impact Analysis Tool– Recovery actuals

    On the “Impact Analysis” tab in the DRP Business Impact Analysis Tool, enter the estimated maximum downtime and data loss in the RTA and RPA columns.

    1. Estimate the RTA based on the required time for complete recovery. Review your recovery workflow to identify this timeline. For example, if the notification, assessment, and declaration process takes two hours, and systems recovery requires most of a day, the estimated RTA could be 24 hours.
    2. Estimate the RPA based on the longest interval between copies of the data being shipped offsite. For example, if data on a particular system is backed up offsite once per day, and the onsite system was destroyed just before that backup began, the entire day’s data could be lost and estimated RPA could be 24 hours. Note: Enter 9999 to indicate that data is unrecoverable.

    A screenshot of Info-Tech's DRP Business Impact Analysis Tool – Recovery actuals

    Info-Tech Best Practice

    It’s okay to round numbers to the nearest shift, day, or week for simplicity (e.g. 24 hours rather than 22.5 hours, or 8 hours rather than 7.25 hours).

    Test the recovery workflow against additional scenarios

    3(d) Workflow review

    Estimated Time: 1 hour

    Review your recovery workflow with a different scenario in mind.

    • Work from and update the soft copy of your recovery workflow.
    • Would any steps be different if the scenario changes? If yes, capture the different flow with a decision diamond. Identify any new gaps or risks you encounter with red and yellow cards. Use as few decision diamonds as possible.

    Screenshot of testing the workflow against the additional scenarios

    Info-Tech Best Practice

    As you start to consider scenarios where injuries or loss of life are a possibility, remember that health and safety risks are the top priority in a crisis. If there’s a fire in the data center, evacuating the building is the first priority, even if that means foregoing a graceful shut down. For more details on emergency response and crisis management, see Implement Crisis Management Best Practices.

    Consider additional IT disaster scenarios

    3(e) Thought experiment – Review additional scenarios

    Walk through your recovery workflow in the context of additional, different scenarios to ensure there are no gaps. Collaborate with your DR team to identify changes that might be required, and incorporate these changes in the plan.

    Scenario Type Considerations
    Isolated hardware/software failure
    • Failover to the DR site may not be necessary (or only for affected systems).
    Power outage or network outage
    • Do you have standby power? Do you have network redundancy?
    Local hazard (e.g. chemical leak, police incident)
    • Systems might be accessible remotely, but hands-on maintenance will be required eventually.
    • An alternate site is required for service continuity.
    Equipment/building damage (e.g. fire, roof collapse)
    • Staff injuries or loss of life are a possibility.
    • Equipment may need repair or replacement (vendor involvement).
    • An alternate site is required for service continuity.
    Regional natural disasters
    • Staff injuries or loss of life are a possibility.
    • Utilities may be affected (power, running water, etc.).
    • Expect staff to take care of their families first before work.
    • A geographically distant alternate site may be required for service continuity.

    Step 3.2: Identify and Prioritize Projects to Close Gaps

    This step will walk you through the following activities:

    • Analyze the gaps that were identified from the maturity scorecard, tabletop planning exercise, and the RTO/RPO gaps analysis.
    • Brainstorm solutions to close gaps and mitigate risks.
    • Determine a course of action to close these gaps. Prioritize each project. Create a project implementation timeline.

    This step involves the following participants:

    • DRP Coordinator
    • IT Infrastructure SMEs

    Results and Insights

    • Prioritized list of projects and action items that can improve DR capabilities.
    • Often low-cost, low-effort quick wins are identified to mitigate at least some gaps/risks. Higher-cost, higher-effort projects can be part of a longer-term IT strategy. Improving service continuity is an ongoing commitment.

    Brainstorm solutions to address gaps and risk

    3(f) Solutioning

    Estimated Time: 1.5 hours

    1. Review each of the risk and gap cards from the tabletop exercise.
    2. As a group, brainstorm ideas to address gaps, mitigate risks, and improve resiliency. Write the list of ideas on a whiteboard or flip-chart paper. The solutions can range from quick-wins and action items to major capital investments.
    3. Try to avoid debates about feasibility at this point – that should happen later. The goal is to get all ideas on the board.

    An example of how to complete Activity 3(f). Three cue cards showing various steps are attached by arrows to steps on a whiteboard.

    Info-Tech Best Practice

    It’s about finding ways to solve the problem, not about solving the problem. When you’re brainstorming solutions to problems, don’t stop with the first idea, even if the solution seems obvious. The first idea isn’t always the best or only solution; other ideas can expand on and improve that first idea.

    Select an optimal DR deployment model from a world of choice

    There are many options for a DR deployment. What makes sense for you?

    • Sifting through the options for a DR site can be overwhelming. Simplify by eliminating deployment models that aren’t a good fit for your requirements or organization using Info-Tech’s research.
    • Someone will ask you about DR in the cloud. Cut to the chase and evaluate cloud for fit with your organization’s current capabilities and requirements. Read about the 10 Secrets for Successful DR in the Cloud.
    • Selecting and deploying a DR site is an exercise in risk mitigation. IT’s role is to advise the business on options to address the risk of not having a DR site, including cost and effort estimates. The business must then decide how to manage risk. Build total cost of ownership (TCO) estimates and evaluate possible challenges and risks for each option.

    Is it practical to invest in greater geo-redundancy that meets RTOs and RPOs during a widespread event?

    Info-Tech suggests you consider events that impact both sites, and your risk tolerance for that impact. Outline the impact of downtime at a high level if both the primary and secondary site were affected. Research how often events severe enough to have impacted both your primary and secondary sites have occurred in the past. What’s the business tolerance for this type of event?

    A common strategy: have a primary and DR site that are close enough to support low RPO/RTO, but far enough away to mitigate the impact of known regional events. Back up data to a remote third location as protection against a catastrophic event.

    Info-Tech Insight

    Approach site selection as a project. Leverage Select an Optimal Disaster Recovery Deployment Model to structure your own site-selection project.

    Set up the DRP Roadmap Tool

    3(g) DRP Roadmap Tool – Set up tool

    Use the DRP Roadmap Tool to create a high-level roadmap to plan and communicate DR action items and initiatives. Determine the data you’ll use to define roadmap items.

    Screenshot of Info-Tech's DRP Roadmap Tool

    Plan next steps by estimating timeline, effort, priority, and more

    3(h) DRP Roadmap Tool – Describe roadmap items

    A screenshot of Info-Tech's DRP Roadmap Tool to show how to describe roadmap items

    Review and communicate the DRP Roadmap Tool

    3(i) DRP Roadmap Tool – View roadmap chart

    A screenshot of Info-Tech's DRP Roadmap Tool's Roadmap tab

    Step 3.3: Review the Future State Recovery Process

    This step will walk you through the following activities:

    • Update the recovery workflow to outline your future recovery procedure.
    • Summarize findings from DR exercises and present the results to the project sponsor and other interested executives.

    This step involves the following participants:

    • DRP Coordinator
    • IT SMEs (Future State Recovery Flow)
    • DR Project Sponsor

    Results and Insights

    • Summarize results from DR planning exercises to make the case for needed DR investment.

    Outline your future state recovery flow

    3(j) Update the recovery workflow to outline response and recovery in the future

    Estimated Time: 30 minutes

    Outline your expected future state recovery flow to demonstrate improvements once projects and action items have been completed.

    1. Create a copy of your DRP recovery workflow in a new tab in Visio.
    2. Delete gap and risk cards that are addressed by proposed projects. Consolidate or eliminate steps that would be simplified or streamlined in the future if projects are implemented.
    3. Create a short-, medium-, and long-term review of changes to illustrate improvements over time to the project roadmap.
    4. Update this workflow as you implement and improve DR capabilities.

    Screenshot of the recovery workflow

    Validate recovery targets and communicate actual recovery capabilities

    3(k) Validate findings, present recommendations, secure budget

    Estimated Time: time required will vary

    1. Interview managers or process owners to validate RTO, RPO, and business impact scores.Use your assessment of “heavy users” of particular applications (picture at right) to remind you which business users you should include in the interview process.
    2. Present an overview of your findings to the management team.Use Info-Tech’s DRP Recap and Results Template to summarize your findings.
    3. Take projects into the budget process.With the management team aware of the rationale for investment in DRP, build the business case and secure budget where needed.

    Present DRP findings and make the case for needed investment

    3(I) DRP Recap and Results Template

    Create a communication deck to recap key findings for stakeholders.

    • Write a clear problem statement. Identify why you did this project (what problem you’re solving).
    • Clearly state key findings, insights, and recommendations.
    • Leverage the completed tools and templates to populate the deck. Callouts throughout the template presentation will direct you to take and populate screenshots throughout the document.
    • Use the presentation to communicate key findings to, and gather feedback from, business unit managers, executives, and IT staff.
    Screenshots of Info-Tech's DRP Recap and Results Template

    Stories from the field: Info-Tech clients find value in Phase 3 in the following ways

    Tabletop planning is an effective way to discover gaps in recovery capabilities. Identify issues in the tabletop exercise so you can manage them before disaster strikes. For example:

    Back up a second…

    A client started to back up application data offsite. To minimize data transfer and storage costs, the systems themselves weren’t backed up. Working through the restore process at the DR site, the DBA realized 30 years of COBOL and SQR code – critical business functionality – wasn’t backed up offsite.

    Net… work?

    A 500-employee professional services firm realized its internet connection could be a significant roadblock to recovery. Without internet, no one at head office could access critical cloud systems. The tabletop exercise identified this recovery bottleneck and helped prioritize the fix on the roadmap.

    Someone call a doctor!

    Hospitals rely on their phone systems for system downtime procedures. A tabletop exercise with a hospital client highlighted that if the data center were damaged, the phone system would likely be damaged as well. Identifying this provided more urgency to the ongoing VOIP migration.

    The test of time

    A small municipality relied on a local MSP to perform systems restore, but realized it had never tested the restore procedure to identify RTA. Contacting the MSP to review capabilities became a roadmap item to address this risk.

    Phase 3: Insights and accomplishments

    Screenshot of Info-Tech's DRP recovery workflow template

    Outlined the DRP response and risks to recovery

    Screenshots of activities completed related to brainstorming risk mitigation measures.

    Brainstormed risk mitigation measures

    Summary of Accomplishments

    • Planned and documented your DR incident response and systems recovery workflow.
    • Identified gaps and risks to recovery and incident management.
    • Brainstormed and identified projects and action items to mitigate risks and close gaps.

    Up Next: Leverage the core deliverables to complete, extend, and maintain your DRP

    Create a Right-Sized Disaster Recovery Plan

    Phase 4

    Complete, Extend, and Maintain Your DRP

    Phase 4: Complete, Extend, and Maintain Your DRP

    This phase will walk you through the following activities:

    • Identify progress made on your DRP by reassessing your DRP maturity.
    • Prioritize the highest value major initiatives to complete, extend, and maintain your DRP.

    This phase involves the following participants:

    • DRP Coordinator
    • Executive Sponsor

    Results and Insights

    • Communicate the value of your DRP by demonstrating progress against items in the DRP Maturity Scorecard.
    • Identify and prioritize future major initiatives to support the DRP, and the larger BCP.

    Celebrate accomplishments, plan for the future

    Congratulations! You’ve completed the core DRP deliverables and made the case for investment in DR capabilities. Take a moment to celebrate your accomplishments.

    This milestone is an opportunity to look back and look forward.

    • Look back: measure your progress since you started to build your DRP. Revisit the assessments completed in phase 1, and assess the change in your overall DRP maturity.
    • Look forward: prioritize future initiatives to complete, extend, and maintain your DRP. Prioritize initiatives that are the highest impact for the least requirement of effort and resources.

    We have completed the core DRP methodology for key systems:

    • BIA, recovery objectives, high-level recovery workflow, and recovery actuals.
    • Identify key tasks to meet recovery objectives.

    What could we do next?

    • Repeat the core methodology for additional systems.
    • Identify a DR site to meet recovery requirements, and review vendor DR capabilities.
    • Create a summary DRP document including requirements, capabilities, and change procedures.
    • Create a test plan and detailed recovery documentation.
    • Coordinate the creation of BCPs.
    • Integrate DR in other key operational processes.

    Revisit the DRP Maturity Scorecard to measure progress and identify remaining areas to improve

    4(a) DRP Maturity Scorecard – Reassess your DRP program maturity

    1. Find the copy of the DRP Maturity Scorecard you completed previously. Save a second copy of the completed scorecard in the same folder.
    2. Update scoring where you have improved your DRP documentation or capabilities.
    3. Review the new scores on tab 3. Compare the new scores to the original scores.

    Screenshot of DRP Maturity Assessment Results

    Info-Tech Best Practice

    Use the completed, updated DRP Maturity Scorecard to demonstrate the value of your continuity program, and to help you decide where to focus next.

    Prioritize major initiatives to complete, extend, and maintain the DRP

    4(b) Prioritize major initiatives

    Estimated Time: 2 hours

    Prioritize major initiatives that mitigate significant risk with the least cost and effort.

    1. Use the scoring criteria below to evaluate risk, effort, and cost for potential initiatives. Modify the criteria if required for your organization. Write this out on a whiteboard or flip-chart paper.
    2. Assign a score from 1 to 3. Multiply the scores for each initiative together for an aggregate score. In general, prioritize initiatives with higher scores.
    Score A: How significant are the risks this initiative will mitigate? B: How easily can we complete this initiative? C: How cost-effective is this initiative?
    3: High Critical impact on +50% of stakeholders, or major impact to compliance posture, or significant health/safety risk. One sprint, can be completed by a few individuals with minor supervision. Within the IT discretionary budget.
    2: Medium Impacts <50% of stakeholders, or minor impact on compliance, or degradation to health or safety controls. One quarter, and/or some increased effort required, some risk to completion. Requires budget approval from finance.
    1: Low Impacts limited to <25% of stakeholders, no impact on compliance posture or health/safety. One year, and/or major vendor or organizational challenges. Requires budget approval from the board of directors.

    Info-Tech Best Practice

    You can use a similar scoring exercise to prioritize and schedule high-benefit, low-effort, low-cost items identified in the roadmap in phase 3.

    Example: Prioritize major initiatives

    4(b) Prioritize major initiatives continued

    Write out the table on a whiteboard (record the results in a spreadsheet for reference). In the case below, IT might decide to work on repeating the core methodology first as they create the active testing plans, and tackle process changes later.

    Initiative A: How significant are the risks this initiative will mitigate? B: How easily can we complete this initiative? C: How cost-effective is this initiative? Aggregate score (A x B x C)
    Repeat the core methodology for all systems 2 – will impact some stakeholders, no compliance or safety impact. 2 – will require about 3 months, no significant complications. 3 – No cost. 12
    Add DR to project mgmt. and change mgmt. 1 – Mitigates some recovery risks over the long term. 1 – Requires extensive consultation and process review. 3 – No cost. 3
    Active failover testing on plan 2 – Mitigates some risks; documentation and cross training is already in place. 2 – Requires 3-4 months of occasional effort to prepare for test. 2 – May need to purchase some equipment before testing. 8

    Info-Tech Best Practice

    Find a pace that allows you to keep momentum going, but also leaves enough time to act on the initial findings, projects, and action items identified in the DRP Roadmap Tool. Include these initiatives in the Roadmap tool to visualize how identified initiatives fit with other tasks identified to improve your recovery capabilities.

    Repeat the core DR methodology for additional systems and applications


    You have created a DR plan for your most critical systems. Now, add the rest:

    • Build on the work you’ve already done. Re-use the BIA scoring scale. Update your existing recovery workflows, rather than creating and formatting an entirely new document. A number of steps in the recovery will be shared with, or similar to, the recovery procedures for your Tier 1 systems.

    Risks and Challenges Mitigated

    • DR requirements and capabilities for less-critical systems have not been evaluated.
    • Gaps in the recovery process for less critical systems have not been evaluated or addressed.
    • DR capabilities for less critical systems may not meet business requirements.
    Sample Outputs
    Add Tier 2 & 3 systems to the BIA.
    Complete another tabletop exercise for Tier 2 & 3 systems recovery, and add the results to the recovery workflow.
    Identify projects to close additional gaps in the recovery process. Add projects to the project roadmap.

    Info-Tech Best Practice

    Use this example of a complete, practical, right-size DR plan to drive and guide your efforts.

    Extend your core DRP deliverables

    You’ve completed the core DRP deliverables. Continue to create DRP documentation to support recovery procedures and governance processes:

    • DR documentation efforts fail when organizations try to boil the ocean with an all-in-one plan aimed at auditors, business leaders, and IT. It’s long, hard to maintain, and ends up as shelfware.
    • Create documentation in layers to keep it manageable. Build supporting documentation over time to support your high-level recovery workflow.

    Risks and Challenges Mitigated

    • Key contact information, escalation, and disaster declaration responsibilities are not identified or formalized.
    • DRP requirements and capabilities aren’t centralized. Key DRP findings are in multiple documents, complicating governance and oversight by auditors, executives, and board members.
    • Detailed recovery procedures and peripheral information (e.g. network diagrams) are not documented.
    Sample Outputs
    Three to five detailed systems recovery flowcharts/checklists.
    Documented team roles, succession plans, and contact information.
    Notification, assessment, and disaster declaration plan.
    DRP summary.
    Layer 1, 2 & 3 network diagrams.

    Info-Tech Best Practice

    Use this example of a complete, practical, right-size DR plan to drive and guide your efforts.

    Select an optimal DR deployment model and deployment site

    Your DR site has been identified as inadequate:

    • Begin with the end in mind. Commit to mastering the selected model and leverage your vendor relationship for effective DR.
    • Cut to the chase and evaluate the feasibility of cloud first. Gauge your organization’s current capabilities for DR in the cloud before becoming infatuated with the idea.
    • A mixed model gives you the best of both worlds. Diversify your strategy by identifying fit for purpose and balancing the work required to maintain various models.

    Risks and Challenges Mitigated

    • Without an identified DR site, you’ll be scrambling when a disaster hits to find and contract for a location to restore IT services.
    • Without systems and application data backed up offsite, you stand to lose critical business data and logic if all copies of the data at your primary site were lost.
    Sample Outputs
    Application assessment for cloud DR.
    TCO tool for different environments.
    Solution decision and executive presentation.

    Info-Tech Best Practice

    Use Info-Tech’s blueprint, Select the Optimal Disaster Recovery Deployment Model, to help you make sense of a world of choice for your DR site.

    Extend DRP findings to business process resiliency with a BCP pilot

    Integrate your findings from DRP into the overall BCP:

    • As an IT leader you have the skillset and organizational knowledge to lead a BCP project, but ultimately business leaders need to own the BCP – they know their processes and requirements to resume business operations better than anyone else.
    • The traditional approach to BCP is a massive project that most organizations can’t execute without hiring a consultant. To execute BCP in-house, carve up the task into manageable pieces.

    Risks and Challenges Mitigated

    • No formal plan exists to recover from a disruption to critical business processes.
    • Business requirements for IT systems recovery may change following a comprehensive review of business continuity requirements.
    • Outside of core systems recovery, IT could be involved in relocating staff, imaging and issuing new end-user equipment, etc. Identifying these requirements is part of BCP.
    Sample Outputs
    Business process-focused BIA for one business unit.
    Recovery workflows for one business unit.
    Provisioning list for one business unit.
    BCP project roadmap.

    Info-Tech Best Practice

    Use Info-Tech’s blueprint, Develop a Business Continuity Plan, to develop and deploy a repeatable BCP methodology.

    Test the plan to validate capabilities and cross-train staff on recovery procedures

    You don’t have a program to regularly test the DR plan:

    • Most DR tests are focused solely on the technology and not the DR management process – which is where most plans fail.
    • Be proactive – establish an annual test cycle and identify and coordinate resources well in advance.
    • Update DRP documentation with findings from the plan, and track the changes you make over time.

    Risks and Challenges Mitigated

    • Gaps likely still exist in the plan that are hard to find without some form of testing.
    • Customers and auditors may ask for some form of DR testing.
    • Staff may not be familiar with DR documentation or how they can use it.
    • No formal cycle to validate and update the DRP.
    Sample Outputs
    DR testing readiness assessment.
    Testing handbooks.
    Test plan summary template.
    DR test issue log and analysis tool.

    Info-Tech Best Practice

    Uncover deficiencies in your recovery procedures by using Info-Tech’s blueprint Reduce Costly Downtime Through DR Testing.

    “Operationalize” DRP management

    Inject DR planning in key operational processes to support plan maintenance:

    • Major changes, or multiple routine changes, can materially alter DR capabilities and requirements. It’s not feasible to update the DR plan after every routine change, so leverage criticality tiers in the BIA to focus your change management efforts. Critical systems require more rigorous change procedures.
    • Likewise, you can build criticality tiers into more focused project management and performance measurement processes.
    • Schedule regular tasks in your ticketing system to verify capabilities and cross-train staff on key recovery procedures (e.g. backup and restore).

    Risks and Challenges Mitigated

    • DRP is not updated “as needed” – as requirements and capabilities change due to business and technology changes.
    • The DRP is disconnected from day-to-day operations.
    Sample Outputs
    Reviewed and updated change, project, and performance management processes.
    Reviewed and updated internal SLAs.
    Reviewed and updated data protection and backup procedures.

    Review infrastructure service provider DR capabilities

    Insert DR planning in key operational processes to support plan maintenance:

    • Reviewing vendor DR capabilities is a core IT vendor management competency.
    • As your DR requirements change year-to-year, ensure your vendors’ service commitments still meet your DR requirements.
    • Identify changes in the vendor’s service offerings and DR capabilities, e.g. higher costs for additional DR support, new offerings to reduce potential downtime, or conversely, a degradation in DR capabilities.

    Risks and Challenges Mitigated

    • Vendor capabilities haven’t been measured against business requirements.
    • No internal capability exists currently to assess vendor ability to meet promised SLAs.
    • No internal capability exists to track vendor performance on recoverability.
    Sample Outputs
    A customized vendor DRP questionnaire.
    Reviewed vendor SLAs.
    Choose to keep or change service levels or vendor offerings based on findings.

    Phase 4: Insights and accomplishments

    Screenshot of DRP Maturity Assessment Results

    Identified progress against targets

    Screenshot of prioritized further initiatives.

    Prioritized further initiatives

    Screenshot of DRP Planning Roadmap

    Added initiatives to the roadmap

    Summary of Accomplishments

    • Developed a list of high-priority initiatives that can support the extension and maintenance of the DR plan over the long term.
    • Reviewed and update maturity assessments to establish progress and communicate the value of the DR program.

    Summary of accomplishment

    Knowledge Gained

    • Conduct a BIA to determine appropriate targets for RTOs and RPOs.
    • Identify DR projects required to close RTO/RPO gaps and mitigate risks.
    • Use tabletop planning to create and validate an incident response plan.

    Processes Optimized

    • Your DRP process was optimized, from BIA to documenting an incident response plan.
    • Your vendor evaluation process was optimized to identify and assess a vendor’s ability to meet your DR requirements, and to repeat this evaluation on an annual basis.

    Deliverables Completed

    • DRP Maturity Scorecard
    • DRP Business Impact Analysis Tool
    • DRP Roadmap Tool
    • Incident response plan and systems recovery workflow
    • Executive presentation

    Info-Tech’s insights bust the most obstinate myths of DRP

    Myth #1: DRPs need to focus on major events such as natural disasters and other highly destructive incidents such as fire and flood.

    Reality: The most common threats to service continuity are hardware and software failures, network outages, and power outages.

    Myth #2: Effective DRPs start with identifying and evaluating potential risks.

    Reality: DR isn’t about identifying risks; it’s about ensuring service continuity.

    Myth #3: DRPs are separate from day-to-day operations and incident management.

    Reality: DR must be integrated with service management to ensure service continuity.

    Myth #4: I use a co-lo or cloud services so I don’t have to worry about DR. That’s my vendor’s responsibility.

    Reality: You can’t outsource accountability. You can’t just assume your vendor’s DR capabilities will meet your needs.

    Myth #5: A DRP must include every detail so anyone can execute the recovery.

    Reality: IT DR is not an airplane disaster movie. You aren’t going to ask a business user to execute a system recovery, just like you wouldn’t really want a passenger with no flying experience to land a plane.

    Supplement the core documentation with these tools and templates

    • An Excel workbook workbook to track key roles on DR, business continuity, and emergency response teams. Can also track DR documentation location and any hardware purchases required for DR.
    • A questionnaire template and a response tracking tool to structure your investigation of vendor DR capabilities.
    • Integrate escalation with your DR plan by defining incident severity and escalation rules . Use this example as a template or integrate ideas into your own severity definitions and escalation rules in your incident management procedures.
    • A minute-by-minute time-tracking tool to capture progress in a DR or testing scenario. Monitor progress against objectives in real time as recovery tasks are started and completed.

    Next steps: Related Info-Tech research

    Select the Optimal Disaster Recovery Deployment Model Evaluate cloud, co-lo, and on-premises disaster recovery deployment models.

    Develop a Business Continuity Plan Streamline the traditional approach to make BCP development manageable and repeatable.

    Prepare for a DRP Audit Assess your current DRP maturity, identify required improvements, and complete an audit-ready DRP summary document.

    Document and Maintain Your Disaster Recovery Plan Put your DRP on a diet: keep it fit, trim, and ready for action.

    Reduce Costly Downtime Through DR Testing Improve your DR plan and your team’s ability to execute on it.

    Implement Crisis Management Best Practices An effective crisis response minimizes the impact of a crisis on reputation, profitability, and continuity.

    Research contributors and experts

    • Alan Byrum, Director of Business Continuity, Intellitech
    • Bernard Jones (MBCI, CBCP, CORP, ITILv3), Owner/Principal, B Jones BCP Consulting, LLC
    • Paul Beaudry, Assistant Vice-President, Technical Services, MIS, Richardson International Limited
    • Yogi Schulz, President, Corvelle Consulting

    Glossary

    • Business Continuity Management (BCM) Program: Ongoing management and governance process supported by top management and appropriately resourced to implement and maintain business continuity management. (Source: ISO 22301:2012)
    • Business Continuity Plan (BCP): Documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption. The BCP is not necessarily one document, but a collection of procedures and information.
    • Crisis: A situation with a high level of uncertainty that disrupts the core activities and/or credibility of an organization and requires urgent action. (Source: ISO 22300)
    • Crisis Management Team (CMT): A group of individuals responsible for developing and implementing a comprehensive plan for responding to a disruptive incident. The team consists of a core group of decision makers trained in incident management and prepared to respond to any situation.
    • Disaster Recovery Planning (DRP): The activities associated with the continuing availability and restoration of the IT infrastructure.
    • Incident: An event that has the capacity to lead to loss of, or a disruption to, an organization’s operations, services, or functions – which, if not managed, can escalate into an emergency, crisis, or disaster.
    • BCI Editor’s Note: In most countries “incident” and “crisis” are used interchangeably, but in the UK the term “crisis” has been generally reserved for dealing with wide-area incidents involving Emergency Services. The BCI prefers the use of “incident” for normal BCM purposes. (Source: The Business Continuity Institute)

    • Incident Management Plan: A clearly defined and documented plan of action for use at the time of an incident, typically covering the key personnel, resources, services, and actions needed to implement the incident management process.
    • IT Disaster: A service interruption requiring IT to rebuild a service, restore from backups, or activate redundancy at the backup site.
    • Recovery Point: Time elapsed between the last good copy of the data being taken and failure/corruption on the production environment; think of this as data loss.
    • Recovery Point Actual (RPA): The currently achievable recovery point after a disaster event, given existing people, processes, and technology. This reflects expected maximum data loss that could actually occur in a disaster scenario.
    • Recovery Point Objective (RPO): The target recovery point after a disaster event, usually calculated in hours, on a given system, application, or service. Think of this as acceptable and appropriate data loss. RPO should be based on a business impact analysis (BIA) to identify an acceptable and appropriate recovery target.
    • Recovery Time: Time required to restore a system, application, or service to a functional state; think of this as downtime.
    • Recovery Time Actual (RTA): The currently achievable recovery time after a disaster event, given existing people, processes, and technology. This reflects expected maximum downtime that could actually occur in a disaster scenario.
    • Recovery Time Objective (RTO): The target recovery time after a disaster event for a given system, application, or service. RTO should be based on a business impact analysis (BIA) to identify acceptable and appropriate downtime.

    Bibliography

    BCMpedia. “Recovery Objectives: RTO, RPO, and MTPD.” BCMpedia, n.d. Web.

    Burke, Stephen. “Public Cloud Pitfalls: Microsoft Azure Storage Cluster Loses Power, Puts Spotlight On Private, Hybrid Cloud Advantages.” CRN, 16 Mar. 2017. Web.

    Elliot, Stephen. “DevOps and the Cost of Downtime: Fortune 1000 Best Practice Metrics Quantified.” IDC, 2015. Web.

    FEMA. Planning & Templates. FEMA, 2015. Web.

    FINRA. “Business Continuity Plans and Emergency Contact Information.” FINRA, 2015. Web.

    FINRA. “FINRA, the SEC and CFTC Issue Joint Advisory on Business Continuity Planning.” FINRA, 2013. Web.

    Gosling, Mel, and Andrew Hiles. “Business Continuity Statistics: Where Myth Meets Fact.” Continuity Central, 2009. Web.

    Hanwacker, Linda. “COOP Templates for Success Workbook.” The LSH Group, n.d. Web.

    Homeland Security. Federal Information Security Management Act (FISMA). Homeland Security, 2015. Web.

    Nichols, Shaun. “AWS's S3 Outage Was So Bad Amazon Couldn't Get Into Its Own Dashboard to Warn the World.” The Register, 1 Mar. 2017. Web.

    Potter, Patrick. “BCM Regulatory Alphabet Soup.” RSA Archer Organization, 2012. Web.

    Rothstein, Philip Jan. “Disaster Recovery Testing: Exercising Your Contingency Plan.” Rothstein Associates Inc., 2007. Web.

    The Business Continuity Institute. “The Good Practice Guidelines.” The Business Continuity Institute, 2013. Web.

    The Disaster Recovery Journal. “Disaster Resource Guide.” The Disaster Recovery Journal, 2015. Web.

    The Disaster Recovery Journal. “DR Rules & Regulations.” The Disaster Recovery Journal, 2015. Web.

    The Federal Financial Institution Examination Council (FFIEC). Business Continuity Planning. IT Examination Handbook InfoBase, 2015. Web.

    York, Kyle. “Read Dyn’s Statement on the 10/21/2016 DNS DDoS Attack.” Oracle, 22 Oct. 2016. Web.

    Implement Infrastructure Shared Services

    • Buy Link or Shortcode: {j2store}456|cart{/j2store}
    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Organizations have service duplications for unique needs. These duplications increase business expenditure.
    • Lack of collaboration between business units to share their services increases business cost and reduces business units’ faith to implement shared services.
    • Transitioning infrastructure to shared services is challenging for many organizations. It requires an accurate planning and efficient communication between participating business units.

    Our Advice

    Critical Insight

    • Identify your current process, tool, and people capabilities before implementing shared services. Understand the financial compensations prior to implementation and assess if your organization is ready for transitioning to shared services model.
    • Do not implement shared services when the nature of the services differs greatly between business units.

    Impact and Result

    • Understand benefits of shared services for the business and determine whether transitioning to shared services would benefit the organization.
    • Identify the best implementation plan based on goals, needs, and services.
    • Build a shared-services process to manage the plan and ensure its success.

    Implement Infrastructure Shared Services Research & Tools

    Start here – Read the Executive Brief

    Read our concise Executive Brief to find out why you should implement shared services, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Conduct gap analysis

    Identify benefits of shared services to your organization and define implementation challenges.

    • Implement Infrastructure Shared Services – Phase 1: Conduct Gap Analysis
    • Shared Services Implementation Executive Presentation
    • Shared Services Implementation Business Case Template
    • Shared Services Implementation Assessment Tool

    2. Choose the right path

    Identify your process and staff capabilities and discover which services will be transitioned to shared services plan. It will also help you to figure out the best model to choose.

    • Implement Infrastructure Shared Services – Phase 2: Choose the Right Path
    • Sample Enterprise Services

    3. Plan the transition

    Discuss an actionable plan to implement shared services to track the project. Walk through a communication plan to document the goals, progress, and expectations with customer stakeholders.

    • Implement Infrastructure Shared Services – Phase 3: Plan the Transition
    • Shared Services Implementation Roadmap Tool
    • Shared Services Implementation Customer Communication Plan
    [infographic]

    Workshop: Implement Infrastructure Shared Services

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Challenges

    The Purpose

    Establish the need for change.

    Key Benefits Achieved

    Set a clear understanding about benefits of shared services to your organization.

    Activities

    1.1 Identify your organization’s main drivers for using a shared services model.

    1.2 Define if it is beneficial to implement shared services.

    Outputs

    Shared services mission

    Shared services goals

    2 Assess Your Capabilities

    The Purpose

    Become aware of challenges to implement shared services and your capabilities for such transition.

    Key Benefits Achieved

    Discover the primary challenges for transitioning to shared services, eliminate resistance factors, and identify your business potentials for implementation.

    Activities

    2.1 Identify your organization’s resistance to implement shared services.

    2.2 Assess process and people capabilities.

    Outputs

    Shared Services Business Case

    Shared Services Assessment

    3 Define the Model

    The Purpose

    Determine the shared services model.

    Key Benefits Achieved

    Identify the core services to be shared and the best model that fits your organization.

    Activities

    3.1 Define core services that will be moved to shared services.

    3.2 Assess different models of shared services and pick the one that satisfies your goals and needs.

    Outputs

    List of services to be transferred to shared services

    Shared services model

    4 Implement and Communicate

    The Purpose

    Define and communicate the tasks to be delivered.

    Key Benefits Achieved

    Confidently approach key stakeholders to make the project a reality.

    Activities

    4.1 Define the roadmap for implementing shared services.

    4.2 Make a plan to communicate changes.

    Outputs

    List of initiatives to reach the target state, strategy risks, and their timelines

    Draft of a communication plan

    Establish a Communication and Collaboration System Strategy

    • Buy Link or Shortcode: {j2store}293|cart{/j2store}
    • member rating overall impact (scale of 10): 9.3/10 Overall Impact
    • member rating average dollars saved: $6,459 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications
    • Communication and collaboration portfolios are overburdened with redundant and overlapping services. Between Office 365, Slack, Jabber, and WebEx, IT is supporting a collection of redundant apps. This redundancy takes a toll on IT, and on the user.
    • Shadow IT is easier than ever, and cheap sharing tools are viral. Users are literally carrying around computers in their pockets (in the form of smartphones). IT often has no visibility into how these devices – and the applications on them – are used for work.

    Our Advice

    Critical Insight

    • You don’t know what you don’t know. Unstructured conversations with users will uncover insights.
    • Security is meaningless without usability. If security controls make a tool unusable, then users will rush to adopt something that’s free and easy.
    • Training users on a new tool once isn’t effective. Engage with users throughout the collaboration tool’s lifecycle.

    Impact and Result

    • Few supported apps and fewer unsupported apps. This will occur by ensuring that your collaboration tools will be useful to and used by users. Give users a say through surveys, focus groups, and job shadowing.
    • Lower total cost of ownership and greater productivity. Having fewer apps in the workplace, and better utilizing the functionality of those apps, will mean that IT can be much more efficient at managing your ECS.
    • Higher end-user satisfaction. Tools will be better suited to users’ needs, and users will feel heard by IT.

    Establish a Communication and Collaboration System Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a new approach to communication and collaboration apps, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a shared vision on the future of communication and collaboration

    Identify and validate goals and collaboration tools that are used by your users, and the collaboration capabilities that must be supported by your desired ECS.

    • Establish a Communication and Collaboration System Strategy – Phase 1: Create a Shared Vision on the Future of Communication and Collaboration
    • Enterprise Collaboration Strategy Template
    • Building Company Communication and Collaboration Technology Improvement Plan Executive Presentation
    • Communications Infrastructure Stakeholder Focus Group Guide
    • Enterprise Communication and Collaboration System Business Requirements Document

    2. Map a path forward

    Map a path forward by creating a collaboration capability map and documenting your ECS requirements.

    • Establish a Communication and Collaboration System Strategy – Phase 2: Map a Path Forward
    • Collaboration Capability Map

    3. Build an IT and end-user engagement plan

    Effectively engage everyone to ensure the adoption of your new ECS. Engagement is crucial to the overall success of your project.

    • Establish a Communication and Collaboration System Strategy – Phase 3: Proselytize the Change
    • Collaboration Business Analyst
    • Building Company Exemplar Collaboration Marketing One-Pager Materials
    • Communication and Collaboration Strategy Communication Plan
    [infographic]

    Workshop: Establish a Communication and Collaboration System Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify What Needs to Change

    The Purpose

    Create a vision for the future of your ECS.

    Key Benefits Achieved

    Validate and bolster your strategy by involving your end users.

    Activities

    1.1 Prioritize Components of Your ECS Strategy to Improve

    1.2 Create a Plan to Gather Requirements From End Users

    1.3 Brainstorm the Collaboration Services That Are Used by Your Users

    1.4 Focus Group

    Outputs

    Defined vision and mission statements

    Principles for your ECS

    ECS goals

    End-user engagement plan

    Focus group results

    ECS executive presentation

    ECS strategy

    2 Map Out the Change

    The Purpose

    Streamline your collaboration service portfolio.

    Key Benefits Achieved

    Documented the business requirements for your collaboration services.

    Reduced the number of supported tools.

    Increased the effectiveness of training and enhancements.

    Activities

    2.1 Create a Current-State Collaboration Capability Map

    2.2 Build a Roadmap for Desired Changes

    2.3 Create a Future-State Capability Map

    2.4 Identify Business Requirements

    2.5 Identify Use Requirements and User Processes

    2.6 Document Non-Functional Requirements

    2.7 Document Functional Requirements

    2.8 Build a Risk Register

    Outputs

    Current-state collaboration capability map

    ECS roadmap

    Future-state collaboration capability map

    ECS business requirements document

    3 Proselytize the Change

    The Purpose

    Ensure the system is supported effectively by IT and adopted widely by end users.

    Key Benefits Achieved

    Unlock the potential of your ECS.

    Stay on top of security and industry good practices.

    Greater end-user awareness and adoption.

    Activities

    3.1 Develop an IT Training Plan

    3.2 Develop a Communications Plan

    3.3 Create Initial Marketing Material

    Outputs

    IT training plan

    Communications plan

    App marketing one-pagers

    Access to Gert Taeymans research insights and guidance

    • Parent Category Name: Sales
    • Parent Category Link: /sales
    As we codify our knowledge, you get access to a vast body of knowledge and, should you want it, in person guidance via video calls, in one on one or group. take advantage of our extensive field experience and knowledge in those areas that you need.

    Develop the Right Message to Engage Buyers

    • member rating overall impact (scale of 10): N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Sixty percent of marketers find it hard to produce high-quality content consistently. SaaS marketers have an even more difficult job due to the technical nature of content production. Without an easy content development strategy, marketers have an insurmountable task of continually creating interesting content for an audience they don’t understand.

    Globally, B2B SaaS marketers without the ability to consistently produce and activate quality content will experience:

    • High website bounce rates and low time on site
    • Low page views
    • A low percentage of return visitors
    • Low conversions
    • Low open and click-through rates on email campaigns

    Our Advice

    Critical Insight

    Marketing content that identifies the benefit of the product along with a deep understanding of the buyer pain points, desired value, and benefit proof points is a key driver in delivering value to a prospect, thereby increasing marketing metrics such as open rates, time on site, page views, and click-through rates.

    Impact and Result

    Marketers that activate the SoftwareReviews message mapping architecture will be able to crack the code on the formula for improving open and click-through rates.

    By applying the SoftwareReviews message mapping architecture, clients will be able to:

    • Quickly diagnose the current state of their content marketing effectiveness compared to industry metrics.
    • Compare their current messaging approach versus the key elements of the Message Map Architecture.
    • Create more compelling and relevant content that aligns with a buyer’s needs and journey.
    • Shrink marketing and sales cycles.
    • Increase the pace of content production.

    Develop the Right Message to Engage Buyers Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop the Right Message to Engage Buyers Executive Brief – A mapping architecture to enable marketers to crack the code on the formula for improving open and click-through rates.

    Through this blueprint marketers will learn how to shift content away from low-performing content that only focuses on the product and company to high-performing customer-focused content that answers the “What’s in it for me?” question for a buyer, increasing engagement and conversions.

    Infographic

    Further reading

    Develop the Right Message to Engage Buyers

    Drive higher open rates, time-on-site, and click-through rates with buyer-relevant messaging.

    Analyst Perspective

    Develop the right message to engage buyers.

    Marketers only have seven seconds to capture a visitor's attention but often don't realize that the space between competitors and their company is that narrow. They often miss the mark on content and create reams of product and company-focused messaging that result in high bounce rates, low page views, low return visits, low conversions, and low click-through rates.

    We wouldn't want to sit in a conversation with someone who only speaks about themselves, so why would it be any different when we buy something? Today's marketers must quickly hook their visitors with content that answers the critical question of "What's in it for me?"

    Our research finds that leading content marketers craft messaging that lets their audience ”know they know them,” points out what’s in it for them, and includes proof points of promised value. This simple, yet often missed approach, we call Message Mapping, which helps marketers grab a visitor’s initial attention and when applied throughout the customer journey will turn prospects into customers, lifelong buyers, advocates, and referrals.

    Photo of Terra Higginson, Marketing Research Director, SoftwareReviews.

    Terra Higginson
    Marketing Research Director
    SoftwareReviews

    Executive Summary

    Your Challenge

    Globally, B2B SaaS marketers without the ability to consistently produce and activate quality content will experience:

    • High website bounce rates and low time on site
    • Low page views
    • A low percentage of return visitors
    • Low conversions
    • Low open and click-through rates on email campaigns
    Sixty percent of marketers find it hard to produce high-quality content consistently. SaaS marketers have an even more difficult job due to the technical nature of content production. Without an easy content development strategy, marketers have an insurmountable task of continually creating interesting content for an audience they don’t understand.
    Common Obstacles

    Marketers struggle to create content that quickly engages the buyer because they lack:

    • Resources to create a high volume of quality content.
    • True buyer understanding.
    • Experience in how to align technical messaging with the buyer persona.
    • Easy-to-deploy content strategy tools.
    Even though most marketers will say that it’s important to produce interesting content, only 58% of B2B markers take the time to ask their customers what’s important to them. Without a true and deep understanding of buyers, marketers continue to invest their time and resources in an uninteresting product and company-focused diatribe.
    SoftwareReviews’ Approach

    By applying the SoftwareReviews’ message mapping architecture, clients will be able to:

    • Quickly diagnose the current state of their content marketing effectiveness compared to industry metrics.
    • Compare their current messaging approach against the key elements of the Message Map Architecture.
    • Create more compelling and relevant content that aligns with a buyer’s needs and journey.
    • Shrink marketing and sales cycles.
    • Increase the pace of content production.
    Marketers that activate the SoftwareReviews message mapping architecture will be able to crack the code on the formula for improving open and click-through rates.

    SoftwareReviews Insight

    Marketing content that identifies the benefit of the product, along with a deep understanding of the buyer pain points, desired value, and benefit proof-points, is a key driver in delivering value to a prospect, thereby increasing marketing metrics such as open rates, time on site, page views, and click-through rates.

    Your Challenge

    65% of marketers find it challenging to produce engaging content.

    Globally, B2B SaaS marketers without the ability to consistently produce and activate quality content will experience:

    • High website bounce rates and low time on site
    • Low page views
    • A low percentage of return visitors
    • Low conversions
    • Low open and click-through rates on email campaigns

    A staggering 60% of marketers find it hard to produce high-quality content consistently and 62% don’t know how to measure the ROI of their campaigns according to OptinMonster.

    SaaS marketers have an even more difficult job due to the technical nature of content production. Without an easy content development strategy, marketers have an insurmountable task of continually creating interesting content for an audience they don’t understand.


    Over 64% of marketers want to learn how to build a better content
    (Source: OptinMonster, 2021)

    Benchmark your content marketing

    Do your content marketing metrics meet the industry-standard benchmarks for the software industry?
    Visualization of industry benchmarks for 'Bounce Rate', 'Organic CTR', 'Pages/Session', 'Average Session Duration', '% of New Sessions', 'Email Open Rate', 'Email CTR', and 'Sales Cycle Length (Days)' with sources linked below.
    GrowRevenue, MarketingSherpa, Google Analytics, FirstPageSage, Google Analytics, HubSpot
    • Leaders will measure content marketing performance against these industry benchmarks.
    • If your content performance falls below these benchmarks, your content architecture may be missing the mark with prospective buyers.

    Common flaws in content messaging

    Why do marketers have a hard time consistently producing messaging that engages the buyer?

    Mistake #1

    Myopic Focus on Company and Product

    Content suffers a low ROI due to a myopic focus on the company and the product. This self-focused content fails to engage prospects and move them through the funnel.

    Mistake #2

    WIIFM Question Unanswered

    Content never answers the fundamental “What’s in it for me?” question due to a lack of true buyer understanding. This leads to an inability to communicate the value proposition to the prospect.

    Mistake #3

    Inability to Select the Right Content Format

    Marketers often guess what kind of content their buyers prefer without any real understanding or research behind what buyers would actually want to consume.

    Leaders Will Avoid the “Big Three” Pitfalls
    • While outdated content, poor content organization on your website, and poor SEO are additional strategic factors (outside the scope of this research), poor messaging structure will doom your content marketing strategy.
    • Leaders will be vigilant to diagnose current messaging structure and avoid:
      1. Making messaging all about you and your company.
      2. Failing to describe what’s in it for your prospects.
      3. Often guessing at what approach to use when structuring your messaging.

    Implications of poor content

    Without quality content, the sales and marketing cycles elongate and content marketing metrics suffer.
    • Lost sales: Research shows that B2B buyers are 57-70% done with their buying research before they ever contact sales.(Worldwide Business Research, 2022)
    • The buyer journey is increasingly digital: Research shows that 67% of the buyer's journey is now done digitally.(Worldwide Business Research, 2022)
    • Wasted time: In a Moz study of 750,000 pieces of content, 50% had zero backlinks, indicating that no one felt these assets were interesting enough to reference or share. (Moz, 2015)
    • Wasted money: SaaS companies spend $342,000 to $1,080,000 per year (or more) on content marketing. (Zenpost, 2022) The wrong content will deliver a poor ROI.

    50% — Half of the content produced has no backlinks. (Source: Moz, 2015)

    Content matters more than ever since 67% of the buyer's journey is now done digitally. (Source: Worldwide Business Research, 2022)

    Benefits of good content

    A content mapping approach lets content marketers:
    • Create highly personalized content. Content mapping helps marketers to create highly targeted content at every stage of the buyer’s journey, helping to nurture leads and prospects toward a purchase decision.
    • Describe “What’s in it for me?” to buyers. Remember that you aren’t your customer. Good content quickly answers the question “What’s in it for me?” (WIIFM) developed from the findings of the buyer persona. WIIFM-focused content engages a prospect within seven seconds.
    • Increase marketing ROI. Content marketing generates leads three times greater than traditional marketing (Patel, 2016).
    • Influence prospects. Investing in a new SaaS product isn’t something buyers do every day. In a new situation, people will often look to others to understand what they should do. Good content uses the principles of authority and social proof to build the core message of WIIFM. Authority can be conferred with awards and accolades, whereas social proof is given through testimonials, case studies, and data.
    • Build competitive advantage. Increase competitive advantage by providing content that aligns with the ideal client profile. Fifty-two percent of buyers said they were more likely to buy from a vendor after reading its content (1827 Marketing, 2022).
    Avoid value claiming. Leaders will use client testimonials as proof points because buyers believe peers more than they believe you.

    “… Since 95 percent of the people are imitators and only 5 percent initiators, people are persuaded more by the actions of others than by any proof we can offer. (Robert Cialdini, Influence: The Psychology of Persuasion)

    Full slide: 'Message Map Architecture'.

    Full slide: 'Message Map Template' with field descriptions and notes.

    Full slide: 'Message Map Template' with field descriptions, no notes.

    Full slide: 'Message Map Template' with blank fields.

    Full slide: 'Message Map Template' with 'Website Example segment.com' filled in fields.

    Full slide: 'Website Example segment.com' the website as it appears online with labels on the locations of elements of the message map.

    Full slide: 'Website Example segment.com' the website as it appears online with labels on the locations of elements of the message map.

    Full slide: 'Website Example segment.com' the website as it appears online with labels on the locations of elements of the message map.

    Full slide: 'Website Example segment.com' the website as it appears online with labels on the locations of elements of the message map.

    Email & Social Post Example

    Use the message mapping architecture to create other types of content.

    Examples of emails and social media posts as they appear online with labels on the locations of elements of the message map.

    Insight Summary

    Create Content That Matters

    Marketing content that identifies the benefit of the product along with a deep understanding of the buyer pain points, desired value, and benefit proof-points is a key driver in delivering value to a prospect, thereby increasing marketing metrics such as open rates, time on site, page views, and click-through rates.

    What’s in It for Me?

    Most content has a focus on the product and the company. Content that lacks a true and deep understanding of the buyer suffers low engagement and low conversions. Our research shows that all content must answer ”What’s in it for me?” for a prospect.

    Social Proof & Authority

    Buyers that are faced with a new and unusual buying experience (such as purchasing SaaS) look at what others say about the product (social proof) and what experts say about the product (authority) to make buying decisions.

    Scarcity & Loss Framing

    Research shows that scarcity is a strong principle of influence that can be used in marketing messages. Loss framing is a variation of scarcity and can be used by outlining what a buyer will lose instead of what will be gained.

    Unify the Experience

    Use your message map to structure all customer-facing content across Sales, Product, and Marketing and create a unified and consistent experience across all touchpoints.

    Close the Gap

    SaaS marketers often find the gap between product and company-focused content and buyer-focused content to be so insurmountable that they never manage to overcome it without a framework like message mapping.

    Related SoftwareReviews Research

    Sample of 'Create a Buyer Persona and Journey' blueprint.

    Create a Buyer Persona and Journey

    Make it easier to market, sell, and achieve product-market fit with deeper buyer understanding.
    • Reduce time and treasure wasted chasing the wrong prospects.
    • Improve product-market fit.
    • Increase open and click-through rates in your lead gen engine.
    • Perform more effective sales discovery and increase eventual win rates.
    Sample of 'Diagnose Brand Health to Improve Business Growth' blueprint.

    Diagnose Brand Health to Improve Business Growth

    Have a significant and well-targeted impact on business success and growth by knowing how your brand performs, identifying areas of improvement, and making data-driven decisions to fix it.
    • Importance of brand is recognized, endorsed, and prioritized.
    • Support and resources allocated.
    • All relevant data and information collected in one place.
    • Ability to make data-driven recommendations and decisions on how to improve.
    Sample of 'Build a More Effective Go-to-Market Strategy' blueprint.

    Build a More Effective Go-to-Market Strategy

    Creating a compelling Go-to-Market strategy, and keeping it current, is a critical software company function – as important as financial strategy, sales operations, and even corporate business development – given its huge impact on the many drivers of sustainable growth.
    • Align stakeholders on a common vision and execution plan.
    • Build a foundation of buyer and competitive understanding.
    • Deliver a team-aligned launch plan that enables commercial success.

    Bibliography

    Arakelyan, Artash. “How SaaS Companies Increase Their ROI With Content Marketing.” Clutch.co, 27 July 2018. Accessed July 2022.

    Bailyn, Evan. “Average Session Duration: Industry Benchmarks.” FirstPageSage, 16 March 2022. Accessed July 2022.

    Burstein, Daniel. “Marketing Research Chart: Average clickthrough rates by industry.” MarketingSherpa, 1 April 2014. Accessed July 2022.

    Cahoon, Sam. “Email Open Rates By Industry (& Other Top Email Benchmarks).” HubSpot, 10 June 2021. Accessed July 2022.

    Cialdini, Robert. Influence: Science and Practice. 5th ed. Pearson, 29 July 2008. Print.

    Cialdini, Robert. Influence: The Psychology of Persuasion. Revised ed. Harper Business, 26 Dec. 2006. Print.

    Content Marketing—Statistics, Evidence and Trends.” 1827 Marketing, 7 Jan. 2022. Accessed July 2022.

    Devaney, Erik. “Content Mapping 101: The Template You Need to Personalize Your Marketing.” HubSpot, 21 April 2022. Accessed July 2022.

    Hiscox Business Insurance. “Growing Your Business--and Protecting It Every Step of the Way.” Inc.com. 25 April 2022. Accessed July 2022.

    Hurley Hall, Sharon. “85 Content Marketing Statistics To Make You A Marketing Genius.” OptinMonster, 14 Jan. 2021. Accessed July 2022.

    Patel, Neil. “38 Content Marketing Stats That Every Marketer Needs to Know.” NeilPatel.com, 21 Jan. 2016. Web.

    Prater, Meg. “SaaS Sales: 7 Tips on Selling Software from a Top SaaS Company.” HubSpot, 9 June 2021. Web.

    Polykoff, Dave. “20 SaaS Content Marketing Statistics That Lead to MRR Growth in 2022.” Zenpost blog, 22 July 2022. Web.

    Rayson, Steve. “Content, Shares, and Links: Insights from Analyzing 1 Million Articles.” Moz, 8 Sept. 2015. Accessed July 2022.

    “SaaS Content Marketing: How to Measure Your SaaS Content’s Performance.” Ken Moo, 9 June 2022. Accessed July 2022.

    Taylor Gregory, Emily. “Content marketing challenges and how to overcome them.” Longitude, 14 June 2022. Accessed July 2022.

    Visitors Benchmarking Channels. Google Analytics, 2022. Accessed July 2022.

    WBR Insights. “Here's How the Relationship Between B2B Buying, Content, and Sales Reps Has Changed.” Worldwide Business Research, 2022. Accessed July 2022.

    “What’s a good bounce rate? (Here’s the average bounce rate for websites).” GrowRevenue.io, 24 Feb. 2020. Accessed July 2022.

    IT Risk Management · IT Leadership & Strategy implementation · Operational Management · Service Delivery · Organizational Management · Process Improvements · ITIL, CORM, Agile · Cost Control · Business Process Analysis · Technology Development · Project Implementation · International Coordination · In & Outsourcing · Customer Care · Multilingual: Dutch, English, French, German, Japanese · Entrepreneur
    Tymans Group is a brand by Gert Taeymans BV
    Gert Taeymans bv
    Europe: Koning Albertstraat 136, 2070 Burcht, Belgium — VAT No: BE0685.974.694 — phone: +32 (0) 468.142.754
    USA: 4023 KENNETT PIKE, SUITE 751, GREENVILLE, DE 19807 — Phone: 1-917-473-8669

    Copyright 2017-2022 Gert Taeymans BV