Drive Technology Adoption

The project is over. The new technology is implemented. Now how do we make sure it's used?

Executive Summary

Your Challenge

Technology endlessly changes and evolves. Similarly, business directions and requirements change, and these changes need to be supported by technology. Improved functionality and evolvement of systems, along with systems becoming redundant or unsupported, means that maintaining a static environment is virtually impossible.

Enormous amounts of IT budget are allocated to these changes each year. But once the project is over, how do you manage that change and ensure the systems are being used? Planning your technology adoption is vital.

Common Obstacles

The obstacles to technology adoption can be many and various, covering a broad spectrum of areas including:

• Reluctance of staff to let go of familiar processes and procedures.
• Perception that any change will add complications but not add value, thereby hampering enthusiasm to adopt.
• Lack of awareness of the change.
• General fear of change.
• Lack of personal confidence.

Info-Tech’s Approach

Start by identifying, understanding, categorizing, and defining barriers and put in place a system to:

• Gain an early understanding of the different types of users and their attitudes to technology and change.
• Review different adoption techniques and analyze which are most appropriate for your user types.
• Use a “Follow the Leader” approach, by having technical enthusiasts and champions to show the way.
• Prevent access to old systems and methods.

Info-Tech Insight

For every IT initiative that will be directly used by users, consider the question, “Will the final product be readily accepted by those who are going to use it?” There is no point in implementing a product that no one is prepared to use. Gaining user acceptance is much more than just ticking a box in a project plan once UAT is complete.

The way change should happen is clear

Prosci specializes in change. Its ADKAR model outlines what’s required to bring individuals along on the change journey.

AWARENESS

• Awareness means more than just knowing there’s a change occurring,
• it means understanding the need for change.

DESIRE

• To achieve desire, there needs to be motivation, whether it be from an
• organizational perspective or personal.

KNOWLEDGE

• Both knowledge on how to train during the transition and knowledge
• on being effective after the change are required. This can only be done
• once awareness and desire are achieved.

ABILITY

• Ability is not knowledge. Knowing how to do something doesn’t necessarily translate to having the skills to do it.

REINFORCEMENT

• Without reinforcement there can be a tendency to revert.

When things go wrong

New technology is not being used

The project is seen as complete. Significant investments have been made, but the technology either isn’t being used or is only partially in use.

Duplicate systems are now in place

Even worse. The failure to adopt the new technology by some means that the older systems are still being used. There are now two systems that fail to interact; business processes are being affected and there is widespread confusion.

Benefits not being realized

Benefits promised to the business are not being realized. Projected revenue increases, savings, or efficiencies that were forecast are now starting to be seen as under threat.

There is project blowout

The project should be over, but the fact that the technology is not being used has created a perception that the implementation is not complete and the project needs to continue.

Info-Tech Insight

People are far more complicated than any technology being implemented.

Consider carefully your approach.

Why does it happen?

POOR COMMUNICATION

There isn’t always adequate communications about what’s changing in the workplace.

FEAR

Fear of change is natural and often not rational. Whether the fear is about job loss or not being able to adapt to change; it needs to be managed.

TRAINING

Training can be insufficient or ineffective and when this happens people are left feeling like they don’t have the skills to make the change.

LACK OF EXECUTIVE SUPPORT

A lack of executive support for change means the change is seen as less important.

CONFLICTING VIEWS OF CHANGE

The excitement the project team and business feels about the change is not necessarily shared throughout the business. Some may just see the change as more work, changing something that already works, or a reason to reduce staff levels.

LACK OF CONFIDENCE

Whether it’s a lack of confidence generally with technology or concern about a new or changing tool, a lack of confidence is a huge barrier.

BUDGETARY CONSTRAINTS

There is a cost with managing people during a change, and budget must be allocated to allow for it.

Communications

Info-Tech Insight

Since Sigmund Freud there has been endless work to understand people’s minds.
Don’t underestimate the effect that people’s reactions to change can have on your project.

Communication plans are designed to properly manage change. Managing change can be easier when we have the right tools and information to adapt to new circumstances. The Kubler-Ross change curve illustrates the expected steps on the path to acceptance of change. With the proper communications strategy, each can be managed appropriately

Analyst perspective

Paul Binns – Principal Research Advisor, Info-Tech

The rapidly changing technology landscape in our world has always meant that an enthusiasm or willingness to embrace change has been advantageous. Many of us have seen how the older generation has struggled with that change and been left behind.

In the work environment, the events of the past two years have increased pressure on those slow to adopt as in many cases they couldn't perform their tasks without new tools. Previously, for example, those who may have been reluctant to use digital tools and would instead opt for face-to-face meetings, suddenly found themselves without an option as physical meetings were no longer possible. Similarly, digital collaboration tools that had been present in the market for some time were suddenly more heavily used so everyone could continue to work together in the “online world.”

At this stage no one is sure what the "new normal" will be in the post-pandemic world, but what has been clearly revealed is that people are prepared to change given the right motivation.

“Technology adoption is about the psychology of change.”
Bryan Tutor – Executive Counsellor, Info-Tech

The Fix

• Categorize Users
  • Gain a clear understanding of your user types.
• Identify Adoption Techniques
  • Understand the range of different tools and techniques available.
• Match Techniques To Categories
  • Determine the most appropriate techniques for your user base.
• Follow-the-Leader
  • Be aware of the different skills in your environment and use them to your advantage.
• Refresh, Retrain, Restrain
  • Prevent reversion to old methods or systems.

Categories

Client-Driven Insight

Consider your staff and industry when looking at the Everett Rogers curve. A technology organization may have less laggards than a traditional manufacturing one.

In Everett Rogers’ book Diffusion of Innovations 5th Edition (Free Press, 2005), Rogers places adopters of innovations into five different categories.

Category 1: The Innovator – 2.5%

Innovators are technology enthusiasts. Technology is a central interest of theirs, either at work, at home, or both. They tend to aggressively pursue new products and technologies and are likely to want to be involved in any new technology being implemented as soon as possible, even before the product is ready to be released.

For people like this the completeness of the new technology or the performance can often be secondary because of their drive to get new technology as soon as possible. They are trailblazers and are not only happy to step out of their comfort zone but also actively seek to do so.

Although they only make up about 2.5% of the total, their enthusiasm, and hopefully endorsement of new technology, offers reassurance to others.

Info-Tech Insight

Innovators can be very useful for testing before implementation but are generally more interested in the technology itself rather than the value the technology will add to the business.

Category 2: The Early Adopter – 13.5%

Whereas Innovators tend to be technologists, Early Adopters are visionaries that like to be on board with new technologies very early in the lifecycle. Because they are visionaries, they tend to be looking for more than just improvement – a revolutionary breakthrough. They are prepared to take high risks to try something new and although they are very demanding as far as product features and performance are concerned, they are less price-sensitive than other groups.

Early Adopters are often motivated by personal success. They are willing to serve as references to other adopter groups. They are influential, seen as trendsetters, and are of utmost importance to win over.

Info-Tech Insight

Early adopters are key. Their enthusiasm for technology, personal drive, and influence make them a powerful tool in driving adoption.

Category 3: The Early Majority – 34%

This group is comprised of pragmatists. The first two adopter groups belong to early adoption, but for a product to be fully adopted the mainstream needs to be won over, starting with the Early Majority.

The Early Majority share some of the Early Adopters’ ability to relate to technology. However, they are driven by a strong sense of practicality. They know that new products aren’t always successful. Consequently, they are content to wait and see how others fare with the technology before investing in it themselves. They want to see well-established references before adopting the technology and to be shown there is no risk.

Because there are so many people in this segment (roughly 34%), winning these people over is essential for the technology to be adopted.

Category 4: The Late Majority – 34%

The Late Majority are the conservatives. This group is generally about the same size as the Early Majority. They share all the concerns of the Early Majority; however, they are more resistant to change and are more content with the status quo than eager to progress to new technology. People in the Early Majority group are comfortable with their ability to handle new technology. People in the Late Majority are not.

As a result, these conservatives prefer to wait until something has become an established standard and take part only at the end of the adoption period. Even then, they want to see lots of support and ensure that there is proof there is no risk in them adopting it.

Category 5: The Laggard – 16%

This group is made up of the skeptics and constitutes 16% of the total. These people want nothing to do with new technology and are generally only content with technological change when it is invisible to them. These skeptics have a strong belief that disruptive new technologies rarely deliver the value promised and are almost always worried about unintended consequences.

Laggards need to be dealt with carefully as their criticism can be damaging and without them it is difficult for a product to become fully adopted. Unfortunately, the effort required for this to happen is often disproportional to the size of the group.

Info-Tech Insight

People aren’t born laggards. Technology projects that have failed in the past can alter people’s attitudes, especially if there was a negative impact on their working lives. Use empathy when dealing with people and respect their hesitancy.

Adoption Techniques

Different strokes for different folks

Technology adoption is all about people; and therefore, the techniques required to drive that adoption need to be people oriented.

The following techniques are carefully selected with the intention of being impactful on all the different categories described previously.

There are multitudes of different methods to get people to adopt new technology, but which is the most appropriate for your situation? Generally, it’s a combination.

Train the Trainer

Use your staff to get your message across.

Abstract

This technique involves training key members of staff so they can train others. It is important that those selected are strong communicators, are well respected by others, and have some expertise in technology.

Advantages

• Cost effective
• Efficient dissemination of information
• Trusted internal staff

Disadvantages

• Chance of inconsistent delivery
• May feel threatened by co-worker

Best to worst candidates

• Early Adopter: Influential trendsetters. Others receptive of their lead.
• Innovator: Comfortable and enthusiastic about new technology, but not necessarily a trainer.
• Early Majority: Tendency to take others’ lead.
• Late Majority: Risk averse and tend to follow others, only after success is proven.
• Laggard: Last to adopt usually. Unsuitable as Trainer.

Marketing

Marketing should be continuous throughout the change to encourage familiarity.

Abstract

Communication is key as people are comfortable with what is familiar to them. Marketing is an important tool for convincing adopters that the new product is mainstream, widely adopted and successful.

Advantages

• Wide communication
• Makes technology appear commonplace
• Promotes effectiveness of new technology

Disadvantages

• Reliant on staff interest
• Can be expensive

Best to worst candidates

• Early Majority: Pragmatic about change. Marketing is effective encouragement.
• Early Adopter: Receptive and interested in change. Marketing is supplemental.
• Innovator: Actively seeks new technology. Does not need extensive encouragement.
• Late Majority: Requires more personal approach.
• Laggard: Resistant to most enticements.

One-on-One

Tailored for individuals.

Abstract

One-on-one training sometimes is the only way to train if you have staff with special needs or who are performing unique tasks.
It is generally highly effective but inefficient as it only addresses individuals.

Advantages

• Tailored to specific need(s)
• Only relevant information addressed
• Low stress environment

Disadvantages

• Expensive
• Possibility of inconsistent delivery
• Personal conflict may render it ineffective

Best to worst candidates

• Laggard: Encouragement and cajoling can be used during training.
• Late Majority: Proof can be given of effectiveness of new product.
• Early Majority: Effective, but not cost efficient.
• Early Adopter: Effective, but not cost-efficient.
• Innovator: Effective, but not cost-efficient.

Group Training

Similar roles, attitudes, and abilities.

Abstract

Group training is one of the most common methods to start people on their journey toward new technology. Its effectiveness with the two largest groups, Early Majority and Late Majority, make it a primary tool in technology adoption.

Advantages

• Cost effective
• Time effective
• Good for team building

Disadvantages

• Single method may not work for all
• Difficult to create single learning pace for all

Best to worst candidates

• Early Majority: Receptive. The formality of group training will give confidence.
• Late Majority: Conservative attitude will be receptive to traditional training.
• Early Adopter: Receptive and attentive. Excited about the change.
• Innovator: Will tend to want to be ahead or want to move ahead of group.
• Laggard: Laggards in group training may have a negative impact.

Force

The last resort.

Abstract

The transition can’t go on forever.

At some point the new technology needs to be fully adopted and if necessary, force may have to be used.

Advantages

• Immediate full transition
• Fixed delivery timeline

Disadvantages

• Alienation of some staff
• Loss of faith in product if there are issues

Best to worst candidates

• Laggard: No choice but to adopt. Forces the issue.
• Late Majority: Removes issue of reluctance to change.
• Early Majority: Content, but worried about possible problems.
• Early Adopter: Feel less personal involvement in change process.
• Innovator: Feel less personal involvement in change process.

Contests

Abstract

Contests can generate excitement and create an explorative approach to new technology. People should not feel pressured. It should be enjoyable and not compulsory.

Advantages

• Rapid improvement of skills
• Bring excitement to the new technology
• Good for team building

Disadvantages

• Those less competitive or with lower skills may feel alienated
• May discourage collaboration

Best to worst candidates

• Early Adopter: Seeks personal success. Risk taker. Effective.
• Innovator: Enthusiastic to explore limits of technology.
• Early Majority: Less enthusiastic. Pragmatic. Less competitive.
• Late Majority: Conservative. Not enthusiastic about new technology.
• Laggard: Reluctant to get involved.

Incentives

Incentives don’t have to be large.

Abstract

For some staff, merely taking management’s lead is not enough. Using “Nudge” techniques to give that extra incentive is quite effective. Incentivizing staff either financially or through rewards, recognition, or promotion is a successful adoption technique for some.

Advantages

Encouragement to adopt from receiving tangible benefit

Draws more attention to the new technology

Disadvantages

Additional expense to business or project

Possible poor precedent for subsequent changes

Best to worst candidates

Early Adopter: Desire for personal success makes incentives enticing.

Early Majority: Prepared to change, but extra incentive will assist.

Late Majority: Conservative attitude means incentive may need to be larger.

Innovator: Enthusiasm for new technology means incentive not necessary.

Laggard: Sceptical about change. Only a large incentive likely to make a difference.

Champions

Strong internal advocates for your new technology are very powerful.

Abstract

Champions take on new technology and then use their influence to promote it in the organization. Using managers as champions to actively and vigorously promote the change is particularly effective.

Advantages

• Infectious enthusiasm encourages those who tend to be reluctant
• Use of trusted internal staff

Disadvantages

• Removes internal staff from regular duties
• Ineffective if champion not respected

Best to worst candidates

• Early Majority: Champions as references of success provide encouragement.
• Late Majority: Management champions in particular are effective.
• Laggard: Close contact with champions may be effective.
• Early Adopter: Receptive of technology, less effective.
• Innovator: No encouragement or promotion required.

Herd Mentality

Follow the crowd.

Abstract

Herd behavior is when people discount their own information and follow others. Ideally all adopters would understand the reason and advantages in adopting new technology, but practically, the result is most important.

Advantages

• New technology is adopted without question
• Increase in velocity of adoption

Disadvantages

• Staff may not have clear understanding of the reason for change and resent it later
• Some may adopt the change before they are ready to do so

Best to worst candidates

• Early Majority: Follow others’ success.
• Late Majority: Likely follow an established proven standard.
• Early Adopter: Less effective as they prefer to set trends rather than follow.
• Innovator: Seeks new technology rather than following others.
• Laggard: Suspicious and reluctant to change.

Proof of Concepts

Gain early input and encourage buy-in.

Abstract

Proof of concept projects give early indications of the viability of a new initiative. Involving the end users in these projects can be beneficial in gaining their support

Advantages

Involve adopters early on

Valuable feedback and indications of future issues

Disadvantages

If POC isn’t fully successful, it may leave lingering negativity

Usually, involvement from small selection of staff

Best to worst candidates

• Innovator: Strong interest in getting involved in new products.
• Early Adopter: Comfortable with new technology and are influencers.
• Early Majority: Less interest. Prefer others to try first.
• Late Majority: Conservative attitude makes this an unlikely option.
• Laggard: Highly unlikely to get involved.

Match techniques to categories

What works for who?

Follow the leader

Engage your technology enthusiasts early to help refine your product, train other staff, and act as champions. A combination of marketing and group training will develop a herd mentality. Finally, don’t neglect the laggards as they can prevent project completion.

Info-Tech Insight

Although there are different size categories, none can be ignored. Consider your budget when dealing with smaller groups, but also consider their impact.

Refresh, retrain, restrain

We don’t want people to revert.

Don’t assume that because your staff have been trained and have access to the new technology that they will keep using it in the way they were trained. Or that they won’t revert back to their old methods or system.

Put in place methods to remove completely or remove access to old systems. Schedule refresh training or skill enhancement sessions and stay vigilant.

Research Authors

Paul Binns

Principal Research Advisor, Info-Tech Research Group

With over 30 years in the IT industry, Paul brings to his work his experience as a Strategic Planner, Consultant, Enterprise Architect, IT Business Owner, Technologist, and Manager. Paul has worked with both small and large companies, local and international, and has had senior roles in government and the finance industry.

Scott Young

Principal Research Advisor, Info-Tech Research Group

Scott Young is a Director of Infrastructure Research at Info-Tech Research Group. Scott has worked in the technology field for over 17 years, with a strong focus on telecommunications and enterprise infrastructure architecture. He brings extensive practical experience in these areas of specialization, including IP networks, server hardware and OS, storage, and virtualization.

Related Info-Tech Research

User Group Analysis Workbook

Use Info-Tech’s workbook to gather information about user groups, business processes, and day-to-day tasks to gain familiarity with your adopters.

Governance and Management of Enterprise Software Implementation

Use our research to engage users and receive timely feedback through demonstrations. Our iterative methodology with a task list focused on the business’ must-have functionality allows staff to return to their daily work sooner.

Quality Management User Satisfaction Survey

This IT satisfaction survey will assist you with early information to use for categorizing your users.

Master Organizational Change Management Practices

Using a soft, empathetic approach to change management is something that all PMOs should understand. Use our research to ensure you have an effective OCM plan that will ensure project success.

Bibliography

Beylis, Guillermo. “COVID-19 accelerates technology adoption and deepens inequality among workers in Latin America and the Caribbean.” World Bank Blogs, 4 March 2021. Web.

Cleland, Kelley. “Successful User Adoption Strategies.” Insight Voices, 25 Apr. 2017. Web.

Hiatt, Jeff. “The Prosci ADKAR ® Model.” PROSCI, 1994. Web.

Malik, Priyanka. “The Kübler Ross Change Curve in the Workplace.” whatfix, 24 Feb. 2022. Web.

Medhaugir, Tore. “6 Ways to Encourage Software Adoption.” XAIT, 9 March 2021. Web.

Narayanan, Vishy. “What PwC Australia learned about fast tracking tech adoption during COVID-19” PWC, 13 Oct. 2020. Web.

Sridharan, Mithun. “Crossing the Chasm: Technology Adoption Lifecycle.” Think Insights, 28 Jun 2022. Web.

Adding the Right Value: Building Cloud Brokerages That Enable

Considerations for implementing an institutional-focused cloud brokerage.

Your Challenge

Increasingly, large institutions and governments are adopting cloud-first postures for delivering IT resources. Combined with the growth of cloud offerings that are able to meet the certifications and requirements of this segment that has been driven by federal initiatives like Cloud-First in Canada and Cloud Smart in the United States, these two factors have left institutions (and the businesses that serve them) with the challenge of delivering cloud services to their users while maintaining compliance, control, and IT sanity.

In many cases, the answer is to develop a cloud brokerage to manage the complexity. But what should your cloud broker be delivering and how?

Navigating the Problem

Not all cloud brokerages are the same. And while they can be an answer to cloud complexity, an ineffective brokerage can drain value and complicate operations even further. Cloud brokerages need to be designed:

1. To deliver the right type of value to its users.
2. To strike the balance between effective governance & security and flexibility & ease of use.

Info-Tech’s Approach

By defining your end goals, framing solutions based on the type of value and rigor your brokerage needs to deliver, and focusing on the right balance of security and flexibility, you can deliver a brokerage that delivers the best of all worlds.

1. Define the brokerage value you want to deliver.
2. Build the catalog and partner ecosystem.
3. Understand how to maximize adoption and minimize disintermediation while maintaining architectural discipline and compliance.

Info-Tech Insight

Sometimes a brokerage delivery model makes sense, sometimes it doesn’t! Understanding the value addition you want your brokerage to provide before creating it allows you to not only avoid pitfalls and maximize benefits but also understand when a brokerage model does and doesn’t make sense in the first place.

Project Overview

Understand what value you want your brokerage to deliver

Different institutions want brokerage delivery for different reasons. It’s important to define up front why your users need to work through a brokerage and what value that brokerage needs to deliver.

What’s in the catalog? Is it there to consolidate and simplify billing and consumption? Or does it add value further up the technology stack or value chain? If so, how does that change the capabilities you need internally and from partners?

Security and compliance are usually the highest priority

Among institutions adopting cloud, a broker that can help deliver their defined security and compliance standards is an almost universal requirement. Especially in government institutions, this can mean the need to meet a high standard in both implementation and validation.

The good news is that even if you lack the complete set of skills in-house, the high certification levels available from hyperscale providers combined with a growing ecosystem of service providers working on these platforms means you can usually find the right partner(s) to make it possible.

The real goal: frictionless intermediation and enablement

Ultimately, if end users can’t get what they need from you, they will go around you to get it. This challenge, which has always existed in IT, is further amplified in a cloud service world that offers users a cornucopia of options outside the brokerage. Furthermore, cloud users expect to be able to consume IT seamlessly. Without frictionless satisfaction of user demand your brokerage will become disintermediated, which risks your highest priorities of security and compliance.

Understand the evolution: Info-Tech thought model

While initial adoption of cloud brokerages in institutions was focused on ensuring the ability of IT to extend its traditional role as gatekeeper to the realm of cloud services, the focus has now shifted upstream to enabling ease of use and smart adoption of cloud services. This is evidenced clearly in examples like the US government’s renaming of its digital strategy from “Cloud First” to “Cloud Smart” and has been mirrored in other regions and institutions.

Info-Tech Insights

To avoid failure, you need to provide security and compliance.

Basic user satisfaction means becoming a frictionless intermediary.

Exceed expectations! Enabling brokers provide knowledge and guidance for the best usage of cloud.

• Security & Compliance
• Frictionless Intermediation
• Cloud-Enabling Brokerage

Define the role of a cloud broker

Where do brokers fit in the cloud model?

• NIST Definition: An entity that manages the use, performance, and delivery of cloud services and negotiates relationships between cloud providers and cloud consumers.
• Similar to a telecom master agent, a cloud broker acts as the middle-person and end-user point of contact, consolidating the management of underlying providers.
• A government or institutional cloud broker (GCB) is responsible for the delivery of all cloud services consumed by the departments or agencies it supports or that are mandated to use it.

Balancing governance and agility

Info-Tech Insight

While GCBs fill a critical role as a control point for IT consumption, they can easily turn into a friction point for IT projects. It’s important to find the right balance between enabling compliance and providing frictionless usability.

Model brokerage drivers and benefits

Maintain compliance and ensure architecture discipline: Brokerages can be an effective gating point for ensuring properly governed and managed IT consumption that meets the specific regulations and compliances required for an institution. It can also be a strong catalyst and enabler for moving to even more effective cloud consumption through automation.

Avoid disintermediation: Especially in institutions, cloud brokers are a key tool in the fight against disintermediation – that is, end users circumventing your IT department’s procurement and governance by consuming an ad hoc cloud service.

Leverage economies of scale: Simply put, consolidation of your cloud consumption drives effectiveness by making the most of your buying power.

Info-Tech Insights

Understanding the importance of each benefit type to your brokerage audience will help you define the type of brokerage you need to build and what skills and partners will be required to deliver the right value.

The brokerage landscape

The past ten years have seen governments and institutions evolve from basic acceptance of cloud services to the usage of cloud as the core of most IT initiatives.

• As part of this evolution, many organizations now have well-defined standards and guidance for the implementation, procurement, and regulation of cloud services for their use.
• Both Canada (Strategic Plan for Information Management and Information Technology) and the United States (Cloud Smart – formerly known as Cloud First) have recently updated their guidance on adoption of cloud services. The Australian Government has also recently updated its Cloud Computing Policy.
• AWS and Azure both now claim Full FedRAMP (Federal Risk and Authorization Management Program) certification.
• This has not only enabled easy adoption of these core hyperscale cloud service by government but also driven the proliferation of a large ecosystem of FedRAMP-authorized cloud service providers.
• This trend started with government at the federal level but has cascaded downstream to provincial and municipal governments globally, and the same model seems likely to be adopted by other governments and other institution types over time.

Info-Tech Insight

The ecosystem of platforms and tools has grown significantly and examples of best practices, especially in government, are readily available. Once you’ve defined your brokerage’s value stance, the building blocks you need to deliver often don’t need to be built from scratch.

Address the unique challenges of business-led IT in institutions

With the business taking more accountability and management of their own technology, brokers must learn how to evolve from being gatekeepers to enablers.

Turn brokerage pitfalls into opportunities

The greatest risks in using a cloud broker come from its nature as a single point of distribution for service and support. Without resources (or automation) to enable scale, as well as responsive processes for supporting users in finding the right services and making those services available through the brokerage, you will lose alignment with your users’ needs, which inevitably leads to disintermediation, loss of IT control, and broken compliance

Info-Tech Insights

Standardization and automation are your friend when building a cloud brokerage! Sometimes this means having a flexible catalog of options and configurations, but great brokerages can deliver value by helping their users redefine and evolve their workloads to work more effectively in the cloud. This means providing guidance and facilitating the landing/transformation of users’ workloads in the cloud, the right way.

Validate your cloud brokerage strategy using Info-Tech’s approach

Value Definition

• Define your brokerage type and value addition

Capabilities Mapping

• Understand the partners and capabilities you need to be able to deliver

Measuring Value

• Define KPIs for both compliant delivery and frictionless intermediation

Provide Cloud Excellence

• Move from intermediation to enablement and help users land on the cloud the right way

Define the categories for your brokerage’s benefit and value

Depending on the type of brokerage, the value delivered may be as simple as billing consolidation, but many brokerages go much deeper in their value proposition.

Define the categories of brokerage value to add

• Purchasing Agents save the purchaser time by researching services from different vendors and providing the customer with information about how to use cloud computing to support business goals.
• Contract Managers may also be assigned power to negotiate contracts with cloud providers on behalf of the customer. In this scenario, the broker may distribute services across multiple vendors to achieve cost-effectiveness, while managing the technical and procurement complexity of dealing with multiple vendors.
  • The broker may provide users with an application program interface (API) and user interface (UI) that hides any complexity and allows the customer to work with their cloud services as if they were being purchased from a single vendor. This type of broker is sometimes referred to as a cloud aggregator.
• Cloud Enablers can also provide the customer with additional services, such as managing the deduplication, encryption, and cloud data transfer and assisting with data lifecycle management and other activities.
• Cloud Customizers integrate various underlying cloud services for customers to provide a custom offering under a white label or its own brand.
• Cloud Agents are essentially the software version of a Contract Manager and act by automating and facilitating the distribution of work between different cloud service providers.

Info-Tech Insights

Remember that these categories are general guidelines! Depending on the requirements and value a brokerage needs to deliver, it may fit more than one category of broker type.

Brokerage types and value addition

Info-Tech Insights

Each value addition your brokerage invests in delivering should tie to reinforcing efficiency, compliance, frictionlessness, or enablement.

Start by delivering value in these common brokerage service categories

Security & Compliance

• Reporting & Auditing
• SIEM & SOC Services
• Patching & Monitoring

Cost Management

• Right-Sizing
• Billing Analysis
• Anomaly Detection & Change Recommendations

Data Management

• Data Tiering
• Localization Management
• Data Warehouse/Lake Services

Resilience & Reliability

• Backup & Archive
• Replication & Sync
• DR & HA Management
• Ransomware Prevention/Mitigation

Cloud-Native & DevOps Enablement

• Infrastructure as Code (IaC)
• DevOps Tools & Processes
• SDLC Automation Tools

Design, Transformation, and Integration

• CDN Integration
• AI Tools Integration
• SaaS Customizations

Activity: Brokerage value design

Who are you and who are you building this for?

• Internal brokerage (i.e. you are a department in an organization that is tasked with providing IT resources to other internal groups)
  • No profit motivation
  • Primary goal is to maintain compliance and avoid disintermediation
• Third-party brokerage (i.e. you are an MSP that needs to build a brokerage to provide a variety of downstream services and act as the single point of consumption for an organization)
  • Focus on value-addition to the downstream services you facilitate for your client
  • Increased requirement to quickly add new partners/services from downstream as required by your client

What requirements and pains do you need to address?

• Remember that in the world of cloud, users ultimately can go around IT to find the resources and tools they want to use. In short, if you don’t provide ease and value, they will get it somewhere else.
• Assess the different types of cloud brokerages out there as a guide to what sort of value you want to deliver.

Why are you creating a brokerage? There are several categories of driver and more than one may apply.

• Compliance and security gating/validation
• Cost consolidation and governance
• Value-add or feature enhancement of raw/downstream services being consumed

It’s important to clearly understand how best you can deliver unique value to ensure that they want to consume from you.

Understand the ecosystem you’ll require to deliver value

GCB

• Enabling Effectiveness
• Cost Governance
• Adoption and User Satisfaction
• Security & Compliance

Whatever value proposition and associated services your brokerage has defined, either internal resources or additional partners will be required to run the platform and processes you want to offer on top of the defined base cloud platforms.

Info-Tech Insights

Remember to always align your value adds and activities to the four key themes:

• Efficiency
• Compliance
• Frictionlessness
• Cloud Enablement

Delivering value may require an ecosystem

The additional value your broker delivers will depend on the tools and services you can layer on top of the base cloud platform(s) you support.

In many cases, you may require different partners to fulfil similar functions across different base platforms. Although this increases complexity for the brokerage, it’s also a place where additional value can be delivered to end users by your role as a frictionless intermediary.

Base Partner/Platform

• Third-party software & platforms
• Third-party automations & integrations
• Third-party service partners
• Internal value-add functions

Build the ecosystem you need for your value proposition

Leverage partners and automation to bake compliance in.

Different value-add types (based on the category/categories of broker you’re targeting) require different additional platforms and partners to augment the base cloud service you’re brokering.

Security & Config

• IaC Tools
• Cloud Resource Configuration Validation
• Templating Tools
• Security Platforms
• SDN and Networking Platforms
• Resilience (Backup/Replication/DR/HA) Platforms
• Data & Storage Management
• Compliance and Validation Platforms & Partners

Cost Management

• Subscription Hierarchy Management
• Showback and Chargeback Logic
• Cost Dashboarding and Thresholding
• Governance and Intervention

Adoption & User Satisfaction

• Service Delivery SLAs
• Support Process & Tools
• Capacity/Availability Management
• Portal Usability/UX

Speed of Evolution

• Partner and Catalog/Service Additions
• Broker Catalog Roadmapping
• User Request Capture (new services)
• User Request Capture (exceptions)

Build your features and services lists

Incorporate your end user, business, and IT perspectives in defining the list of mandatory and desired features of your target solution.

See our Implement a Proactive and Consistent Vendor Selection Process blueprint for information on procurement practices, including RFP templates.

End User

• Visual, drag-and-drop models to define data models, business logic, and user interfaces
• One-click deployment
• Self-healing application
• Vendor-managed infrastructure
• Active community and marketplace
• Prebuilt templates and libraries
• Optical character recognition and natural language processing

Business

• Audit and change logs
• Theme and template builder
• Template management
• Knowledgebase and document management
• Role-based access
• Business value, operational costs, and other KPI monitoring
• Regulatory compliance
• Consistent design and user experience across applications
• Business workflow automation

IT

• Application and system performance monitoring
• Versioning and code management
• Automatic application and system refactoring and recovery
• Exception and error handling
• Scalability (e.g. load balancing) and infrastructure management
• Real-time debugging
• Testing capabilities
• Security management
• Application integration management

Understand the stakeholders

Depending on the value-add(s) you are trying to deliver, as well as the requirements from your institution(s), you will have a different delineation of responsibilities for each of the value-add dimensions. Typically, there will be at least three stakeholders whose role needs to be considered for each dimension:

• Base Cloud Provider
• Third-Party Platforms/Service Providers
• Internal Resources

Info-Tech Insights

It’s important to remember that the ecosystem of third-party options available to you in each case will likely be dependent on if a given partner operates or supports your chosen base provider.

Define the value added by each stakeholder in your value chain

A basic table of the stakeholders and platforms involved in your value stream is a critical tool for aligning activities and partners with brokerage value.

Remember to tie each value-add category you’re embarking on to at least one of the key themes!

Cost Governance → Efficiency

Security & Compliance → Compliance

Adoption & User Satisfaction → Frictionlessness

New Service Addition Responsiveness → Frictionlessness, Enablement

End-User Cloud Effectiveness → Enablement

Info-Tech Insights

The expectations for how applications are consumed and what a user experience should look like is increasingly being guided by the business and by the disintermediating power of the cloud-app ecosystem.

“Enabling brokers” help embrace business-led IT

In environments where compliance and security are a must, the challenges of handing off application management to the business are even more complex. Great brokers learn to act not just as a gatekeeper but an enabler of business-led IT.

Business Empowerment

Organizations are looking to enhance their Agile and BizDevOps practices by shifting traditional IT practices left and toward the business.

Changing Business Needs

Organizational priorities are constantly changing. Cost reduction opportunities and competitive advantages are lost because of delayed delivery of features.

Low Barrier to Entry

Low- and no-code development tools, full-stack solutions, and plug-and-play architectures allow non-technical users to easily build and implement applications without significant internal technical support or expertise.

Democratization of IT

A wide range of digital applications, services, and information are readily available and continuously updated through vendor and public marketplaces and open-source communities.

Technology-Savvy Business

The business is motivated to learn more about the technology they use so that they can better integrate it into their processes.

Balance usability and compliance: accelerate cloud effectiveness

Move to being an accelerator and an enabler! Rather than creating an additional layer of complexity, we can use the abstraction of a cloud brokerage to bring a wide variety of value-adds and partners into the ecosystem without increasing complexity for end users.

Manage the user experience

• Your portal is a great source of data for optimizing user adoption and satisfaction.
• Understand the KPIs that matter to your clients or client groups from both a technical and a service perspective.

Be proactive and responsive in meeting changing needs

• Determine dashboard consumption by partner view.
• Regularly review and address the gaps in your catalog.
• Provide an easy mechanism for adding user-demanded services.

Think like a service provider

• You do need to be able to communicate and even market internally new services and capabilities as you add them or people won't know to come to you to use them.
• It's also critical in helping people move along the path to enablement and knowing what might be possible that they hadn't considered.

Provide cloud excellence functions

Enablement Broker

• Mentorship & Training
  • Build the skills, knowledge, and experiences of application owners and managers with internal and external expertise.
• Organizational Change Leadership
  • Facilitate cultural, governance, and other organizational changes through strong relationships with business and IT leadership.
• Good Delivery Practices & Thinking
  • Develop, share, and maintain a toolkit of good software development lifecycle (SDLC) practices and techniques.
• Knowledge Sharing
  • Centralize a knowledgebase of up-to-date and accurate documentation and develop community forums to facilitate knowledge transfer.
• Technology Governance & Leadership
  • Implement the organizational standards, policies, and rules for all applications and platforms and coordinate growth and sprawl.
• Shared Services & Integrations
  • Provide critical services and integrations to support end users with internal resources or approved third-party providers and partners.

Gauge value with the right metrics

Focus your effort on measuring key metrics.

Determine measures that demonstrate the value of your brokerage by aligning it with your quality definition, value drivers, and users’ goals and objectives. Recognize that your journey will require constant monitoring and refinement to adjust to situations that may arise as you adopt new products, standards, strategies, tactics, processes, and tools.

Activity Output

Ultimately, the goal is designing a brokerage that can evolve from gatekeeping to frictionless intermediation to cloud enablement.

Maintain focus on the value proposition, your brokerage ecosystem, and the metrics that represent enablement for your users and avoid pitfalls and challenges from the beginning.

Appendix

Related blueprints and tools

Document Your Cloud Strategy

This blueprint covers aligning your value proposition with general cloud requirements.

Define Your Digital Business Strategy

Phase 1 of this research covers identifying value chains to be transformed.

Embrace Business-Managed Applications

Phase 1 of this research covers understanding the business-managed applications as a factor in developing a frictionless intermediary model.

Implement a Proactive and Consistent Vendor Selection Process

This blueprint provides information on partner selection and procurement practices, including RFP templates.

Bibliography

“3 Types of Cloud Brokers That Can Save the Cloud.” Cloud Computing Topics, n.d. Web.

Australian Government Cloud Computing Policy. Government of Australia, October 2014. Web.

“Cloud Smart Policy Overview.” CIO.gov, n.d. Web.

“From Cloud First to Cloud Smart.” CIO.gov, n.d. Web.

Gardner, Dana. “Cloud brokering: Building a cloud of clouds.” ZDNet, 22 April 2011. Web.

Narcisi, Gina. “Cloud, Next-Gen Services Help Master Agents Grow Quickly And Beat 'The Squeeze' “As Connectivity Commissions Decline.” CRN, 14 June 2017. Web.

Smith, Spencer. “Asigra calls out the perils of cloud brokerage model.” TechTarget, 28 June 2019. Web.

Tan, Aaron. “Australia issues new cloud computing guidelines.” TechTarget, 27 July 2020. Web.

The European Commission Cloud Strategy. ec.europa.eu, 16 May 2019. Web.

“TrustRadius Review: Cloud Brokers 2022.” TrustRadius, 2022. Web.

Yedlin, Debbie. “Pros and Cons of Using a Cloud Broker.” Technology & Business Integrators, 17 April 2015. Web.

Make the Case for Product Delivery

Align your organization on the practices to deliver what matters most.

Table of Contents

Define product

Define your drivers and goals

Understand the role of product ownership

Communicate what comes next

Make the case to your stakeholders

Appendix: Additional research

Appendix: Product delivery strategy communication

Appendix: Manage stakeholder influence

Appendix: Product owner capability details

Executive Summary

Info-Tech Insight

Delivering products doesn’t mean you will stop delivering projects! Product-centric delivery is intended to address the misalignment between the long-term delivery of value that organizations demand and the nature of traditional project-focused environments.

Many executives perceive IT as being poorly aligned with business objectives

Info-Tech’s CIO Business Vision Survey data highlights the importance of IT initiatives in supporting the business in achieving its strategic goals.

However, Info-Tech’s CEO-CIO Alignment Survey (2021; N=58) data indicates that CEOs perceive IT to be poorly aligned to business’ strategic goals.

Info-Tech CEO-CIO Alignment Diagnostics, 2021 (N=58)

40% Of CEOs believe that business goals are going unsupported by IT.

34% Of business stakeholders are supporters of their IT departments (n=334).

40% Of CIOs/CEOs are misaligned on the target role for IT.

Info-Tech Insight

Great technical solutions are not the primary driver of IT success. Focusing on delivery of digital products that align with organizational goals will produce improved outcomes and will foster an improved relationship between business and IT.

Increase product success by involving IT, business, and customers in your product roadmaps, planning, and delivery

Product management and delivery seek to promote improved relationships among IT, business, and customers, a critical driver for business satisfaction.

IT	1	Collaboration IT, business, and customers work together through all stages of the product lifecycle, from market research through the roadmapping and delivery processes and into maintenance and retirement. The goal is to ensure the risks and dependencies are realized before work is committed.	Stakeholders, Customers, and Business
	2	Communication Prioritize high-value modes of communication to break down existing silos and create common understanding and alignment across functions. This approach increases transparency and visibility across the entire product lifecycle.
	3	Integration Explore methods to integrate the workflows, decision making, and toolsets among the business, IT, and customers. The goal is to become more reactive to changes in business and customer expectations and more proactive about market trends.

Product does not mean the same thing to everyone

Do not expect a universal definition of products.
Every organization and industry has a different definition of what a product is. Organizations structure their people, processes, and technologies according to their definition of the products they manage. Conflicting product definitions between teams increase confusion and misalignment of product roadmaps.

Organizations need a common understanding of what a product is and how it pertains to the business.

This understanding needs to be accepted across the organization.

“There is not a lot of guidance in the industry on how to define [products]. This is dangerous because what will happen is that product backlogs will be formed in too many areas. All that does is create dependencies and coordination across teams … and backlogs.” (Chad Beier, “How Do You Define a Product?” Scrum.org)

Products enable the long-term and continuous delivery of value

Phase 1

Build the case for product-centric delivery

Phase 1
1.1 Define product
1.2 Define your drivers and goals
1.3 Understand the role of product ownership
1.4 Communicate what comes next
1.5 Make the case to your stakeholders

This phase will walk you through the following activities:

• Define product in your context.
• Define your drivers and goals for moving to product delivery.
• Understand the role of product ownership.
• Communicate what comes next for your transition to product.
• Lay out the case to your stakeholders.

This phase involves the following participants:

• Product owners
• Product managers
• Development team leads
• Portfolio managers
• Business analysts

Step 1.1

Define product

Activities

• 1.1.1 Define “product” in your context
• 1.1.2 Consider examples of what is (and is not) a product in your organization
• 1.1.3 Identify the differences between project and product delivery

This step involves the following participants:

• Product owners
• Product managers
• Development team leads
• Portfolio managers
• Business analysts

Outcomes of this step

• A clear definition of product in your organization’s context.

Make the Case for Product Delivery

Exercise 1.1.1 Define “product” in your context

30-60 minutes

Output: Your enterprise/organizational definition of products and services

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

1. Discuss what “product” means in your organization.
2. Create a common, enterprise-wide definition for “product.”

Record the results in the Make the Case for Product-Centric Delivery Workbook.

Example: What is a product?

Not all organizations will define products in the same way. Take this as a general example:

“A tangible solution, tool, or service (physical or digital) that enables the long-term and evolving delivery of value to customers and stakeholders based on business and user requirements.” Info-Tech Insight A proper definition of product recognizes three key facts: Products are long-term endeavors that don’t end after the project finishes. Products are not just “apps” but can be software or services that drive the delivery of value. There is more than one stakeholder group that derives value from the product or service.

How do we know what is a product?

Exercise 1.1.2 Consider examples of what is (and is not) a product in your organization

Output: Examples of what is and isn’t a product in your specific context.

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

1. Leverage the definition you created in exercise 1.1.1 and the explanation on the slide What is a product?
2. Pick examples that effectively show the difference between products and non-products and facilitate a conversation on the ones that seem to be on the line. Specific server instances, or instances of providing a service, are worthwhile examples to consider.
3. From the list you come up with, take the top three examples and put them into the Make the Case for Product Delivery Presentation Template.

Record the results in the Make the Case for Product Delivery Workbook.

Product delivery practices should consider everything required to support it, not just what users see.

Products and services share the same foundation and best practices

Exercise 1.1.3 Identify the differences between project and product delivery

30-60 minutes

Output: List of differences between project and product delivery

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

1. Consider project delivery and product delivery.
2. Discuss what some differences are between the two.
   Note: This exercise is not about identifying the advantages and disadvantages of each style of delivery. This is to identify the variation between the two.

Record the results in the Make the Case for Product Delivery Workbook.

Identify the differences between a project-centric and a product-centric organization

Info-Tech Insights

• Product ownership should be one of your first areas of focus when transitioning from project to product delivery.
• Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that support improving end-user value and enterprise alignment.

Projects can be a mechanism for funding product changes and improvements

Projects within products Regardless of whether you recognize yourself as a product-based or project-based shop, the same basic principles should apply. The purpose of projects is to deliver the scope of a product release. The shift to product delivery leverages a product roadmap and backlog as the mechanism for defining and managing the scope of the release. Eventually, teams progress to continuous integration/continuous delivery (CI/CD) where they can release on demand or as scheduled, requiring org change management.

Step 1.2

Define your drivers and goals

Activities

• 1.2.1 Understand your drivers for product-centric delivery
• 1.2.2 Define the goals for your product-centric organization

This step involves the following participants:

• Product owners
• Product managers
• Development team leads
• Portfolio managers
• Business analysts

Outcomes of this step

• A clear understanding of your motivations and desired outcomes for moving to product delivery.

Make the Case for Product Delivery

Exercise 1.2.1 Understand your drivers for product-centric delivery

30-60 minutes

Output: Organizational drivers to move to product-centric delivery.

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

1. Identify your pain points in the current delivery model.
2. What is the root cause of these pain points?
3. How will a product-centric delivery model fix the root cause (drivers)?

Record the results in the Make the Case for Product Delivery Workbook.

Exercise 1.2.2 Define the goals for your product-centric organization

30 minutes

Output: Goals for product-centric delivery

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

1. Review the differences between project and product delivery from exercise 1.1.3 and the list of drivers from exercise 1.2.1.
2. Define your goals for achieving a product-centric organization.
   Note: Your drivers may have already covered the goals. If so, review if you would like to change the drivers based on your renewed understanding of the differences between project and product delivery.

Record the results in the Make the Case for Product Delivery Workbook.

Step 1.3

Understand the role of product ownership

Activities

• 1.3.1 Identify product ownership capabilities

This step involves the following participants:

• Product owners
• Product managers
• Development team leads
• Portfolio managers
• Business analysts

Outcomes of this step

• Product owner capabilities that you agree are critical to start your product transformation.

Make the Case for Product Delivery

Accountability for the delivery of value through product ownership is not optional

Info-Tech Insight People treat the assignment of accountability for products (aka product ownership) as optional. Without assigning accountability up front, your transition to product delivery will stall. Accountable individuals will be focused on the core outcome for product delivery, which is the delivery of the right value, at the right time, to the right people.

Recognize the different product owner perspectives

Info-Tech Best Practice

Product owners must translate needs and constraints from their perspective into the language of their audience. Kathy Borneman, Digital Product Owner at SunTrust Bank, noted the challenges of finding a common language between lines of business and IT (e.g. what is a unit?).

Info-Tech Insight

Recognize that product owners represent one of three primary perspectives. Although all share the same capabilities, how they approach their responsibilities is influenced by their perspective.

“A Product Owner in its most beneficial form acts like an Entrepreneur, like a 'mini-CEO'. The Product Owner is someone who really 'owns' the product.” (Robbin Schuurman, “Tips for Starting Product Owners”)

Implement the Info-Tech product owner capability model

As discussed in Build a Better Product Owner, most product owners operate with an incomplete knowledge of the skills and capabilities needed to perform the role. Common gaps include focusing only on product backlogs, acting as a proxy for product decisions, and ignoring the need for key performance indicators (KPIs) and analytics in both planning and value realization.
Vision Market Analysis Business Alignment Product Roadmap Leadership Soft Skills Collaboration Decision Making Product Lifecycle Management Plan Build Run Value Realization KPIs Financial Management Business Model

Details on product ownership capabilities can be found in the appendix.

Exercise 1.3.1 Identify product ownership capabilities

60 minutes

Output: Product owner capability mapping

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

1. Write down the capabilities product owners need to perform their duties (one per sticky note) in order to describe product ownership in your organization. Consider people, processes, and tools.
2. Mark each capability with a plus (current capability), circle (some proficiency), or dash (missing capability).
3. Discuss each capability and place on the appropriate quadrant.

Record the results in the Make the Case for Product Delivery Workbook.

Differentiate between product owners and product managers

Info-Tech Insight

“Product owner” and “product manager” are terms that should be adapted to fit your culture and product hierarchy. These are not management relationships but rather a way to structure related products and services that touch the same end users.

Step 1.4

Communicate what comes next

Activities

• 1.4.1 How do we get started?

This step involves the following participants:

• Product owners
• Product managers
• Development team leads
• Portfolio managers
• Business analysts

Outcomes of this step

• A now, next, later roadmap indicating your overall next steps.

Make the Case for Product Delivery

Make a plan in order to make a plan!

Consider some of the techniques you can use to validate your strategy.		Go to your backlog and prioritize the elements that need to be answered sooner rather than later. Possible areas of focus: Regulatory requirements or questions to answer around accessibility, security, privacy. Stress testing any new processes against situations that may occur.
Learning Milestones The completion of a set of artifacts dedicated to validating business opportunities and hypotheses. Possible areas of focus: Align teams on product strategy prior to build Market research and analysis Dedicated feedback sessions Provide information on feature requirements	Sprint Zero (AKA Project-before-the-project) The completion of a set of key planning activities, typically the first sprint. Possible areas of focus: Focus on technical verification to enable product development alignment Sign off on architectural questions or concerns

The “Now, Next, Later” roadmap

Use this when deadlines and delivery dates are not strict. This is best suited for brainstorming a product plan when dependency mapping is not required.

Now What are you going to do now? Next What are you going to do very soon? Later What are you going to do in the future?

(Source: “Tips for Agile product roadmaps & product roadmap examples,” Scrum.org, 2017)

Exercise 1.4.1 How do we get started?

30-60 minutes

Output: Product transformation critical steps and basic roadmap

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

Identify what the critical steps are for the organization to embrace product-centric delivery. Group each critical step by how soon you need to address it: Now: Let’s do this ASAP. Next: Sometime very soon, let’s do these things. Later: Much further off in the distance, let’s consider these things.

(Source: “Tips for Agile product roadmaps & product roadmap examples,” Scrum.org, 2017)

Record the results in the Make the Case for Product Delivery Workbook.

Example

Step 1.5

Make the case to your stakeholders

Activities

• 1.5.1 Identify what support you need from your stakeholders
• 1.5.2 Build your pitch for product delivery

This step involves the following participants:

• Product owners
• Product managers
• Development team leads
• Portfolio managers
• Business analysts

Outcomes of this step

• A deliverable that helps make the case for product delivery.

Make the Case for Product Delivery

Develop a stakeholder strategy to define your product owner landscape

Stakeholder Influence Stakeholders are a critical cornerstone to product ownership. They provide the context, alignment, and constraints that influence or control what a product owner is able to accomplish. Product teams operate within this network of stakeholders who represent different perspectives within the organization. See the appendix for activities and guidance on how to devise a strategy for managing stakeholders.

Exercise 1.5.1 Identify what support you need from your stakeholders

30 minutes

Output: Clear understanding of stakeholders, what they need from you, and what you need from them.

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

1. If you don’t yet know who your stakeholders are, consider completing one or more of the stakeholder management exercises in the appendix.
2. Identify your key stakeholders who have an interest in solution delivery.
3. Consider their perspective on product-centric delivery. (For example: For head of support, what does solution delivery mean to them?)
4. Identify what role each stakeholder would play in the transformation.
   • This role represents what you need from them for this transformation to product-centric delivery.

Record the results in the Make the Case for Product Delivery Workbook.

Exercise 1.5.2 Build your pitch deck

30 minutes (and up)

Output: A completed presentation to help you make the case for product delivery.

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

1. Take the results from the Make the Case for Product Delivery Workbook and transfer them into the presentation template.
2. Follow the instructions on each page listed in the instruction bubbles to know what results to place where.
3. This is meant to be a template; you are welcome to add and remove slides as needed to suit your audience!

Record the results in the Make the Case for Product Delivery Workbook.

Appendix

Additional research to start your journey

Related Info-Tech Research

Related Info-Tech Research

Application Portfolio Management

Related Info-Tech Research

Value, Delivery Metrics, Estimation

Related Info-Tech Research

Org Design and Performance

Appendix

Product delivery strategy communication

Product roadmaps guide delivery and communicate your strategy

In Deliver on Your Digital Product Vision, we demonstrate how the product roadmap is core to value realization. The product roadmap is your communicated path, and as a product owner, you use it to align teams and changes to your defined goals while aligning your product to enterprise goals and strategy.

(Adapted from: Pichler, “What Is Product Management?”)

Info-Tech Insight

The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.

Define product value by aligning backlog delivery with roadmap goals

In each product plan, the backlogs show what you will deliver.
Roadmaps identify when and in what order you will deliver value, capabilities, and goals.

Multiple roadmap views can communicate differently, yet tell the same truth

Appendix

Managing stakeholder influence

From Build a Better Product Owner

Step 1.3 (from Build a Better Product Owner)

Manage Stakeholder Influence

Activities

• 1.3.1 Visualize interrelationships to identify key influencers
• 1.3.2 Group your product owners into categories
• 1.3.3 Prioritize your stakeholders
• 1.3.4 Delegation Poker: Reach better decisions

This step will walk you through the following activities:

To be successful, product owners need to identify and manage all stakeholders for their products. This step will build a stakeholder map and strategy.

This step involves the following participants:

• Product owners
• Product managers
• Development team leads
• Portfolio managers
• Delivery managers
• Business analysts

Outcomes of this step

• Relationships among stakeholders and influencers
• Categorization of stakeholders and influencers
• Stakeholder and influencer prioritization
• Better understanding of decision-making approaches and delegation

Develop a product owner stakeholder strategy

Stakeholder Influence Stakeholders are a critical cornerstone to product ownership. They provide the context, alignment, and constraints that influence or control what a product owner is able to accomplish. Product owners operate within this network of stakeholders who represent different perspectives within the organization. First, product owners must identify members of their stakeholder network. Next, they should devise a strategy for managing stakeholders. Without accomplishing these missing pieces, product owners will encounter obstacles, resistance, or unexpected changes.

Create a stakeholder network map to product roadmaps and prioritization

Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

Legend Black arrows indicate the direction of professional influence Dashed green arrows indicate bidirectional, informal influence relationships

Info-Tech Insight

Your stakeholder map defines the influence landscape your product operates in. It is every bit as important as the teams who enhance, support, and operate your product directly.

Use “connectors” to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantive relationships with your stakeholders.

1.3.1 Visualize interrelationships to identify key influencers

60 minutes

Input: List of product stakeholders

Output: Relationships among stakeholders and influencers

Materials: Whiteboard/flip charts, Markers, Build a Better Product Owner Workbook

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

1. List direct stakeholders for your product.
2. Determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
4. Construct a diagram linking stakeholders and their influencers together.
   1. Use black arrows to indicate the direction of professional influence.
   2. Use dashed green arrows to indicate bidirectional, informal influence relationships.
5. Record the results in the Build a Better Product Owner Workbook.

Record the results in the Build a Better Product Owner Workbook.

Categorize your stakeholders with a prioritization map

1.3.2 Group your product owners into categories

30 minutes

Input: Stakeholder map

Output: Categorization of stakeholders and influencers

Materials: Whiteboard/flip charts, Markers, Build a Better Product Owner Workbook

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

Identify your stakeholder’s interest in and influence on your Agile implementation as high, medium, or low by rating the attributes below. Map your results to the model below to determine each stakeholder’s category. Record the results in the Build a Better Product Owner Workbook.
Level of Influence Power: Ability of a stakeholder to effect change. Urgency: Degree of immediacy demanded. Legitimacy: Perceived validity of stakeholder’s claim. Volume: How loud their “voice” is or could become. Contribution: What they have that is of value to you.	Level of Interest How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

Record the results in the Build a Better Product Owner Workbook.

Prioritize your stakeholders

There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by rating the following question: how likely is it that your stakeholder would recommend your product? These parameters are used to prioritize which stakeholders are most important and should receive the focus of your attention. The table to the right indicates how stakeholders are ranked.

1.3.3 Prioritize your stakeholders

30 minutes

Input: Stakeholder matrix, Stakeholder prioritization

Output: Stakeholder and influencer prioritization

Materials: Whiteboard/flip charts, Markers, Build a Better Product Owner Workbook

Participants: Product owners, Product managers, Development team leads, Portfolio managers, Business analysts

1. Identify the level of support of each stakeholder by answering the following question: how likely is it that your stakeholder would endorse your product?
2. Prioritize your stakeholders using the prioritization scheme on the previous slide.
3. Record the results in the Build a Better Product Owner Workbook.

Record the results in the Build a Better Product Owner Workbook.

Define strategies for engaging stakeholders by type

Info-Tech Insight Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying your stakeholder groups, the product owner can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers, while ensuring the needs of the Mediators and Players are met.

Type Quadrant Actions Players High influence; high interest – actively engage Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success. Mediators High influence; low interest – keep satisfied They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders. Noisemakers Low influence; high interest – keep informed Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them. Spectators Low influence; low interest – monitor They are followers. Keep them in the loop by providing clarity on objectives and status updates.

Appendix

Product owner capability details

From Build a Better Product Owner

Develop product owner capabilities

	Each capability has three components needed for successful product ownership. Definitions are on the following slides. Define the skills and activities in each component that are directly related to your product and culture.

Capabilities: Vision

Capabilities: Leadership

Capabilities: Product lifecycle management

Capabilities: Value realization

Avoid common capability gaps

Bibliography – Product Ownership

A, Karen. “20 Mental Models for Product Managers.” Medium, Product Management Insider, 2 Aug. 2018. Web.

Adams, Paul. “Product Teams: How to Build & Structure Product Teams for Growth.” Inside Intercom, 30 Oct. 2019. Web.

Agile Alliance. “Product Owner.” Agile Alliance, n.d. Web.

Banfield, Richard, et al. “On-Demand Webinar: Strategies for Scaling Your (Growing) Enterprise Product Team.” Pluralsight, 31 Jan. 2018. Web.

Blueprint. “10 Ways Requirements Can Sabotage Your Projects Right From the Start.” Blueprint, 2012. Web.

Breddels, Dajo, and Paul Kuijten. “Product Owner Value Game.” Agile2015 Conference, 2015. Web.

Cagan, Martin. “Behind Every Great Product.” Silicon Valley Product Group, 2005. Web.

Cohn, Mike “What is a product?” Mountain Goat Software, 16 Sept. 2016, Web

Connellan, Thomas K. Inside the Magic Kingdom. Bard Press, 1997. Print.

Curphey, Mark, “Product Definition.” slideshare.net, 25 Feb. 2007. Web

Eringa, Ron. “Evolution of the Product Owner.” RonEringa.com, 12 June 2016. Web.

Fernandes, Thaisa. “Spotify Squad Framework - Part I.” Medium.com, 6 March 2017. Web.

Galen, Robert. “Measuring Product Ownership – What Does ‘Good’ Look Like?” RGalen Consulting, 5 Aug. 2015. Web.

Halisky, Merland, and Luke Lackrone. “The Product Owner’s Universe.” Agile Alliance, Agile2016, 2016. Web.

Kamer, Jurriaan. “How to Build Your Own ‘Spotify Model’.” Medium.com, 9 Feb. 2018. Web.

Kendis Team. “Exploring Key Elements of Spotify’s Agile Scaling Model.” Medium.com, 23 July 2018. Web.

Lindstrom, Lowell. “7 Skills You Need to Be a Great Product Owner.” Scrum Alliance, n.d. Web.

Lukassen, Chris. “The Five Belts Of The Product Owner.” Xebia.com, 20 Sept. 2016. Web.

Management 3.0. “Delegation Poker Product Image.” Management 3.0, n.d. Web.

McCloskey, Heather. “Scaling Product Management: Secrets to Defeating Common Challenges.” ProductPlan, 12 July 2019. Web.

Bibliography – Product Ownership

McCloskey, Heather. “When and How to Scale Your Product Team.” UserVoice, 21 Feb. 2017. Web.

Mironov, Rich. “Scaling Up Product Manager/Owner Teams: Rich Mironov's Product Bytes.” Rich Mironov's Product Bytes, Mironov Consulting, 12 April 2014 . Web.

Overeem, Barry. “A Product Owner Self-Assessment.” Barry Overeem, 6 March 2017. Web.

Overeem, Barry. “Retrospective: Using the Team Radar.” Barry Overeem, 27 Feb. 2017. Web.

Pichler, Roman. “How to Scale the Scrum Product Owner.” Roman Pichler, 28 June 2016 . Web.

Pichler, Roman. “Product Management Framework.” Pichler Consulting Limited, 2014. Web.

Pichler, Roman. “Sprint Planning Tips for Product Owners.” LinkedIn, 4 Sept. 2018. Web.

Pichler, Roman. “What Is Product Management?” Pichler Consulting Limited, 26 Nov. 2014. Web.

Radigan, Dan. “Putting the ‘Flow' Back in Workflow With WIP Limits.” Atlassian, n.d. Web.

Schuurman, Robbin. “10 Tips for Product Owners on Agile Product Management.” Scrum.org, 28 Nov. 2017. Web.

Schuurman, Robbin. “10 Tips for Product Owners on (Business) Value.” Scrum.org, 30 Nov. 2017. Web.

Schuurman, Robbin. “10 Tips for Product Owners on Product Backlog Management.” Scrum.org, 5 Dec. 2017. Web.

Schuurman, Robbin. “10 Tips for Product Owners on the Product Vision.” Scrum.org, 29 Nov. 2017. Web.

Schuurman, Robbin. “Tips for Starting Product Owners.” Scrum.org, 27 Nov. 2017. Web.

Sharma, Rohit. “Scaling Product Teams the Structured Way.” Monetary Musings, 28 Nov. 2016. Web.

Bibliography – Product Ownership

Steiner, Anne. “Start to Scale Your Product Management: Multiple Teams Working on Single Product.” Cprime, 6 Aug. 2019. Web.

Shirazi, Reza. “Betsy Stockdale of Seilevel: Product Managers Are Not Afraid To Be Wrong.” Austin VOP #50, 2 Oct. 2018. Web.

“The Standish Group 2015 Chaos Report.” The Standish Group, 2015. Web.

Theus, Andre. “When Should You Scale the Product Management Team?” ProductPlan, 7 May 2019. Web.

Tolonen, Arto. “Scaling Product Management in a Single Product Company.” Smartly.io, 26 Apr. 2018. Web.

Ulrich, Catherine. “The 6 Types of Product Managers. Which One Do You Need?” Medium.com, 19 Dec. 2017. Web.

VersionOne. “12th Annual State of Agile Report.” VersionOne, 9 April 2018. Web.

Verwijs, Christiaan. “Retrospective: Do The Team Radar.” Medium.com, 10 Feb. 2017. Web.

“How do you define a product?” Scrum.org, 4 April 2017, Web.

“Product Definition.” TechTarget, Sept. 2005. Web

Bibliography – Product Roadmap

Ambysoft. “2018 IT Project Success Rates Survey Results.” Ambysoft. 2018. Web.

Bastow, Janna. “Creating Agile Product roadmaps Everyone Understands.” ProdPad, 22 Mar. 2017. Accessed Sept. 2018.

Bastow, Janna. “The Product Tree Game: Our Favorite Way To Prioritize Features.” ProdPad, 21 Feb. 2016. Accessed Sept. 2018.

Chernak, Yuri. “Requirements Reuse: The State of the Practice.” 2012, Herzlia, Israel, 2012 IEEE International Conference on Software Science, Technology and Engineering, 12 June 2012. Web.

Fowler, Martin. “Application Boundary.” MartinFowler.com, 11 Sept. 2003. Accessed 20 Nov. 2017.

Harrin, Elizabeth. “Learn What a Project Milestone Is.” The Balance Careers, 10 May 2018. Accessed Sept. 2018.

“How to create a product roadmap.” Roadmunk, n.d. Accessed Sept. 2018.

Johnson, Steve. “How to Master the 3 Horizons of Product Strategy.” Aha!, 24 Sept. 2015. Accessed Sept. 2018.

Johnson, Steve. “The Product Roadmap vs. the Technology Roadmap.” Aha!, 23 June 2016. Accessed Sept. 2018

Juncal, Shaun. “How Should You Set Your Product Roadmap Timeframes?” ProductPlan, n.d. Accessed Sept. 2018.

Leffingwell, Dean. “SAFe 4.0.” Scaled Agile, Inc., 2017. Web.

Maurya, Ash. “What is a Minimum Viable Product (MVP)?” LEANSTACK, 12 June 2017. Accessed Sept. 2018.

Pichler, Roman. “10 Tips for Creating an Agile Product Roadmap.” Roman Pichler, 20 July 2016. Accessed Sept. 2018.

Pichler, Roman. Strategize: Product Strategy and Product Roadmap Practices for the Digital Age. Pichler Consulting, 2016.

“Product Roadmap Contents: What Should You Include?” ProductPlan, n.d. Accessed 20 Nov. 2017.

Saez, Andrea. “Why Your Roadmap Is Not a Release Plan.” ProdPad, 23 Oct. 2015. Accessed Sept. 2018.

Schuurman, Robbin. “Tips for Agile product roadmaps & product roadmap examples.” Scrum.org, 7 Dec. 2017. Accessed Sept. 2018

Research Contributors and Experts

Emily Archer Lead Business Analyst, Enterprise Consulting, authentic digital agency Emily Archer is a consultant currently working with Fortune 500 clients to ensure the delivery of successful projects, products, and processes. She helps increase the business value returned for organizations’ investments in designing and implementing enterprise content hubs and content operations, custom web applications, digital marketing, and e-commerce platforms.

David Berg Founder & CTO Strainprint Technologies Inc. David Berg is a product commercialization expert that has spent the last 20 years of his career delivering product management and business development services across a broad range of industries. Early in his career, David worked with product management and engineering teams to build core network infrastructure products that secure and power the internet we benefit from today. David’s experience also includes working with clean technologies in the area of clean power generation, agritech, and Internet of Things infrastructure. Over the last five years, David has been focused on his latest venture, Strainprint Technologies, a data and analytics company focused on the medical cannabis industry. Strainprint has built the largest longitudinal medical cannabis dataset in the world with the goal to develop an understanding of treatment behavior, interactions, and chemical drivers to guide future product development.

Research Contributors and Experts

Kathy Borneman Digital Product Owner, SunTrust Bank Kathy Borneman is a senior product owner who helps people enjoy their jobs again by engaging others in end-to-end decision making to deliver software and operational solutions that enhance the client experience and allow people to think and act strategically.

Charlie Campbell Product Owner, Merchant e-Solutions Charlie Campbell is an experienced problem solver with the ability to quickly dissect situations and recommend immediate actions to achieve resolution, liaise between technical and functional personnel to bridge the technology and communication gap, and work with diverse teams and resources to reach a common goal.

Research Contributors and Experts

Yarrow Diamond Sr. Director, Business Architecture Financial Services Yarrow Diamond is an experienced professional with expertise in enterprise strategy development, project portfolio management, and business process reengineering across financial services, healthcare and insurance, hospitality, and real estate environments. She has a master’s in Enterprise Architecture from Penn State University, LSSMBB, PMP, CSM, ITILv3.

Cari J. Faanes-Blakey, CBAP, PMI-PBA Enterprise Business Systems Analyst, Vertex, Inc. Cari J. Faanes-Blakey has a history in software development and implementation as a Business Analyst and Project Manager for financial and taxation software vendors. Active in the International Institute of Business Analysis (IIBA), Cari participated on the writing team for the BA Body of Knowledge 3.0 and the certification exam.

Research Contributors and Experts

Kieran Gobey Senior Consultant Professional Services Blueprint Software Systems Kieran Gobey is an IT professional with 24 years of experience, focused on business, technology, and systems analysis. He has split his career between external and internal customer-facing roles, and this has resulted in a true understanding of what is required to be a Professional Services Consultant. His problem-solving skills and ability to mentor others have resulted in successful software implementations. Kieran’s specialties include deep system troubleshooting and analysis skills, facilitating communications to bring together participants effectively, mentoring, leadership, and organizational skills.

Rupert Kainzbauer VP Product, Digital Wallets Paysafe Group Rupert Kainzbauer is an experienced senior leader with a passion for defining and delivering products that deliver real customer and commercial benefit. Together with a team of highly experienced and motivated product managers, he has successfully led highly complex, multi-stakeholder payments initiatives, from proposition development and solution design through to market delivery. Their domain experience is in building online payment products in high-risk and emerging markets, remittance, prepaid cards, and mobile applications.

Research Contributors and Experts

Saeed Khan Founder, Transformation Labs Saeed Khan has been working in high tech for 30 years in both Canada and the US and has held a number of leadership roles in Product Management over that time. He speaks regularly at conferences and has been writing publicly about technology product management since 2005. Through Transformation Labs, Saeed helps companies accelerate product success by working with product teams to improve their skills, practices, and processes. He is a cofounder of ProductCamp Toronto and currently runs a Meetup group and global Slack community called Product Leaders, the only global community of senior-level product executives.

Hoi Kun Lo Product Owner Nielsen Hoi Kun Lo is an experienced change agent who can be found actively participating within the IIBA and WITI groups in Tampa, FL, and a champion for Agile, architecture, diversity, and inclusion programs at Nielsen. She is currently a Product Owner in the Digital Strategy team within Nielsen Global Watch Technology.

Research Contributors and Experts

Abhishek Mathur Sr Director, Product Management Kasisto, Inc. Abhishek Mathur is a product management leader, an artificial intelligence practitioner, and an educator. He has led product management and engineering teams at Clarifai, IBM, and Kasisto to build a variety of artificial intelligence applications within the space of computer vision, natural language processing, and recommendation systems. Abhishek enjoys having deep conversations about the future of technology and helping aspiring product managers enter and accelerate their careers.

Jeff Meister Technology Advisor and Product Leader Jeff Meister is a technology advisor and product leader. He has more than 20 years of experience building and operating software products and the teams that build them. He has built products across a wide range of industries and has built and led large engineering, design, and product organizations. Jeff most recently served as Senior Director of Product Management at Avanade, where he built and led the product management practice. This involved hiring and leading product managers, defining product management processes, solution shaping and engagement execution, and evangelizing the discipline through pitches, presentations, and speaking engagements. Jeff holds a Bachelor of Applied Science (Electrical Engineering) and a Bachelor of Arts from the University of Waterloo, an MBA from INSEAD (Strategy), and certifications in product management, project management, and design thinking.

Research Contributors and Experts

Vincent Mirabelli Principal, Global Project Synergy Group With over 10 years of experience in both the private and public sectors, Vincent Mirabelli possesses an impressive track record of improving, informing, and transforming business strategy and operations through process improvement, design and re-engineering, and the application of quality to business analysis, project management, and process improvement standards.

Oz Nazili VP, Product & Growth TWG Oz Nazili is a product leader with a decade of experience in both building products and product teams. Having spent time at funded startups and large enterprises, he thinks often about the most effective way to deliver value to users. His core areas of interest include Lean MVP development and data-driven product growth.

Research Contributors and Experts

Mark Pearson Principal IT Architect First Data Corporation Mark Pearson is an executive business leader grounded in the process, data, technology, and operations of software-driven business. He knows the enterprise software landscape and is skilled in product, technology, and operations design and delivery within information technology organizations, outsourcing firms, and software product companies.

Brenda Peshak Product Owner, Widget Industries, LLC Brenda Peshak is skilled in business process, analytical skills, Microsoft Office Suite, communication, and customer relationship management (CRM). She is a strong product management professional with a Master’s focused in Business Leadership (MBL) from William Penn University.

Research Contributors and Experts

Mike Starkey Director of Engineering W.W. Grainger Mike Starkey is a Director of Engineering at W.W. Grainger, currently focusing on operating model development, digital architecture, and building enterprise software. Prior to joining W.W. Grainger, Mike held a variety of technology consulting roles throughout the system delivery lifecycle spanning multiple industries such as healthcare, retail, manufacturing, and utilities with Fortune 500 companies.

Anant Tailor Cofounder & Head of Product Dream Payments Corp. Anant Tailor is a cofounder at Dream Payments where he currently serves as the COO and Head of Product, having responsibility for Product Strategy & Development, Client Delivery, Compliance, and Operations. He has 20+ years of experience building and operating organizations that deliver software products and solutions for consumers and businesses of varying sizes. Prior to founding Dream Payments, Anant was the COO and Director of Client Services at DonRiver Inc, a technology strategy and software consultancy that he helped to build and scale into a global company with 100+ employees operating in seven countries. Anant is a Professional Engineer with a Bachelor’s degree in Electrical Engineering from McMaster University and a certificate in Product Strategy & Management from the Kellogg School of Management at Northwestern University.

Research Contributors and Experts

Angela Weller Scrum Master, Businessolver Angela Weller is an experienced Agile business analyst who collaborates with key stakeholders to attain their goals and contributes to the achievement of the company’s strategic objectives to ensure a competitive advantage. She excels when mediating or facilitating teams.

Essentials of Vendor Management for Small Business

Create and implement a vendor management framework to begin obtaining measurable results in 90 days.

EXECUTIVE BRIEF

Analyst Perspective

Vendor Management Challenge

Small businesses are often challenged by the growth and complexity of their vendor ecosystem, including the degree to which the vendors control them. Vendors are increasing, obtaining more and more budget dollars, while funding for staff or headcount is decreasing as a result of cloud-based applications and an increase in our reliance on Managed Service Providers. Initiating a vendor management initiative (VMI) vs. creating a fully staffed vendor management office will get you started on the path of proactively controlling your vendors instead of consistently operating in a reactionary mode. This blueprint is designed with that very thought: to assist small businesses in creating the essentials of a vendor management initiative.

Steve Jeffery
Principal Research Director, Vendor Management
Info-Tech Research Group

Executive Summary

Your Challenge

Each year, IT organizations "outsource" tasks, activities, functions, and other items. During 2021:

• Spend on as-a-service providers increased 38% over 2020.*
• Spend on managed service providers increased 16% over 2020.*
• IT service providers increased their merger and acquisition numbers by 47% over 2020.*

This leads to more spend, less control, and more risk for IT organizations. Managing this becomes a higher priority for IT, but many IT organizations are ill-equipped to do this proactively.

Common Obstacles

As new contracts are negotiated and existing contracts are renegotiated or renewed, there is a perception that the contracts will yield certain results, output, performance, solutions, or outcomes. The hope is that these will provide a measurable expected value to IT and the organization. Oftentimes, much of the expected value is never realized. Many organizations don't have a VMI to help:

• Ensure at least the expected value is achieved.
• Improve on the expected value through performance management.
• Significantly increase the expected value through a proactive VMI.

Info-Tech's Approach

Vendor Management is a proactive, cross-functional lifecycle. It can be broken down into four phases:

• Plan
• Build
• Run
• Review

The Info-Tech process addresses all four phases and provides a step-by-step approach to configure and operate your VMI. The content in this blueprint helps you quickly establish your VMI and sets a solid foundation for its growth and maturity.

Info-Tech Insight

Vendor management is not a one-size-fits-all initiative. It must be configured:

• For your environment, culture, and goals.
• To leverage the strengths of your organization and personnel.
• To focus your energy and resources on your critical vendors.

Executive Summary

Your challenge

Spend on managed service providers and as-a-service providers continues to increase. In addition, IT services vendors continue to be active in the mergers and acquisitions arena. This increases the need for a VMI to help with the changing IT vendor landscape.

Source: Information Services Group, Inc., 2022.

Executive Summary

Common obstacles

When organizations execute, renew, or renegotiate a contract, there is an "expected value" associated with that contract. Without a robust VMI, most of the expected value will never be realized. With a robust VMI, the realized value significantly exceeds the expected value during the contract term.

A contract's realized value with and without a vendor management initiative

Source: Based on findings from Geller & Company, 2003.

Executive Summary

Info-Tech's approach

A sound, cyclical approach to vendor management will help you create a VMI that meets your needs and stays in alignment with your organization as they both change (i.e. mature and grow).

Info-Tech's methodology for creating and operating your vmi

Insight Summary

Insight 1

Vendor management is not "plug and play" – each organization's vendor management initiative (VMI) needs to fit its culture, environment, and goals. While there are commonalities and leading practices associated with vendor management, your initiative won't look exactly like another organization's. The key is to adapt vendor management principles to fit your needs.

Insight 2

All vendors are not of equal importance to your organization. Internal resources are a scarce commodity and should be deployed so that they provide the best return on the organization's investment. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.

Insight 3

Having a solid foundation is critical to the VMI's ongoing success. Whether you will be creating a formal vendor management office or using vendor management techniques, tools, and templates "informally", starting with the basics is essential. Make sure you understand why the VMI exists and what it hopes to achieve, what is in and out of scope for the VMI, what strengths the VMI can leverage and the obstacles it will have to address, and how it will work with other areas within your organization.

Blueprint benefits

IT benefits

• Identify and manage risk proactively.
• Reduce costs and maximize value.
• Increase visibility with your critical vendors.
• Improve vendor performance.
• Create a collaborative environment with key vendors.
• Segment vendors to allocate resources more effectively and more efficiently.

Business benefits

• Improve vendor accountability.
• Increase collaboration between departments.
• Improve working relationships with your vendors.
• Create a feedback loop to address vendor/customer issues before they get out of hand or are more costly to resolve.
• Increase access to meaningful data and information regarding important vendors.

Phase 1 - Plan

This phase will walk you through the following activity:

• Organizing your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, and a desired future state for the VMI.

This phase involves the following participants:

• VMI team
• Applicable stakeholders and executives
• Procurement/Sourcing
• IT
• Others as needed

Vendor Management Initiative Basics for the Small/Medium Businesses

Phase 1 – Plan

Get Organized

Phase 1 – Plan focuses on getting organized. Foundational elements (Mission Statement, Goals, Scope, Strengths and Obstacles, Roles and Responsibilities, and Process Mapping) will help you define your VMI. These and the other elements of this Phase will follow you throughout the process of starting up your VMI and running it.

Spending time up front to ensure that everyone is on the same page will help avoid headaches down the road. The tendency is to skimp (or even skip) on these steps to get to "the good stuff." To a certain extent, the process provided here is like building a house. You wouldn't start building your dream home without having a solid blueprint. The same is true with vendor management. Leveraging vendor management tools and techniques without the proper foundation may provide some benefit in the short term, but in the long term it will ultimately be a house of cards waiting to collapse.

Step 1.1 – Mission statement and goals

Identify why the VMI exists and what it will achieve

Whether you are starting your vendor management journey or are already down the path, it is important to know why the vendor management initiative exists and what it hopes to achieve. The easiest way to document this is with a written declaration in the form of a Mission Statement and Goals. Although this is the easiest way to proceed, it is far from easy.

The Mission Statement should identify at a high level the nature of the services provided by the VMI, who it will serve, and some of the expected outcomes or achievements. The Mission Statement should be no longer than one or two sentences.

The complement to the Mission Statement is the list of goals for the VMI. Your goals should not be a reassertion of your Mission Statement in bullet format. At this stage it may not be possible to make them SMART (Specific, Measurable, Achievable/Attainable, Relevant, Time-Bound/Time-Based), but consider making them as SMART as possible. Without some of the SMART parameters attached, your goals are more like dreams and wishes. At a minimum, you should be able to determine the level of success achieved for each of the VMI goals.

Although the VMI's Mission Statement will stay static over time (other than for significant changes to the VMI or organization as a whole), the goals should be reevaluated periodically using a SMART filter, and adjusted as needed.

1.1.1 – Mission statement and goals

20 – 40 Minutes

1. Meet with the participants and use a brainstorming activity to list, on a whiteboard or flip chart, the reasons why the VMI will exist.
2. Review external mission statements for inspiration.
3. Review internal mission statements from other areas to ensure consistency.
4. Draft and document your Mission Statement in the Phase 1 Tools and Templates Compendium – Tab 1.1 Mission Statement and Goals.
5. Continue brainstorming and identify the high-level goals for the VMI.
6. Review the list of goals and make them as SMART (Specific, Measurable, Achievable/Attainable, Relevant, Time-Bound/Time-Based) as possible.
7. Document your goals in the Phase 1 Tools and Templates Compendium– Tab 1.1 Mission Statement and Goals.
8. Obtain signoff on the Mission Statement and goals from stakeholders and executives as required.

Input

• Brainstorming results
• Mission statements from other internal and external sources

Output

• Completed Mission Statement and Goals

Materials

• Whiteboard/Flip Charts
• Phase 1 Tools and Templates Compendium – Tab 1.1 Mission Statement and Goals

Participants

• VMI team
• Applicable stakeholders and executives (as needed)

Download the Info-Tech Phase 1 Tools and Templates Compendium

Step 1.2 – Scope

Determine what is in scope and out of scope for the VMI

Regardless of where your VMI resides or how it operates, it will be working with other areas within your organization. Some of the activities performed by the VMI will be new and not currently handled by other groups or individuals internally; at the same time, some of the activities performed by the VMI may be currently handled by other groups or individuals internally. In addition, executives, stakeholders, and other internal personnel may have expectations or make assumptions about the VMI. As a result, there can be a lot of confusion about what the VMI does and doesn't do, and the answers cannot always be found in the VMI's Mission Statement and Goals.

One component of helping others understand the VMI landscape is formalizing the VMI Scope. The Scope will define boundaries for the VMI. The intent is not to fence itself off and keep others out but provide guidance on where the VMI's territory begins and ends. Ultimately, this will help clarify the VMI's roles and responsibilities, improve workflow, and reduce errant assumptions.

When drafting your VMI scoping document, make sure you look at both sides of the equation (similar to what you would do when following best practices for a statement of work). Identify what is in scope and what is out of scope. Be specific when describing the individual components of the VMI Scope, and make sure executives and stakeholders are onboard with the final version.

1.2.1 – Scope

20 - 40 Minutes

1. Meet with the participants and use a brainstorming activity to list, on a whiteboard or flip chart, the activities and functions in scope and out of scope for the VMI.
   1. Be specific to avoid ambiguity and improve clarity.
   2. Go back and forth between in scope and out of scope as needed; it is not necessary to list all the in-scope items and then turn your attention to the out-of-scope items.
2. Review the lists to make sure there is enough specificity. An item may be in scope or out of scope, but not both.
3. Use the Phase 1 Tools and Templates Compendium – Tab 1.2 Scope to document the results.
4. Obtain signoff on the Scope from stakeholders and executives as required.

Input

• Brainstorming results
• Mission Statement and Goals

Output

• Completed list of items in and out of scope for the VMI

Materials

• Whiteboard/Flip Charts
• Phase 1 Tools and Templates Compendium – Tab 1.2 Scope

Participants

• VMI team
• Applicable stakeholders and executives (as needed)

Download the Info-Tech Phase 1 Tools and Templates Compendium

Step 1.3 – Strengths and obstacles

Pinpoint the VMI's strengths and obstacles

A SWOT analysis (strengths, weaknesses, opportunities, and threats) is a valuable tool, but it is overkill for your VMI at this point. However, using a modified and simplified form of this tool (strengths and obstacles) will yield significant results and benefit the VMI as it grows and matures.

Your output will be two lists: the strengths associated with the VMI and the obstacles the VMI is facing. For example, strengths could include items such as smart people working within the VMI and executive support. Obstacles could include items such as limited headcount and training required for VMI staff.

The goals are 1) to harness the strengths to help the VMI be successful and 2) to understand the impact of the obstacles and plan accordingly. The output can also be used to enlighten executives and stakeholders about the challenges associated with their directives or requests (e.g. human bandwidth may not be sufficient to accomplish some of the vendor management activities and there is a moratorium on hiring until the next budget year).

For each strength identified, determine how you will or can leverage it when things are going well or when the VMI is in a bind. For each obstacle, list the potential impact on the VMI (e.g. scope, growth rate, and number of vendors that can actively be part of the VMI).

As you do your brainstorming, be as specific as possible and validate your lists with stakeholders and executives as needed.

1.3.1 – Strengths and obstacles

20 - 40 Minutes

Meet with the participants and use a brainstorming activity to list, on a whiteboard or flip chart, the VMI's strengths and obstacles.

Be specific to avoid ambiguity and improve clarity.

Go back and forth between strengths and obstacles as needed; it is not necessary to list all the strengths first and then all the obstacles.

It is possible for an item to be a strength and an obstacle; when this happens, add details to distinguish the situations.

Review the lists to make sure there is enough specificity.

Determine how you will leverage each strength and how you will manage each obstacle.

Use the Phase 1 Tools and Templates Compendium – Tab 1.3 Strengths and Obstacles to document the results.

Obtain signoff on the strengths and obstacles from stakeholders and executives as required.

Input

• Brainstorming
• Mission Statement and Goals
• Scope

Output

• Completed list of items impacting the VMI's ability to be successful: strengths the VMI can leverage and obstacles the VMI must manage

Materials

• Whiteboard/Flip Charts
• Phase 1 Tools and Templates Compendium – Tab 1.3 Strengths and Obstacles

Participants

• VMI team
• Applicable stakeholders and executives (as needed)

Download the Info-Tech Phase 1 Tools and Templates Compendium

Step 1.4 – Roles and responsibilities

Obtain consensus on who is responsible for what

One crucial success factor for VMIs is gaining and maintaining internal alignment. There are many moving parts to an organization, and a VMI must be clear on the various roles and responsibilities related to the relevant processes. Some of this information can be found in the VMI's Scope referenced in Step 1.2, but additional information is required to avoid stepping on each other's toes; many of the processes require internal departments to work together. (For example, obtaining requirements for a request for proposal takes more than one person or department). While it is not necessary to get too granular, it is imperative that you have a clear understanding of how the VMI activities will fit within the larger vendor management lifecycle (which is comprised of many sub processes) and who will be doing what.

As we have learned through our workshops and guided implementations, a traditional RACI* or RASCI* Chart does not work well for this purpose. These charts are not intuitive, and they lack the specificity required to be effective. For vendor management purposes, a higher-level view and a slightly different approach provide much better results.

This step will lead your through the creation of an OIC* Chart to determine vendor management lifecycle roles and responsibilities. Afterward, you'll be able to say, "Oh, I see clearly who is involved in each part of the process and what their role is."

*RACI – Responsible, Accountable, Consulted, Informed

*RASCI – Responsible, Accountable, Support, Consulted, Informed

*OIC – Owner, Informed, Contributor

Step 1.4 – Roles and responsibilities (cont'd)

Obtain consensus on who is responsible for what

To start, define the vendor management lifecycle steps or process applicable to your VMI. Next, determine who participates in the vendor management lifecycle. There is no need to get too granular – think along the lines of departments, subdepartments, divisions, agencies, or however you categorize internal operational units. Avoid naming individuals other than by title; this typically happens when a person oversees a large group (e.g. the CIO [chief information officer] or the CPO [chief procurement officer]). Be thorough, but don't let the chart get out of hand. For each role and step of the lifecycle, ask whether the entry is necessary; does it add value to the clarity of understanding the responsibilities associated with the vendor management lifecycle? Consider two examples, one for roles and one for lifecycle steps. 1) Is IT sufficient or do you need IT Operations and IT Development? 2) Is "negotiate contract documents" sufficient or do you need negotiate the contract and negotiate the renewal? The answer will depend on your culture and environment but be wary of creating a spreadsheet that requires an 85-inch monitor to view it.

After defining the roles (departments, divisions, agencies) and the vendor management lifecycle steps or process, assign one of three letters to each box in your chart:

• O – Owner – who owns the process; they may also contribute to it.
• I – Informed – who is informed about the progress or results of the process.
• C – Contributor – who contributes or works on the process; it can be tangible or intangible contributions.

This activity can be started by the VMI or done as a group with representatives from each of the named roles. If the VMI starts the activity, the resulting chart should be validated by the each of the named roles.

1.4.1 – Roles and responsibilities

1 – 6 hours

1. Meet with the participants and configure the OIC Chart in the Phase 1 Tools and Templates Compendium – Tab 1.4 OIC Chart.
   1. Review the steps or activities across the top of the chart and modify as needed.
   2. Review the roles listed along the left side of the chart and modify as needed.
2. For each activity or step across the top of the chart, assign each role a letter – O for owner of that activity or step, I for informed, or C for contributor. Use only one letter per cell.
3. Work your way across the chart. Every cell should have an entry or be left blank if it is not applicable.
4. Review the results and validate that every activity or step has an O assigned to it; there must be an owner for every activity or step.
5. Obtain signoff on the OIC Chart from stakeholders and executives as required.

Input

• A list of activities or steps to complete a project starting with requirements gathering and ending with ongoing risk management.
• A list of internal areas (departments, divisions, agencies, etc.) and stakeholders that contribute to completing a project.

Output

• Completed OCI chart indicating roles and responsibilities for the VMI and other internal areas.

Materials

• Phase 1 Tools and Templates Compendium – Tab 1.4 OIC Chart

Participants

• VMI team
• Procurement/Sourcing
• IT
• Representatives from other areas as needed
• Applicable stakeholders and executives (as needed)

Download the Info-Tech Phase 1 Tools and Templates Compendium

Phase 2 - Build

Create and configure tools, templates, and processes

This phase will walk you through the following activities:

• Configuring and creating the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan.

This phase involves the following participants:

• VMI team
• Applicable stakeholders and executives
• Human Resources
• Legal
• Others as needed

Vendor Management Initiative Basics for the Small/Medium Businesses

Phase 2 – Build

Create and configure tools, templates, and processes

Phase 2 – Build focuses on creating and configuring the tools and templates that will help you run your VMI. Vendor management is not a plug and play environment, and unless noted otherwise, the tools and templates included with this blueprint require your input and thought. The tools and templates must work in concert with your culture, values, and goals. That will require teamwork, insights, contemplation, and deliberation.

During this Phase you'll leverage the various templates and tools included with this blueprint and adapt them for your specific needs and use. In some instances, you'll be starting with mostly a blank slate; while in others, only a small modification may be required to make it fit your circumstances. However, it is possible that a document or spreadsheet may need heavy customization to fit your situation. As you create your VMI, use the included materials for inspiration and guidance purposes rather than as absolute dictates.

Step 2.1 – Classification model

Configure the COST vendor classification tool

One of the functions of a VMI is to allocate the appropriate level of vendor management resources to each vendor since not all vendors are of equal importance to your organization. While some people may be able intuitively to sort their vendors into vendor management categories, a more objective, consistent, and reliable model works best. Info-Tech's COST model helps you assign your vendors to the appropriate vendor management category so that you can focus your vendor management resources where they will do the most good.

COST is an acronym for Commodity, Operational, Strategic, and Tactical. Your vendors will occupy one of these vendor management categories, and each category helps you determine the nature of the resources allocated to that vendor, the characteristics of the relationship desired by the VMI, and the governance level used.

The easiest way to think of the COST model is as a 2 x 2 matrix or graph. The model should be configured for your environment so that the criteria used for determining a vendor's classification align with what is important to you and your organization. However, at this point in your VMI's maturation, a simple approach works best. The Classification Model included with this blueprint requires minimal configuration to get your started, and that is discussed on the activity slide associated with this Step 2.1.

Step 2.1 – Classification model (cont'd)

Configure the COST vendor classification tool

Common characteristics by vendor management category

Source: Compiled in part from Guth, Stephen. "Vendor Relationship Management Getting What You Paid for (And More)." 2015.

2.1.1 – Classification model

15 – 30 Minutes

1. Meet with the participants to configure the spend ranges in Phase 2 Vendor Classification Tool – Tab 1. Configuration for your environment.
2. Collect your vendors and their annual spend to sort by largest to lowest.
3. Update cells F14-J14 in the Classification Model based on your actual data.
   1. Cell F14 – Set the boundary at a point between the spend for your 10th and 11th ranked vendors. For example, if the 10th vendor by spend is $1,009, 850 and the 11th vendor by spend is $980,763, the range for F14 would be $1,000,00+.
   2. Cell G14 – Set the bottom of the range at a point between the spend for your 30th and 31st ranked vendors; the top of the range will be $1 less than the bottom of the range specified in F14.
   3. Cell H14 – Set the bottom of the range slightly below the spend for your 50th ranked vendor; the top of the range will be $1 less than the bottom of the range specified in G14.
   4. Cells I14 and J14 – Divide the remaining range in half and split it between the two cells; for J14 the range will be $0 to $1 less than the bottom range in I14.
4. Ignore the other variables at this time.

Input

• Phase 1 List of Vendors by Annual Spend

Output

• Configured Vendor Classification Tool

Materials

• Phase 2 Vendor Classification Tool – Tab 1. Configuration

Participants

• VMI team

Download the Info-Tech Phase 2 Vendor Classification Tool

Step 2.2 – Risk assessment tool

Identify risks to measure, monitor, and report on

One of the typical drivers of a VMI is risk management. Organizations want to get a better handle on the various risks their vendors pose. Vendor risks originate from many areas: financial, performance, security, legal, and others. However, security risk is the high-profile risk, and the one organizations often focus on almost exclusively, which leaves the organization vulnerable in other areas.

Risk management is a program, not a project; there is no completion date. A proactive approach works best and requires continual monitoring, identification, and assessment. Reacting to risks after they occur can be costly and have other detrimental effects on the organization. Any risk that adversely affects IT will adversely affect the entire organization.

While the VMI won't necessarily be quantifying or calculating the risk directly, it generally is the aggregator of risk information across the risk categories, which it then includes in its reporting function (see Steps 2.12 and 3.8).

At a minimum, your risk management strategy should involve:

• Identifying the risks you want to measure and monitor.
• Identifying your risk appetite (the amount of risk you are willing to live with).
• Measuring, monitoring, and reporting on the applicable risks.
• Developing and deploying a risk management plan to minimize potential risk impact.

Vendor risk is a fact of life, but you do have options for how to handle it. Be proactive and thoughtful in your approach, and focus your resources on what is important.

2.2.1 – Risk assessment tool

30 - 90 Minutes

1. Meet with the participants to configure the risk indicators in Phase 2 Vendor Risk Assessment Tool – Tab 1. Set parameters for your environment.
2. Review the risk categories and determine which ones you will be measuring and monitoring.
3. Review the risk indicators under each risk category and determine whether the indicator is acceptable as written, is acceptable with modifications, should be replaced, or should be deleted.
4. Make the necessary changes to the risk indicators; these changes will cascade to each of the vendor tabs. Limit the number of risk indicators to no more than seven per risk category.
5. Gain input and approval as needed from sponsors, stakeholders, and executives as required.

Input

• Scope
• OIC Chart
• Process Maps
• Brainstorming

Output

• Configured Vendor Risk Assessment Tool

Materials

• Phase 2 Vendor Risk Assessment Tool – Tab 1. Set Parameters

Participants

• VMI team

Download the Info-Tech Phase 2 Vendor Classification Tool

Step 2.3 – Scorecards and feedback

Design a two-way feedback loop with your vendors

A vendor management scorecard is a great tool for measuring, monitoring, and improving relationship alignment. In addition, it is perfect for improving communication between you and the vendor.

Conceptually, a scorecard is similar to a school report card. At the end of a learning cycle, you receive feedback on how well you do in each of your classes. For vendor management, the scorecard is also used to provide periodic feedback, but there are some nuances and additional benefits and objectives when compared to a report card.

Although scorecards can be used in a variety of ways, the focus here will be on vendor management scorecards – contract management, project management, and other types of scorecards will not be included in the materials covered in this Step 2.3 or in Step 3.4.

Step 2.3 – Scorecards and feedback (cont'd)

Design a two-way feedback loop with your vendors

Anatomy

The Info-Tech scorecard includes five areas:

• Measurement categories. Measurement categories help organize the scorecard. Limit the number of measurement categories to three to five; this allows the parties to stay focused on what's important. Too many measurement categories make it difficult for the vendor to understand the expectations.
• Criteria. The criteria describe what is being measured. Create criteria with sufficient detail to allow the reviewers to fully understand what is being measured and to evaluate it. Criteria can be objective or subjective. Use three to five criteria per measurement category.
• Measurement category weights. Not all your measurement categories may be of equal importance to you; this area allows you to give greater weight to a measurement category when compiling the overall score.
• Rating. Reviewers will be asked to assign a score to each criteria using a 1 to 5 scale.
• Comments. A good scorecard will include a place for reviewers to provide additional information regarding the rating, or other items that are relevant to the scorecard.

An overall score is calculated based on the rating for each criteria and the measurement category weights.

Step 2.3 – Scorecards and feedback (cont'd)

Design a two-way feedback loop with your vendors

Goals and objectives

Scorecards can be used for a variety of reasons. Some of the common ones are:

• Improving vendor performance.
• Conveying expectations to the vendor.
• Identifying and recognizing top vendors.
• Increasing alignment between the parties.
• Improving communication with the vendor.
• Comparing vendors across the same criteria.
• Measuring items not included in contract metrics.
• Identifying vendors for "strategic alliance" consideration.
• Helping the organization achieve specific goals and objectives.

Identifying and resolving issues before they impact performance or the relationship.

Identifying your scorecard drivers first will help you craft a suitable scorecard.

Step 2.3 – Scorecards and feedback (cont'd)

Design a two-way feedback loop with your vendors

Info-Tech recommends starting with simple scorecards to allow you and the vendors to acclimate to the new process and information. As you build your scorecards, keep in mind that internal personnel will be scoring the vendors and the vendors will be reviewing the scorecard. Make your scorecard easy for your personnel to fill out, and containing meaningful content to drive the vendor in the right direction. You can always make the scorecard more complex in the future.

Our recommendation of five categories is provided below. Choose three to five of the categories that help you accomplish your scorecard goals and objectives:

1. Timeliness – Responses, resolutions, fixes, submissions, completions, milestones, deliverables, invoices, etc.
2. Cost – Total cost of ownership, value, price stability, price increases/decreases, pricing models, etc.
3. Quality – Accuracy, completeness, mean time to failure, bugs, number of failures, etc.
4. Personnel – Skilled, experienced, knowledgeable, certified, friendly, trustworthy, flexible, accommodating, etc.
5. Risk – Adequate contractual protections, security breaches, lawsuits, finances, audit findings, etc.

Some criteria may be applicable in more than one category. The categories above should cover at least 80% of the items that are important to your organization. The general criteria listed for each category is not an exhaustive list, but most things break down into time, money, quality, people, and risk issues.

Step 2.3 – Scorecards and feedback (cont'd)

Design a two-way feedback loop with your vendors

Additional Considerations

• Even a good rating system can be confusing. Make sure you provide some examples or a way for reviewers to discern the differences between a 1, 2, 3, 4, and 5. Don't assume your "rating key" will be intuitive.
• When assigning weights, don't go lower than 10% for any measurement category. If the weight is too low, it won't be relevant enough to have an impact on the total score. If it doesn't "move the needle", don't include it.
• Final sign-off on the scorecard template should occur outside the VMI. The heavy lifting can be done by the VMI to create it, but the scorecard is for the benefit of the organization overall, and those impacted by the vendors specifically. You may end up playing arbiter or referee, but the scorecard is not the exclusive property of the VMI. Try to reach consensus on your final template whenever possible.
• You should notice improved ratings and total scores over time for your vendors. One explanation for this is the Pygmalion Effect: "The Pygmalion [E]ffect describes situations where someone's high expectations improves our behavior and therefore our performance in a given area. It suggests that we do better when more is expected of us."* Convey your expectations and let the vendors' competitive juices take over.
• While creating your scorecard and materials to explain the process to internal personnel, identify those pieces that will help you explain it to your vendors during vendor orientation (see Steps 2.6 and 3.4). Leveraging pre-existing materials is a great shortcut.

*Source: The Decision Lab, n.d.

Step 2.3 – Scorecards and feedback (cont'd)

Design a two-way feedback loop with your vendors

Vendor Feedback

After you've built your scorecard, turn your attention to the second half of the equation – feedback from the vendor. A communication loop cannot be successful without dialogue flowing both ways. While this can happen with just a scorecard, a mechanism specifically geared toward the vendor providing you with feedback improves communication, alignment, and satisfaction.

You may be tempted to create a formal scorecard for the vendor to use; avoid that temptation until later in your maturity or development of the VMI. You'll be implementing a lot of new processes, deploying new tools and templates, and getting people to work together in new ways. Work on those things first.

For now, implement an informal process for obtaining information from the vendor. Start by identifying information that you will find useful – information that will allow you to improve overall, to reduce waste or time, to improve processes, to identify gaps in skills. Incorporate these items into your business alignment meetings (see Steps 2.4 and 3.5). Create three to five good questions to ask the vendor and include these in the business alignment meeting agenda. The goal is to get meaningful feedback, and that starts with asking good questions.

Keep it simple at first. When the time is right, you can build a more formal feedback form or scorecard. Don't be in a rush; as long as the informal method works, keep using it.

2.3.1 – Scorecards and feedback

30 – 60 Minutes

1. Meet with the participants and brainstorm ideas for your scorecard measurement categories:
   1. What makes a vendor valuable to your organization?
   2. What differentiates a "good" vendor from a "bad" vendor?
   3. What items would you like to measure and provide feedback on to the vendor to improve performance, the relationship, risk, and other areas?
2. Select three, but no more than five, of the following measure categories: timeliness, cost, quality, personnel, and risk.
3. Within each measurement category, list two or three criteria that you want to measure and track for your vendors. Choose items that are as universal as possible rather than being applicable to one vendor or one vendor type.
4. Assign a weight to each measurement category, ensuring that the total weight is 100% for all measurement categories.
5. Document your results as you go in Phase 2 Tools and Templates Compendium – Tab 2.3 Scorecard.

Input

• Brainstorming

Output

• Configured Scorecard template

Materials

• Phase 2 Tools and Templates Compendium – Tab 2.3 Scorecard

Participants

• VMI team
• Applicable stakeholders and executives (as needed)

Download the Info-Tech Phase 2 Tools and Templates Compendium

2.3.2 – Scorecards and feedback

15 to 30 Minutes

1. Meet with the participants and brainstorm ideas for feedback to seek from your vendors during your business alignment meetings. During the brainstorming, identify questions to ask the vendor about your organization that will:
   1. Help you improve the relationship.
   2. Help you improve your processes or performance.
   3. Help you improve ongoing communication.
   4. Help you evaluate your personnel.
2. Identify the top five questions you want to include in your business alignment meeting agenda. (Note: you may need to refine the actual questions from the brainstorming activity before they are ready to include in your business alignment meeting agenda.)
3. Document both your brainstorming activity and your final results in Phase 2 Tools and Templates Compendium – Tab 2.3 Feedback. The brainstorming questions can be used in the future as your VMI matures and your feedback transforms from informal to formal. The results will be used in Steps 2.4 and 3.5.

Input

• Brainstorming

Output

• Feedback questions to include with the business alignment meeting agenda

Materials

• Phase 2 Tools and Templates Compendium – Tab 2.3 Feedback

Participants

• VMI team
• Applicable stakeholders and executives (as needed)

Download the Info-Tech Phase 2 Tools and Templates Compendium

Step 2.4 – Business alignment meeting agenda

Craft an agenda that meets the needs of the VMI

A business alignment meeting (BAM) is a multi-faceted tool to ensure the customer and the vendor stay focused on what is important to the customer at a high level. BAMs are not traditional operational meetings where the parties get into the details of the contracts, deal with installation problems, address project management issues, or discuss specific cost overruns. The focus of the BAM is the scorecard (see Step 2.3), but other topics are discussed, and other purposes are served. For example:

• You can use the BAM to develop the relationship with the vendor's leadership team so that if escalation is ever needed, your organization is more than just a name on a spreadsheet or customer list.
• You can learn about innovations the vendor is working on (without the meeting turning into a sales call).
• You can address high-level performance trends and request corrective action as needed.
• You can clarify your expectations.
• You can educate the vendor about your industry, culture, and organization.
• You can learn more about the vendor.

As you build your BAM Agenda, someone in your organization may say, "Oh, that's just a quarterly business review (QBR) or top-to-top meeting." In most instances, an existing QBRs or top-to-top meeting is not the same as a BAM. Using the term QBR or top-to-top meeting instead of BAM can lead to confusion internally. The VMI may say to the business unit, procurement, or another department, "We're going to start running some QBRs for our strategic vendors." The typical response is, "There's no need; we already run QBRs/top-to-top meetings with our important vendors." This may be accompanied by an invitation to join their meeting, where you may be an afterthought, have no influence, and get five minutes at the end to talk about your agenda items. Keep your BAM separate so that it meets your needs.

Step 2.4 – Business alignment meeting agenda (cont'd)

Craft an agenda that meets the needs of the VMI

As previously noted, using the term BAM more accurately depicts the nature of the VMI meeting and prevents confusion internally with other meetings already occurring. In addition, hosting the BAM yourself rather than piggybacking onto another meeting ensures that the VMI's needs are met. The VMI will set and control the BAM agenda and determine the invite list for internal personnel and vendor personnel. As you may have figured out by now, having the right customer and vendor personnel attend will be essential.

BAMs are conducted at the vendor level, not the contract level. As a result, the frequency of the BAMs will depend on the vendor's classification category (see Steps 2.1 and 3.1). General frequency guidelines are provided below, but they can be modified to meet your goals:

• Commodity vendors – Not applicable
• Operational vendors – Biannually or annually
• Strategic vendors – Quarterly
• Tactical vendors – Quarterly or biannually

BAMs can help you achieve some additional benefits not previously mentioned:

• Foster a collaborative relationship with the vendor.
• Avoid erroneous assumptions by the parties.
• Capture and provide a record of the relationship (and other items) over time.

Step 2.4 – Business alignment meeting agenda (cont'd)

Craft an agenda that meets the needs of the VMI

As with any meeting, building the proper agenda will be one of the keys to an effective and efficient meeting. A high-level BAM agenda with sample topics is set out below:

BAM Agenda

• Opening remarks
  • Welcome and introductions
  • Review of previous minutes
• Active discussion
  • Review of open issues
  • Scorecard and feedback
  • Current status of projects to ensure situational awareness by the vendor
  • Roadmap/strategy/future projects
  • Accomplishments
• Closing remarks
  • Reinforce positives (good behavior, results, and performance, value added, and expectations exceeded)
  • Recap
• Adjourn

2.4.1 – Business alignment meeting agenda

20 – 45 Minutes

1. Meet with the participants and review the sample agenda in Phase 2 Tools and Templates Compendium – Tab 2.4 BAM Agenda.
2. Using the sample agenda as inspiration and brainstorming activities as needed, create a BAM agenda tailored to your needs.
   1. Select the items from the sample agenda applicable to your situation.
   2. Add any items required based on your brainstorming.
   3. Add the feedback questions identified during Activity 2.3.2 and documented in Phase 2 Tools and Templates Compendium – Tab 2.3 Feedback.
3. Gain input and approval from sponsors, stakeholders, and executives as required or appropriate.
4. Document the final BAM agenda in Phase 2 Tools and Templates Compendium –Tab 2.4 BAM Agenda.

Input

• Brainstorming
• Phase 2 Tools and Templates Compendium – Tab 2.3 Feedback

Output

• Configured BAM agenda

Materials

• Phase 2 Tools and Templates Compendium – Tab2 .4 BAM Agenda

Participants

• VMI team
• Applicable stakeholders and executives (as needed)

Download the Info-Tech Phase 2 Tools and Templates Compendium

Step 2.5 – Relationship alignment document

Draft a document to convey important VMI information to your vendors

Throughout this blueprint, alignment is mentioned directly (e.g. business alignment meetings [Steps 2.4 and 3.3]) or indirectly implied. Ensuring you and your vendors are on the same page, have clear and transparent communication, and understand each other's expectations is critical to fostering strong relationships. One component of gaining and maintaining alignment with your vendors is the Relationship Alignment Document (RAD). Depending upon the Scope of your VMI and what your organization already has in place, your RAD will fill in the gaps on various topics.

Early in the VMI's maturation, the easiest approach is to develop a short document (1 one page) or a pamphlet (i.e. the classic trifold) describing the rules of engagement when doing business with your organization. The RAD can convey expectations, policies, guidelines, and other items. The scope of the document will depend on:

1. What you believe is important for the vendors to understand.
2. Any other similar information already provided to the vendors.

The first step to drafting a RAD is to identify what information vendors need to know to stay on your good side. You may want vendors to know about your gift policy (e.g. employees may not accept vendor gifts above a nominal value, such as a pen or mousepad). Next, compare your list of what vendors need to know and determine if the content is covered in other vendor-facing documents such as a vendor code of conduct or your website's vendor portal. Lastly, create your RAD to bridge the gap between what you want and what is already in place. In some instances, you may want to include items from other documents to reemphasize them with the vendor community.

Info-Tech Insight

The RAD can be used with all vendors regardless of classification category. It can be sent directly to the vendors or given to them during vendor orientation (see Step 3.3)

2.5.1 – Relationship alignment document

1 to 4 Hours

1. Meet with the participants and review the RAD sample and checklist in Phase 2 Tools and Templates Compendium – Tab 2.5 Relationship Alignment Doc.
2. Determine:
   1. Whether you will create one RAD for all vendors or one RAD for strategic vendors and another RAD for tactical and operational vendors; whether you will create a RAD for commodity vendors.
   2. The concepts you want to include in your RAD(s).
   3. The format for your RAD(s) – traditional, pamphlet, or other.
   4. Whether signoff or acknowledgement will be required by the vendors.
3. Draft your RAD(s) and work with other internal areas, such as Marketing to create a consistent brand for the RADS, and Legal to ensure consistent use and preservation of trademarks or other intellectual property rights and other legal issues.
4. Review other vendor-facing documents (e.g. supplier code of conduct, onsite safety and security protocols) for consistencies between them and the RAD(s).
5. Obtain signoff on the RAD(s) from stakeholders, sponsors, executives, Legal, Marketing, and others as needed.

Input

• Brainstorming
• Vendor-facing documents, policies, and procedures

Output

• Completed Relationship Alignment Document(s)

Materials

• Phase 2 Tools and Templates Compendium – Tab 2.5 Relationship Alignment Doc

Participants

• VMI team
• Marketing, as needed
• Legal, as needed

Download the Info-Tech Phase 2 Tools and Templates Compendium

Step 2.6 – Vendor orientation

Create a VMI awareness process to build bridges with your vendors

Your organization is unique. It may have many similarities with other organizations, but your culture, risk tolerance, mission, vision, and goals, finances, employees, and "customers" (those that depend on you) make it different. The same is true of your VMI. It may have similar principles, objectives, and processes to other organizations' VMIs, but yours is still unique. As a result, your vendors may not fully understand your organization and what vendor management means to you.

Vendor orientation is another means to helping you gain and maintain alignment with your important vendors, educate them on what is important to you, and provide closure when/if the relationship with the vendor ends. Vendor orientation is comprised of three components, each with a different function:

• Orientation
• Reorientation
• Debrief

Vendor orientation focuses on the vendor management pieces of the puzzle (e.g. the scorecard process) rather than the operational pieces (e.g. setting up a new vendor in the system to ensure invoices are processed smoothly).

Step 2.6 – Vendor orientation (cont'd)

Create a VMI awareness process to build bridges with your vendors

Reorientation

• Reorientation is either identical or similar to orientation, depending upon the circumstances. Reorientation occurs for several reasons, and each reason will impact the nature and detail of the reorientation content. Reorientation occurs whenever:
• There is a significant change in the vendor's products or services.
• The vendor has been through a merger, acquisition, or divestiture.
• A significant contract renewal/renegotiation has recently occurred.
• Sufficient time has passed from orientation; commonly 2 to 3 years.
• The vendor has been placed in a "performance improvement plan" or "relationship improvement plan" protocol.
• Significant turnover has occurred within your organization (executives, key stakeholders, and/or VMI personnel).
• Substantial turnover has occurred at the vendor at the executive or account management level.
• The vendor has changed vendor classification categories after the most current classification.
• As the name implies, the goal is to refamiliarize the vendor with your current VMI situation, governances, protocols, and expectations. The drivers for reorientation will help you determine the reorientation's scope, scale, and frequency.

Step 2.6 – Vendor orientation (cont'd)

Create a VMI awareness process to build bridges with your vendors

Debrief

To continue the analogy from orientation, debrief is like an exit interview for an employee when their employment is terminated. In this case, debrief occurs when the vendor is no longer an active vendor with your organization - all contracts have terminated or expired, and no new business with the vendor is anticipated within the next three months.

Similar to orientation and reorientation, debrief activities will be based on the vendor's classification category within the COST model. Strategic vendors don't go away very often; usually, they transition to operational or tactical vendors first. However, if a strategic vendor is no longer providing products or services to you, dig a little deeper into their experiences and allocate extra time for the debrief meeting.

The debrief should provide you with feedback on the vendor's experience with your organization and their participation in your VMI. Additionally, it can provide closure for both parties since the relationship is ending. Be careful that the debrief does not turn into a finger-pointing meeting or therapy session for the vendor. It should be professional and productive; if it is going off the rails, terminate the meeting before more damage can occur.

End the debrief on a high note if possible. Thank the vendor, highlight its key contributions, and single out any personnel who went above and beyond. You never know when you will be doing business with this vendor again – don't burn bridges!

Step 2.6 – Vendor orientation (cont'd)

Create a VMI awareness process to build bridges with your vendors

As you create your vendor orientation materials, focus on the message you want to convey.

• For orientation and reorientation:
  • What is important to you that vendors need to know?
  • What will help the vendors understand more about your organization and your VMI?
  • What and how are you different from other organizations overall, and in your "industry"?
  • What will help them understand your expectations?
  • What will help them be more successful?
  • What will help you build the relationship?
• For debrief:
  • What information or feedback do you want to obtain?
  • What information or feedback to you want to give?

The level of detail you provide strategic vendors during orientation and reorientation may be different from the information you provide tactical and operational vendors. Commodity vendors are not typically involved in the vendor orientation process. The orientation meetings can be conducted on a one-to-one basis for strategic vendors and a one-to-many basis for operational and tactical vendors; reorientation and debrief are best conducted on a one-to-one basis. Lastly, face-to-face or video meetings work best for vendor orientation; voice-only meetings, recorded videos, or distributing only written materials seldom hit their mark or achieve the desired results.

Step 2.7 – Three-year roadmap

Plot your path at a high level

1. The VMI exists in many planes concurrently:
2. It operates both tactically and strategically.

It focuses on different timelines or horizons (e.g., the past, the present, and the future). Creating a three-year roadmap facilitates the VMI's ability to function effectively across these multiple landscapes.

The VMI roadmap will be influenced by many factors. The work product from Phase 1 – Plan, input from executives, stakeholders, and internal clients, and the direction of the organization are great sources of information as you begin to build your roadmap.

To start, identify what you would like to accomplish in year 1. This is arguably the easiest year to complete: budgets are set (or you have a good idea what the budget will look like), personnel decisions have been made, resources have been allocated, and other issues impacting the VMI are known with a higher degree of certainty than any other year. This does not mean things won't change during the first year of the VMI, but expectations are usually lower, and the short event horizon makes things more predictable during the year-1 ramp-up period.

Years 2 and 3 are more tenuous, but the process is the same: identify what you would like to accomplish or roll out in each year. Typically, the VMI maintains the year-1 plan into subsequent years and adds to the scope or maturity. For example, you may start year 1 with BAMs and scorecards for three of your strategic vendors; during year 2, you may increase that to five vendors; and during year 3, you may increase that to nine vendors. Or, you may not conduct any market research during year 1, waiting to add it to your roadmap in year 2 or 3 as you mature.

Breaking things down by year helps you identify what is important and the timing associated with your priorities. A conservative approach is recommended. It is easy to overcommit, but the results can be disastrous and painful.

2.7.1 – Three-year roadmap

45 – 90 Minutes

1. Meet with the participants and decide how to coordinate year 1 of your three-year roadmap with your existing fiscal year or reporting year. Year 1 may be shorter or longer than a calendar year.
2. Review the VMI activities listed in Phase 2 Tools and Templates Compendium – Tab 2.7 Three-year roadmap. Use brainstorming and your prior work product from Phase 1 and Phase 2 to identify additional items for the roadmap and add them at the bottom of the spreadsheet.
3. Starting with the first activity, determine when that activity will begin and put an X in the corresponding column; if the activity is not applicable, leave it blank or insert N/A.
4. Go back to the top of the list and add information as needed.
   1. For any year-1 or year-2 activities, add an X in the corresponding columns if the activity will be expanded/continued in subsequent periods (e.g., if a Year 2 activity will continue in year 3, put an X in year 3 as well).
   2. Use the comments column to provide clarifying remarks or additional insights related to your plans or "X's". For example, "Scorecards begin in year 1 with three vendors and will roll out to five vendors in year 2 and nine vendors in year 3."
5. Obtain signoff from stakeholders, sponsors, and executives as needed.

Input

• Phase 1 work product
• Steps 2.1 – 2.6 work product
• Brainstorming

Output

• High level three-year roadmap for the VMI

Materials

• Phase 2 Tools and Templates Compendium – Tab 2.7 Three-Year Roadmap

Participants

• VMI team
• Applicable stakeholders and executives (as needed)

Download the Info-Tech Phase 2 Tools and Templates Compendium

Step 2.8 – 90-day plan

Pave your short-term path with a series of detailed quarterly plans

Now that you have prepared a three-year roadmap, it's time to take the most significant elements from the first year and create action plans for each three-month period. Your first 90-day plan may be longer or shorter if you want to sync to your fiscal or calendar quarters. Aligning with your fiscal year can make it easier for tracking and reporting purposes; however, the more critical item is to make sure you have a rolling series of four 90-day plans to keep you focused on the important activities and tasks throughout the year.

The 90-day plan is a simple project plan that will help you measure, monitor, and report your progress. Use the Info-Tech tool to help you track:

Activities.

• Tasks comprising each activity.
• Who will be performing the tasks.
• An estimate of the time required per person per task.
• An estimate of the total time to achieve the activity.
• A due date for the activity.
• A priority of the activity.

The first 90-day plan will have the greatest level of detail and should be as thorough as possible; the remaining three 90-day plans will each have less detail for now. As you approach the middle of the first 90-day plan, start adding details to the next 90-day plan; toward the end of the first quarter add a high-level 90-day plan to the end of the chain. Continue repeating this cycle each quarter and consult the three-year roadmap and the leadership team, as necessary.

2.8.1 – 90-day plan

45 – 90 Minutes

1. Meet with the participants and decide how to coordinate the first "90-day" plan with your existing fiscal year or reporting cycles. Your first plan may be shorter or longer than 90 days.
2. Looking at the year-1 section of the three-year roadmap, identify the activities that will be started during the next 90 days.
3. Using the Phase 2 Tools and Templates Compendium – Tab 2.8 90-Day Plan, enter the following information into the spreadsheet for each activity to be accomplished during the next 90 days:
   1. Activity description.
   2. Tasks required to complete the activity (be specific and descriptive).
   3. The people who will be performing each task.
   4. The estimated number of hours required to complete each task.
   5. The start date and due date for each task or the activity.
4. Validate the tasks are a complete list for each activity and the people performing the tasks have adequate time to complete the tasks by the due date(s).
5. Assign a priority to each Activity.

Input

• Three-Year Roadmap
• Phase 1 work product
• Steps 2.1 – 2.7 work product
• Brainstorming

Output

• Detailed plan for the VMI for the next quarter or "90" days

Materials

• Phase 2 Tools and Templates Compendium – Tab 2.8 90-Day Plan

Participants

• VMI team
• Applicable stakeholders and executives (as needed)

Download the Info-Tech Phase 2 Tools and Templates Compendium

Step 2.9 – Quick wins

Identify potential short-term successes to gain momentum and show value immediately

As the final step in the timeline trilogy, you are ready to identify some quick wins for the VMI. Using the first 90-day plan and a brainstorming activity, create a list of things you can do in 15 to 30 days that add value to your initiative and build momentum.

As you evaluate your list of potential candidates, look for things that:

• Are achievable within the stated timeline.
• Don't require a lot of effort.
• Involve stopping a certain process, activity, or task; this is sometimes known as a "stop doing stupid stuff" approach.
• Will reduce or eliminate inefficiencies; this is sometimes known as the war on waste.
• Have a moderate to high impact or bolster the VMI's reputation.

As you look for quick wins, you may find that everything you identify does not meet the criteria. That's okay; don't force the issue. Return your focus to the 90-day plan and three-year roadmap and update those documents if the brainstorming activity associated with Step 2.9 identified anything new.

2.9.1 – Quick wins

15 - 30 Minutes

1. Meet with the participants and review the three-year roadmap and 90-day plan. Determine if any item on either document can be completed:
   1. Quickly (30 days or less).
   2. With minimal effort.
   3. To provide or show moderate to high levels of value or provide the VMI with momentum.
2. Brainstorm to identify any other items that meet the criteria in step 1 above.
3. Compile a comprehensive list of these items and select up to five to pursue.
4. Document the list in the Phase 2 Tools and Templates Compendium – Tab 2.9 Quick Wins.
5. Manage the quick wins list and share the results with the VMI team and applicable stakeholders and executives.

Input

• Three-Year Roadmap
• 90-Day Plan
• Brainstorming

Output

• A list of activities that require low levels of effort to achieve moderate to high levels of value in a short period

Materials

• Phase 2 Tools and Templates Compendium – Tab 2.9 Quick Wins

Participants

• VMI team

Download the Info-Tech Phase 2 Tools and Templates Compendium

Step 2.10 – Reports

Construct your reports to resonate with your audience

Issuing reports is a critical piece of the VMI since the VMI is a conduit of information for the organization. It may be aggregating risk data from internal areas, conducting vendor research, compiling performance data, reviewing market intelligence, or obtaining relevant statistics, feedback, comments, facts, and figures from other sources. Holding onto this information minimizes the impact a VMI can have on the organization; however, the VMI's internal clients, stakeholders, and executives can drown in raw data and ignore it completely if it is not transformed into meaningful, easily-digested information.

Before building a report, think about your intended audience:

• What information are they looking for? What will help them understand the big picture?
• What level of detail is appropriate, keeping in mind the audience may not be like-minded?
• What items are universal to all the readers and what items are of interest to one or two readers?
• How easy or hard will it be to collect the data? Who will be providing it, and how time consuming will it be?
• How accurate, valid, and timely will the data be?
• How frequently will each report need to be issued?

Step 2.10 – Reports (cont'd)

Construct your reports to resonate with your audience

Use the following guidelines to create reports that will resonate with your audience:

• Value information over data, but sometimes data does have a place in your report.
• Use pictures, graphics, and other representations more than words, but words are often necessary in small, concise doses.
• Segregate your report by user; for example, general information up top, CIO information below that on the right, CFO information to the left of CIO information, etc.
• Send a draft report to the internal audience and seek feedback, keeping in mind you won't be able to cater to or please everyone.

2.10.1 – Reports

15 – 45 Minutes

1. Meet with the participants and review the applicable work product from Phase 1 and Phase 2; identify qualitative and quantitative items the VMI measures, monitors, tracks, or aggregates.
2. Determine which items will be reported and to whom (by category):
   1. Internally to personnel within the VMI.
   2. Internally to personnel outside the VMI.
   3. Externally to vendors.
3. Within each category above, determine your intended audiences/recipients. For example, you may have a different list of recipients for a risk report than you do a scorecard summary report. This will help you identify the number of reports required.
4. Create a draft structure for each report based on the audience and the information being conveyed. Determine the frequency of each report and person responsible for creating for each report.
5. Document your final choices in Phase 2 Tools and Templates Compendium – Tab 2.10 Reports.

Input

• Brainstorming
• Phase 1 work product
• Steps 2.1 – 2.11 work product

Output

• A list of reports used by the VMI
• For each report
  • The conceptual content
  • A list of who will receive or have access
  • A creation/distribution frequency

Materials

• Phase 2 Tools and Templates Compendium – Tab 2.10 Reports

Participants

• VMI team
• Applicable stakeholders and executives (as needed)

Download the Info-Tech Phase 2 Tools and Templates Compendium

Phase 3 - Run

Implement your processes and leverage your tools and templates

This phase will walk you through the following activity:

• Beginning to operate the VMI. The main outcomes from this phase are guidance and the steps required to initiate your VMI.

This phase involves the following participants:

• VMI team
• Applicable stakeholders and executives
• Others as needed

Vendor Management Initiative Basics for the Small/Medium Businesses

Phase 3 – Run

Implement your processes and leverage your tools and templates

All the hard work invested in Phase 1 – Plan and Phase 2 – Build begins to pay off in Phase 3 – Run. It's time to stand up your VMI and ensure that the proper level of resources is devoted to your vendors and the VMI itself. There's more hard work ahead, but the foundational elements are in place. This doesn't mean there won't be adjustments and modifications along the way, but you are ready to use the tools and templates in the real world; you are ready to begin reaping the fruits of your labor.

Phase 3 – Run guides you through the process of collecting data, monitoring trends, issuing reports, and conducting effective meetings to:

• Manage risk better.
• Improve vendor performance.
• Improve vendor relationships.
• Identify areas where the parties can improve.
• Improve communication between the parties.
• Increase the value proposition with your vendors.

Step 3.1 – Classify vendors

Begin classifying your top 25 vendors by spend

Step 3.1 sets the table for many of the subsequent steps in Phase 3 – Run. The results of your classification process will determine which vendors go through the scorecarding process (Step 3.2); which vendors participate in BAMs (Step 3.3), and which vendors you will devote relationship-building resources to (Step 3.6).

As you begin classifying your vendors, Info-Tech recommends using an iterative approach initially to validate the results from the classification model you configured in Step 2.1.

1. Identify your top 25 vendors by spend.
2. Run your top 10 vendors by spend through the classification model and review the results.
   1. If the results are what you expected and do not contain any significant surprises, go to 3. on the next page.
   2. If the results are not what you expected or do contain significant surprises, look at the configuration page of the tool (Tab 1) and adjust the weights or the spend categories slightly. Be cautious in your evaluation of the results before modifying the configuration page - some legitimate results are unexpected, or are surprises based on bias. If you modify the weighting, review the new results and repeat your evaluation. If you modify the spend categories, review the answers on the vendor tabs to ensure that the answers are still accurate; review the new results and repeat your evaluation.

Step 3.1 – Classify vendors (cont'd)

Review your results and adjust the classification tool as needed

3. Run your top 11-through-25 vendors by spend through the classification model and review the results. Identify any unexpected results. Determine if further configuration makes sense and repeat the process outlined in 2.b., previous page, as necessary. If no further modifications are required, continue to 4., below.
4. Share the preliminary results with the leadership team, executives, and stakeholders to obtain their approval or adjustments to the results.
   1. They may have questions and want to understand the process before approving the results.
   2. They may request that you move a vendor from one quadrant to another based on your organization's roadmap, the vendor's roadmap, or other information not available to you.
5. Identify the vendors that will be part of the VMI at this stage – how many and which ones. Based on this number and the VMI's scope (Step 1.2), make sure you have the resources necessary to accommodate the number of vendors participating in the VMI. Proceed cautiously and gradually increase the number of vendors participating in the VMI.

Step 3.1 – Classify vendors (cont'd)

Finalize the results and update VMI tools and templates

6. Update the vendor inventory tool (Step 1.7) to indicate the current classification status for the top 25 vendors by spend. Once your vendors have been classified, you can sort the vendor inventory tool by classification status to see all the vendors in that category at once.
7. Review your three-year roadmap (Step 2.9) and 90-day plans (Step 2.6) to determine if any modifications are needed to the activities and timelines.

Additional classification considerations:

• You should only have a few vendors that fit in the strategic category. As a rough guideline, no more than 5% to 10% of your IT vendors should end up in the strategic category. If you have many vendors, even 5% may be too many. the classification model is an objective start to the classification process, but common sense must prevail over the "math" at the end of the day.
• At this point, there is no need to go beyond the top 25 by spend. Most VMIs starting out can't handle more than three to five strategic vendors initially. Allow the VMI to run a pilot program with a small sample size, work out any bugs, make adjustments, and then ramp up the VMI's rollout in waves. Vendors can be added quarterly, biannually, or annually, depending upon the desired goals and available resources.

Step 3.1 – Classify vendors (cont'd)

Align your vendor strategy to your classification results

As your VMI matures, additional vendors will be part of the VMI. Review the table below and incorporate the applicable strategies into your deployment of vendor management principles over time. Stay true to your mission, goals, and scope, and remember that not all your vendors are of equal importance.

Step 3.1 – Classify vendors (cont'd)

Be careful when using the word "partner" with your strategic and other vendors

For decades, vendors have used the term "partner" to refer to the relationship they have with their clients and customers. This is often an emotional ploy used by the vendors to get the upper hand. To fully understand the terms "partner" and "partnership", let's evaluate them through two more objective, less cynical lenses.

If you were to talk to your in-house or outside legal counsel, you may be told that partners share in profits and losses, and they have a fiduciary obligation to each other. Unless there is a joint venture between the parties, you are unlikely to have a partnership with a vendor from this perspective.

What about a "business" partnership — one that doesn't involve sharing profits and losses? What would that look like? Here are some indicators of a business partnership (or preferably a strategic alliance):

• Trust and transparent communication exist.
• You have input into the vendor's roadmap for products and services.
• The vendor is aligned with your desired outcomes and helps you achieve success.
• You and the vendor are accountable for actions and inactions, with both parties being at risk.
• There is parity in the peer-to-peer relationships between the organizations (e.g. C-Level to C-Level).
• The vendor provides transparency in pricing models and proactively suggests ways for you to reduce costs.
• You and the vendor work together to make each party better, providing constructive feedback on a regular basis.
• The vendor provides innovative suggestions for you to improve your processes, performance, the bottom line, etc.
• Negotiations are not one-sided; they are meaningful and productive, resulting in an equitable distribution of money and risk.

Step 3.1 – Classify vendors (cont'd)

Understand the implications and how to leverage the words "partner" and "partnership"

By now you might be thinking, "What's all the fuss? Why does it matter?" At Info-Tech, we've seen firsthand how referring to the vendor as a partner can have the following impact:

• Confidences are disclosed unnecessarily.
• Negotiation opportunities and leverage are lost.
• Vendors no longer have to earn the customer's business.
• Vendor accountability is missing due to shared responsibilities.
• Competent skilled vendor resources are assigned to other accounts.
• Value erodes over time since contracts are renewed without being competitively sourced.
• One-sided relationships are established, and false assurances are provided at the highest levels within the customer organization.

Proceed with caution when using partner or partnership with your vendors. Understand how your organization benefits from using these terms and mitigate the negatives outlined above by raising awareness internally to ensure people understand the psychology behind the terms. Finally, use the term to your advantage when warranted by referring to the vendor as a partner when you want or need something that the vendor is reluctant to provide. Bottom line: be strategic in how you refer to vendors and know the risks.

Step 3.2 – Compile scorecards

Begin scoring your top vendors

The scorecard process typically is owned and operated by the VMI, but the actual rating of the criteria within the measurement categories is conducted by those with day-to-day interactions with the vendors, those using or impacted by the services and products provided by the vendors, and those with the skills to research other information on the scorecard (e.g. risk). Chances are one person will not be able to complete an entire scorecard by themselves. As a result, the scorecard process is a team sport comprised of sub-teams where necessary.

The VMI will compile the scores, calculate the final results, and aggregate all the comments into one scorecard. There are two common ways to approach this task:

1. Send out the scorecard template to those who will be scoring the vendor and ask them to return it when completed, providing them with a due date a few days before you need it; you'll need time to compile, calculate, and aggregate.
2. Invite those who will be scoring the vendor to a meeting and let the contributors use that time to score the vendors; make VMI team members available to answer questions and facilitate the process.

Step 3.2 – Compile scorecards (cont'd)

Gather input from stakeholders and others impacted by the vendors

Since multiple people will be involved in the scorecarding process or have information to contribute, the VMI will have to work with the reviewers to ensure he right mix of data is provided. For example:

• If you are tracking lawsuits filed by or against the vendor, one person from Legal may be able to provide that, but they may not be able to evaluate any other criteria on the scorecard.
• If you are tracking salesperson competencies, multiple people from multiple areas may have valuable insights.
• If you are tracking deliverable timeliness, several project managers may want to contribute across several projects.

Where one person is contributing exclusively to limited criteria, make it easy for them to identify the criteria they are to evaluate. When multiple people from the same functional area will provide insights, they can contribute individually (and the VMI will average their responses) or they can respond collectively after reaching consensus as a group.

After the VMI has compiled, calculated, and aggregated, share the results with executives, impacted stakeholders, and others who will be attending the BAM for that vendor. Depending upon the comments provided by internal personnel, you may need to create a sanitized version of the scorecard for the vendor.

Make sure your process timeline has a buffer built in. You'll be sending the final scorecard to the vendor three to five days before the BAM, and you'll need some time to assemble the results. The scorecarding process can be perceived as a low-priority activity for people outside of the VMI, and other "priorities" will arise for them. Without a timeline buffer, the VMI may find itself behind schedule and unprepared, due to things beyond its control.

Step 3.3 – Conduct business alignment meetings

Determine which vendors will participate and how long the meetings will last

At their core, BAMs aren't that different from any other meeting. The basics of running a meeting still apply, but there are a few nuances that apply to BAMs. Set out below are leading practices for conducing your BAMs; adapt them to meet your needs and suit your environment.

Who

Initially, BAMs are conducted with the strategic vendors in your pilot program. Over time you'll add vendors until all your strategic vendors are meeting with you quarterly. After that, roll out the BAMs to those tactical and operational vendors located close to the strategic quadrant in the classification model (Steps 2.1 and 3.1) and as VMI resources allow. It may take several years before you are holding regular BAMs with all your strategic, tactical, and operational vendors.

Duration

Keep the length of your meetings reasonable. The first few with a vendor may need to be 60 to 90 minutes long. After that, you should be able to trim them to 45 minutes to 60 minutes. The BAM does not have to fill the entire time. When you are done, you are done.

Step 3.3 – Conduct business alignment meetings (cont'd)

Identify who will be invited and send out invitations

Invitations

Set up a recurring meeting whenever possible. Changes will be inevitable but keeping the timeline regular works to your advantage. Also, the vendors included in your initial BAMs won't change for twelve months. For the first BAM with a vendor, provide adequate notice; four weeks is usually sufficient, but calendars will fill up quickly for the main attendees from the vendor. Treat the meeting as significant and make sure your invitation reflects this. A simple meeting request will often be rejected, treated as optional, or ignored completely by the vendor's leadership team (and maybe yours as well!).

Invitees

Internal invitees should include those with a vested interest in the vendor's performance and the relationship. Other functional areas may be invited based on need or interest. Be careful the attendee list doesn't get too big. Based on this, internal BAM attendees often include representatives from IT, Sourcing/Procurement, and the applicable business units. At times, Finance and Legal are included.

From the vendor's side, strive to have decision makers and key leaders attend. The salesperson/account manager is often included for continuity, but a director or vice president of sales will have more insights and influence. The project manager is not needed at this meeting due to the nature of the meeting and its agenda; however, a director or vice president from the product or service delivery area is a good choice. Bottom line: get as high into the vendor's organization as possible whenever possible; look at the types of contracts you have with that vendor to provide guidance on the type of people to invite.

Step 3.3 – Conduct business alignment meetings (cont'd)

Prepare for the Meetings and Maintain Control

Preparation

Send the scorecard and agenda to the vendor five days prior to the BAM. The vendor should provide you with any information you require for the meeting five days prior, as well.

Decide who will run the meeting. Some customers like to lead, and others let the vendor present. How you craft the agenda and your preferences will dictate who runs the show.

Make sure the vendor knows what materials they should bring to the meeting or have access to. This will relate to the agenda and any specific requests listed under the discussion points. You don't want the vendor to be caught off guard and unable to discuss a matter of importance to you.

Running the BAM

Regardless of which party leads, make sure you manage the agenda to stay on topic. This is your meeting – not the vendor's, not IT's, not Procurement's or Sourcing's. Don't let anyone hijack it.

Make sure someone is taking notes. If you are running this virtually, consider recording the meeting. Check with your legal department first for any concerns, notices, or prohibitions that may impact your recording the session.

Remember, this is not a sales call, and it is not a social activity. Innovation discussions are allowed and encouraged, but that can quickly devolve into a sales presentation. People can be friendly toward one another, but the relationship building should not overwhelm the other purposes.

Step 3.3 – Conduct business alignment meetings (cont'd)

Follow these additional guidelines to maximize your meetings

More leading practices

• Remind everyone that the conversation may include items covered by various confidentiality provisions or agreements.
• Publish the meeting minutes on a timely basis (within 48 hours).
• Focus on the bigger picture by looking at trends over time; get into the details only when warranted.
• Meet internally immediately beforehand to prepare – don't go in cold. Review the agenda and the roles and responsibilities for the attendees.
• Physical meetings are better than virtual meetings, but travel constraints, budgets, and pandemics may not allow for physical meetings.

Final thoughts

• When performance or the relationship is suffering, be constructive in your feedback and conversations rather than trying to assign blame; lead with the carrot rather than the stick.
• Look for collaborative solutions whenever possible and avoid referencing the contract if possible. Communicate your willingness to help resolve outstanding issues.
• Use inclusive language and avoid language that puts the vendor on the defensive.
• Make sure that your meetings are not focused exclusively on the negative, but don't paint a rosy picture where one doesn't exist.
• A vendor that is doing well should be commended. This is an important part of relationship building.

Step 3.4 – Work the 90-day plan

Monitor your progress and share your results

Having a 90-day plan is a good start, but assuming the tasks on the plan will be accomplished magically or without any oversight can lead to failure. While it won't take a lot of time to work the plan, following a few basic guidelines will help ensure the 90-day plan gets results and wasn't created in vain.

1. Measure and track your progress against the initial/current 90-day plan at least weekly; with a short timeline, any delay can have a huge impact.
2. If adjustments are needed to any elements of the plan, understand the cause and the impact of those adjustments before making them.
3. Make adjustments ONLY when warranted. The temptation will be to push activities and tasks further out on the timeline (or to the next 90-day plan!) when there is any sort of hiccup along the way, especially when personnel outside the VMI are involved. Hold true to the timeline whenever possible; once you start slipping, it often becomes a habit.
4. Report on progress every week and hold people accountable for their assignments and contributions.
5. Take the 90-day plan seriously and treat it as you would any significant project. This is part of the VMI's branding and image.

Step 3.5 – Manage the three-year roadmap

Keep an eye on the future since it will feed the present

The three-year roadmap is a great planning tool, but it is not 100% reliable. There are inherent flaws and challenges. Essentially, the roadmap is a set of three "crystal balls" attempting to tell you what the future holds. The vision for year 1 may be clear, but for each subsequent year, the crystal ball becomes foggier. In addition, the timeline is constantly changing; before you know it, tomorrow becomes today and year 2 becomes year 1.

To help navigate through the roadmap and maximize its potential, follow these principles:

• Manage each year of the roadmap differently.
  • Review the year-1 map each quarter to update your 90-day plans (See steps 2.10 and 3.4).
  • Review the year-2 map every six months to determine if any changes are necessary. As you cycle through this, your vantage point of year 2 will be 6 months or 12 months away from the beginning of year 2, and time moves quickly.
  • Review the year-3 map annually, and determine what needs to be added, changed, or deleted. Each time you review year 3, it will be a "new" year 3 that needs to be built.
• Analyze the impact on the proposed modifications from two perspectives: 1) What is the impact if a requested modification is made? 2) What is the impact if a requested modification is not made?
• Validate all modifications with leadership and stakeholders before updating the three-year roadmap to ensure internal alignment.

Step 3.6 – Develop/improve vendor relationships

Drive better performance through better relationships

One of the key components of a VMI is relationship management. Good relationships with your vendors provide many benefits for both parties, but they don't happen by accident. Do not assume the relationship will be good or is good merely because your organization is buying products and services from a vendor.

In many respects, the VMI should mirror a vendor's sales organization by establishing relationships at multiple levels within the vendor organizations, not just with the salesperson or account manager. Building and maintaining relationships is hard work, but the return on investment makes it worthwhile.

Business relationships are comprised of many components, not all of which must be present to have a great relationship. However, there are some essential components. Whether you are trying to develop, improve, or maintain a relationship with a vendor, make sure you are conscious of the following:

• Focusing your energies on strategic vendors first and then tactical and operational vendors.
• Being transparent and honest in your communications.
• Continuously building trust by being responsive and honoring commitments (timely).
• Creating a collaborative environment and build upon common ground.
• Thanking the vendor when appropriate.
• Resolving disputes early, avoiding the "blame game", and being objective when there are disagreements.

Phase 4 - Review

Keep your VMI up to date and running smoothly

This phase will walk you through the following activity:

• Helping the VMI identify what it should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.

This phase involves the following participants:

• VMI team
• Applicable stakeholders and executives
• Others as needed

Vendor Management Initiative Basics for the Small/Medium Businesses

Phase 4 – Review

Keep your VMI up to date and running smoothly

As the adage says, "The only thing constant in life is change." This is particularly true for your VMI. It will continue to mature, people inside and outside of the VMI will change, resources will expand or contract from year to year, your vendor base will change. As a result, your VMI needs the equivalent of a physical every year. In place of bloodwork, x-rays, and the other paces your physician may put you through, you'll assess compliance with your policies and procedures, incorporate leading practices, leverage lessons learned, maintain internal alignment, and update governances.

Be thorough in your actions during this Phase to get the most out of it. It requires more than the equivalent of gauging a person's health by taking their temperature, measuring their blood pressure, and determining their body mass index. Keeping your VMI up-to-date and running smoothly takes hard work.

Some of the items presented in this Phase require an annual review; others may require quarterly review or timely review (i.e. when things are top of mind and current). For example, collecting lessons learned should happen on a timely basis rather than annually, and classifying your vendors should occur annually rather than every time a new vendor enters the fold.

Ultimately, the goal is to improve over time and stay aligned with other areas internally. This won't happen by accident. Being proactive in the review of your VMI further reinforces the nature of the VMI itself – proactive vendor management, not reactive!

Step 4.1 – Incorporate leading practices

Identify and evaluate what external VMIs are doing

The VMI's world is constantly shifting and evolving. Some changes will take place slowly, while others will occur quickly. Think about how quickly the cloud environment has changed over the past five years versus the 15 years before that; or think about issues that have popped up and instantly altered the landscape (we're looking at you COVID and ransomware). As a result, the VMI needs to keep pace, and one of the best ways to do that is to incorporate leading practices.

At a high level, a leading practice is a way of doing something that is better at producing a particular outcome or result or performing a task or activity than other ways of proceeding. The leading practice can be based on methodologies, tools, processes, procedures, and other items. Leading practices change periodically due to innovation, new ways of thinking, research, and other factors. Consequently, a leading practice is to identify and evaluate leading practices each year.

Step 4.1 – Incorporate leading practices (cont'd)

Update your VMI based on your research

• A simple approach for incorporating leading practices into your regular review process is set out below:
• Research:
  • What other VMIs in your industry are doing.
  • What other VMIs outside your industry are doing.
  • Vendor management in general.
• Based on your results, list specific leading practices others are doing that would improve your VMI (be specific – e.g. other VMIs are incorporating risk into their classification process).
• Evaluate your list to determine which of these potential changes fit or could be modified to fit your culture and environment.
• Recommend the proposed changes to leadership (with a short business case or explanation/justification, as needed) and gain approval.

Remember: Leading practices or best practices may not be what is best for you. In some instances, you will have to modify them to fit in your culture and environment; in other instances, you will elect not to implement them at all (in any form).

Step 4.2 – Leverage lessons learned

Tap into the collective wisdom and experience of your team members

There are many ways to keep your VMI running smoothly, and creating a lessons learned library is a great complement to the other ways covered in this Phase 4 - Review. By tapping into the collective wisdom of the team and creating a safe feedback loop, the VMI gains the following benefits:

• Documented institutional wisdom and knowledge normally found only in the team members' brains.
• The ability for one team member to gain insights and avoid mistakes without having to duplicate the events leading to the insights or mistakes.
• Improved methodologies, tools, processes, procedures, skills, and relationships.

Many of the processes raised in this Phase can be performed annually, but a lessons learned library works best when the information is deposited in a timely manner. How you choose to set up your lessons learned process will depend on the tools you select and your culture. You may want to have regular input meetings to share the lessons as they are being deposited, or you may require team members to deposit lessons learned on a regular basis (within a week after they happen, monthly, or quarterly). Waiting too long can lead to vague or lost memories and specifics; timeliness of the deposits is a crucial element.

Step 4.2 – Leverage lessons learned (cont'd)

Create a library to share valuable information across the team

Lessons learned are not confined to identifying mistakes or dissecting bad outcomes. You want to reinforce good outcomes, as well. When an opportunity for a lessons-learned deposit arises, identify the following basic elements:

• A brief description of the situation and outcome.
• What went well (if anything) and why did it go well?
• What didn't go well (if anything) and why didn't it go well?
• What would/could you do differently next time?
• A synopsis of the lesson(s) learned.

Info-Tech Insights

The lessons learned library needs to be maintained. Irrelevant material needs to be culled periodically, and older or duplicate material may need to be archived.

the lessons learned process should be blameless. The goal is to share insightful information, not to reward or punish people based on outcomes or results.

Step 4.3 – Maintain internal alignment

Review the plans of other internal areas to stay in sync

Maintaining internal alignment is essential for the ongoing success of the VMI. Over time, it is easy to lose sight of the fact that the VMI does not operate in a vacuum; it is an integral component of a larger organization whose parts must work well together to function optimally. Focusing annually on the VMI's alignment within the enterprise helps reduce any breakdowns that could derail the organization.

To ensure internal alignment:

• Review the key components of the applicable materials from Phase 1 - Plan and Phase 2 - Build with the appropriate members of the leadership team (e.g. executives, sponsors, and stakeholders). Not every item from those Phases and Steps needs to be reviewed but err on the side of caution for the first set of alignment discussions, and be prepared to review each item. You can gauge the audience's interest on each topic and move quickly when necessary or dive deeper when needed. Identify potential changes required to maintain alignment.
• Review the strategic plans (e.g. 1-, 3-, and 5- year plans) for various portions of the organization if you have access to them or gather insights if you don't have access.
  • If the VMI is under the IT umbrella, review the strategic plans for IT and its departments.
  • Review the strategic plans for the areas the VMI works with (e.g. Procurement, Business Units).
  • The organization itself.
• Create and vet a list of modifications to the VMI and obtain approval.
• Develop a plan for making the necessary changes.

Summary of Accomplishment

Problem solved

Vendor management is a broad, often overwhelming, comprehensive spectrum that encompasses many disciplines. By now, you should have a great idea of what vendor management can or will look like in your organization. Focus on the basics first: Why does the VMI exist and what does it hope to achieve? What is it's scope? What are the strengths you can leverage, and what obstacles must you manage? How will the VMI work with others? From there, the spectrum of vendor management will begin to clarify and narrow.

Leverage the tools and templates from this blueprint and adapt them to your needs. They will help you concentrate your energies in the right areas and on the right vendors to maximize the return on your organization's investment in the VMI of time, money, personnel, and other resources. You may have to lead by example internally and with your vendors at first, but they will eventually join you on your path if you stay true to your course.

At the heart of a good VMI is the relationship component. Don't overlook its value in helping you achieve your vendor management goals. The VMI does not operate in a vacuum, and relationships (internal and external) will be critical.

Lastly, seek continual improvement from the VMI and from your vendors. Both parties should be held accountable, and both parties should work together to get better. Be proactive in your efforts, and you, the VMI, and the organization will be rewarded.

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop

Contact your account representative for more information

workshops@infotech.com
1-888-670-8889

Related Info-Tech Research

Prepare for Negotiations More Effectively
Don't leave negotiation preparations and outcomes to chance. Learn how to prepare for negotiations more effectively and improve your results.

Understand Common IT Contract Provisions to Negotiate More Effectively
Info-Tech's guidance and insights will help you navigate the complex process of contract review and identify the key details necessary to maximize the protections for your organization.

Capture and Market the ROI of Your VMO
Calculating the impact or value of a vendor management office (VMO) can be difficult without the right framework and tools. Let Info-Tech's tools and templates help you account for the contributions made by your VMO.

Bibliography

Slide 5 – ISG Index 4Q 2021, Information Services Group, Inc., 2022.

Slide 6 – ISG Index 4Q 2021, Information Services Group, Inc., 2022.

Slide 7 – Geller & Company. "World-Class Procurement — Increasing Profitability and Quality." Spend Matters. 2003. Web. Accessed 4 Mar. 2019.

Slide 26 – Guth, Stephen. The Vendor Management Office: Unleashing the Power of Strategic Sourcing. Lulu.com, 2007. Print. Protiviti. Enterprise Risk Management. Web. 16 Feb. 2017.

Slide 34 – "Why Do We Perform Better When Someone Has High Expectations of Us?" The Decision Lab. Accessed January 31, 2022.

Slide 56 - Top 10 Tips for Creating Compelling Reports," October 11, 2019, Design Eclectic. Accessed March 29, 2022.

Slide 56 – "Six Tips for Making a Quality Report Appealing and Easy To Skim," Agency for Health Research and Quality. Accessed March 29, 2022.

Slide 56 –Tucker, Davis. Marketing Reporting: Tips to Create Compelling Reports, March 28, 2020, 60 Second Marketer. Accessed March 29, 2022.

Present Security to Executive Stakeholders

Learn how to communicate security effectively to obtain support from decision makers.

Analyst Perspective

Build and deliver an effective security communication to your executive stakeholders.

As a security leader, you’re tasked with various responsibilities to ensure your organization can achieve its goals while its most important assets are being protected. However, when communicating security to executive stakeholders, challenges can arise in determining what topics are pertinent to present. Changes in the security threat landscape coupled with different business goals make identifying how to present security more challenging. Having a communication framework for presenting security to executive stakeholders will enable you to effectively identify, develop, and deliver your communication goals while obtaining the support you need to achieve your objectives. Ahmad Jowhar Research Specialist, Security & Privacy Info-Tech Research Group

Executive Summary

Info-Tech Insight

Security presentations are not a one-way street. The key to a successful executive security presentation is having a goal for the presentation and verifying that you have met your goal.

Your challenge

As a security leader, you need to communicate security effectively to executive stakeholders in order to obtain support for your security objectives.

• When it comes to presenting security to executive stakeholders, many security leaders find it challenging to convey the necessary information in order to obtain support for security objectives.
• This is attributed to various factors, such as an increase in the threat landscape, changes to industry regulations and standards, and new organizational goals that security has to align with.
• Furthermore, with the limited time to communicate with executive stakeholders, both in frequency and duration, identifying the most important information to address can be challenging.

76% of security leaders struggle in conveying the effectiveness of a cybersecurity program.

62% find it difficult to balance the risk of too much detail and need-to-know information.

41% find it challenging to communicate effectively with a mixed technical and non-technical audience.

Source: Deloitte, 2022

Common obstacles

There is a disconnect between security leaders and executive stakeholders when it comes to the security posture of the organization:

• Executive stakeholders are not confident that their security leaders are doing enough to mitigate security risks.
• The issue has been amplified, with security threats constantly increasing across all industries.
• However, security leaders don’t feel that they are in a position to make themselves heard.
• The lack of organizational security awareness and support from cross-functional departments has made it difficult to achieve security objectives (e.g. education, investments).
• Defining an approach to remove that disconnect with executive stakeholders is of utmost importance for security leaders, in order to improve their organization’s security posture.

9% of boards are extremely confident in their organization’s cybersecurity risk mitigation measures.

77% of organizations have seen an increase in the number of attacks in 2021.

56% of security leaders claimed their team is not involved when leadership makes urgent security decisions.

Source: EY, 2021

Info-Tech’s methodology for presenting security to executive stakeholders

Develop a structured process for communicating security to your stakeholders

Security presentations are not a one-way street
The key to a successful executive security presentation is having a goal for the presentation and verifying that you have met your goal.

Identifying your goals is the foundation of an effective presentation
Defining your drivers and goals for communicating security will enable you to better prepare and deliver your presentation, which will help you obtain your desired outcome.

Harness the power of data
Leveraging data and analytics will help you provide quantitative-based communication, which will result in a more meaningful and effective presentation.

Take your audience on a journey
Developing a storytelling approach will help engage with your audience.

Win your audience by building a rapport
Establishing credibility and trust with executive stakeholders will enable you to obtain their support for security objectives.

Tactical insight
Conduct background research on audience members (i.e. professional background) to help understand how best to communicate with them and overcome potential objections.

Tactical insight
Verifying your objectives at the end of the communication is important, as it ensures you have successfully communicated to executive stakeholders.

Project deliverables

This blueprint is accompanied by a supporting deliverable which includes five security presentation templates.

Report on Security Initiatives Template showing how to inform executive stakeholders of security initiatives.		Security Metrics Template showing how to inform executive stakeholders of current security metrics that would help drive future initiatives.
Security Incident Response & Recovery Template showing how to inform executive stakeholders of security incidents, their impact, and the response plan.		Security Funding Request Template showing how to inform executive stakeholders of security incidents, their impact, and the response plan.

Key template:

Template showing how to inform executive stakeholders of proactive security and risk initiatives.

Blueprint benefits

Measure the value of this blueprint

* The financial figure depicts the annual salary of a CISO in 2022

Source: Chief Information Security Officer Salary.” Salary.com, 2022

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Phase 1

Identify communication goals

This phase will walk you through the following activities:

• Understanding the different drivers for communicating security to executive stakeholders
• Identifying different communication goals

This phase involves the following participants:

• Security leader

1.1. Identify drivers for communicating to executive stakeholders

As a security leader, you meet with executives and stakeholders with diverse backgrounds, and you aim to showcase your organization’s security posture along with its alignment with the business’ goals.

However, with the constant changes in the security threat landscape, demands and drivers for security could change. Thus, understanding potential drivers that will influence your communication will assist you in developing and delivering an effective security presentation.

39% of organizations had cybersecurity on the agenda of their board’s quarterly meeting.

Source: EY, 2021.

Info-Tech Insight

Not all security presentations are the same. Keep your communication strategy and processes agile.

Know your drivers for security presentations

By understanding the influences for your security presentations, you will be able to better plan what to present to executive stakeholders.

• These meetings, which are usually held once per quarter, provide you with less than one hour of presentation time.
• Hence, it is crucial to know why you need to present security and whether these drivers are similar across the other presentations.

Understanding drivers will also help you understand how to present security to executive stakeholders.

• These drivers will shape the structure of your presentation and help determine your approach to communicating your goals.
• For example, financial-based presentations that are driven by budget requests might create a sense of urgency or assurance about investment in a security initiative.

Identify your communication drivers, which can stem from various initiatives and programs, including:

• Results from internal or external audit reports.
• Upcoming budget meetings.
• Briefing newly elected executive stakeholders on security.

When it comes to identifying your communication drivers, you can collaborate with subject matter experts, like your corporate secretary or steering committees, to ensure the material being communicated will align with some of the organizational goals.

Examples of drivers for security presentations

Audit
Upcoming internal or external audits might require updates on the organization’s compliance

Organizational restructuring
Restructuring within an organization could require security updates

Merger & Acquisition
An M&A would trigger presentations on organization’s current and future security posture

Cyber incident
A cyberattack would require an immediate presentation on its impact and the incident response plan

Ad hoc
Provide security information requested by stakeholders

1.2. Define your goals for communicating to executives

After identifying drivers for your communication, it’s important to determine what your goals are for the presentation.

• Communication drivers are mainly triggers for why you want to present security.
• Communication goals are the potential outcomes you are hoping to obtain from the presentation.
• Your communication goals would help identify what data and metrics to include in your presentation, the structure of your communication deck, and how you deliver your communication to executive stakeholders.

Identifying your communication goals could require the participation of the security team, IT leadership, and other business stakeholders.

• As a group, brainstorm the security goals that align with your business goals for the coming year.
  • Aim to have at least two business goals that align with each security goal.
• Identify what benefits and value the executive stakeholders will gain from the security goal being presented.
  • E.g. Increased security awareness, updates on organization's security posture.
• Identify what the ask is for this presentation.
  • E.g. Approval for increasing budget to support security initiatives, executive support to implement internal security programs.

Info-Tech Insight

There can be different reasons to communicate security to executive stakeholders. You need to understand what you want to get out of your presentation.

Examples of security presentation goals

Educate
Educate the board on security trends and/or latest risks in the industry

Update
Provide updates on security initiatives, relevant security metrics, and compliance posture

Inform
Provide an incident response plan due to a security incident or deliver updates on current threats and risks

Investment
Request funding for security investments or financial updates on past security initiatives

Ad hoc
Provide security information requested by stakeholders

Phase 2

Collect information to support goals

This phase will walk you through the following activities:

• Understanding what types of data to include in your security presentations
• Defining where and how to retrieve data

This phase involves the following participants:

• Security leader
• Network/security analyst

2.1 Identify data to collect

After identifying drivers and goals for your communication, it’s important to include the necessary data to justify the information being communicated.

• Leveraging data and analytics will assist in providing quantitative-based communication, which will result in a more meaningful and effective presentation.
• The data presented will showcase the visibility of an organization’s security posture along with potential risks and figures on how to mitigate those risks.
• Providing analysis of the quantitative data presented will also showcase further insights on the figures, allow the audience to better understand the data, and show its relevance to the communication goals.

Identifying data to collect doesn’t need to be a rigorous task; you can follow these steps to help you get started:

• Work with your security team to identify the main type of data applicable to the communication goals.
  • E.g. Financial data would be meaningful to use when communicating a budget presentation.
• Identify supporting data linked to the main data defined.
  • E.g. If a financial investment is made to implement a security initiative, then metrics on improvements to the security posture will be relevant.
• Show how both the main and supporting data align with the communication goals.
  • E.g. Improvement in security posture would increase alignment with regulation standards, which would result in additional contracts being awarded and increased revenue.

Info-Tech Insight

Understand how to present your information in a way that will be meaningful to your audience, for instance by quantifying security risks in financial terms.

Examples of data to present

Educate
Number of organizations in industry impacted by data breaches during past year; top threats and risks affecting the industries

Update
Degree of compliance with standards (e.g. ISO-27001); metrics on improvement of security posture due to security initiatives

Inform
Percentage of impacted clients and disrupted business functions; downtime; security risk likelihood and financial impact

Investment
Capital and operating expenditure for investment; ROI on past and future security initiatives

Ad hoc
Number of security initiatives that went over budget; phishing test campaign results

2.2 Plan how to retrieve the data

Once the data that is going to be used for the presentation has been identified, it is important to plan how the data can be retrieved, processed, and shared.

• Most of the data leveraged for security presentations are structured data, which are highly organized data that are often stored in a relational and easily searchable database.
  • This includes security log reports or expenditures for ongoing and future security investments.
• Retrieving the data, however, would require collaboration and cooperation from different team members.
• You would need to work with the security team and other appropriate stakeholders to identify where the data is stored and who the data owner is.

Once the data source and owner has been identified, you need to plan how the data would be processed and leveraged for your presentation

• This could include using queries to retrieve the relevant information needed (e.g. SQL, Microsoft Excel).
• Verify the accuracy and relevance of the data with other stakeholders to ensure it is the most appropriate data to be presented to the executive stakeholders.

Info-Tech Insight

Using a data-driven approach to help support your objectives is key to engaging with your audience.

Plan where to retrieve the data

Identifying the relevant data sources to retrieve your data and the appropriate data owner enables efficient collaboration between departments collecting, processing, and communicating the data and graphics to the audience.

Examples of where to retrieve your data

Phase 3

Develop communication

This phase will walk you through the following activities:

• Identifying a communication strategy for presenting security
• Identifying security templates that are applicable to your presentation

This phase involves the following participants:

• Security leader

3.1 Plan communication: Know who your audience is

• When preparing your communication, it's important to understand who your target audience is and to conduct background research on them.
• This will help develop your communication style and ensure your presentation caters to the expected audience in the room.

Examples of two profiles in a boardroom

3.1.1 Know what your audience cares about

• Understanding what your executive stakeholders value will equip you with the right information to include in your presentations.
• Ensure you conduct background research on your audience to assist you in knowing what their potential interests are.
• Your background research could include:
  • Researching the audience’s professional background through LinkedIn.
  • Reviewing their comments from past executive meetings.
  • Researching current security trends that align with organizational goals.
• Once the values and risks have been identified, you can document them in notes and share the notes with subject matter experts to verify if these values and risks should be shared in the coming meetings.

A board’s purpose can include the following:

• Sustaining and expanding the organization’s purpose and ability to execute in a competitive market.
• Determining and funding the organization’s future and direction.
• Protecting and increasing shareholder value.
• Protecting the company’s exposure to risks.

Examples of potential values and risks

• Business impact
• Financial impact
• Security and incidents

Info-Tech Insight
Conduct background research on audience members (e.g. professional background on LinkedIn) to help understand how best to communicate to them and overcome potential objections.

Understand your audience’s concerns

• Along with knowing what your audience values and cares about, understanding their main concerns will allow you to address those items or align them with your communication.
• By treating your executive stakeholders as your project sponsors, you would build a level of trust and confidence with your peers as the first step to tackling their concerns.
• These concerns can be derived from past stakeholder meetings, recent trends in the industry, or strategic business alignments.
• After capturing their concerns, you’ll be equipped with the necessary understanding on what material to include and prioritize during your presentations.

Examples of potential concerns for each profile of executive stakeholders

Build your presentation to tackle their main concerns

Your presentation should be well-rounded and compelling when it addresses the board’s main concerns about security.

Checklist:

• Research your target audience (their backgrounds, board composition, dynamics, executive team vs. external group).
• Include value and risk language in your presentation to appeal to your audience.
• Ensure your content focuses on one or more of the board’s main concerns with security (e.g. business impact, investments, or risk).
• Include information about what is in it for them and the organization.
• Research your board’s composition and skillsets to determine their level of technical knowledge and expertise. This helps craft your presentation with the right amount of technology vs. business-facing information.

Info-Tech Insight
The executive stakeholder’s main concerns will always boil down to one important outcome: providing a level of confidence to do business through IT products, services, and systems – including security.

3.1.2 Take your audience through a security journey

• Once you have defined your intended target and their potential concerns, developing the communication through a storytelling approach will be the next step to help build a compelling presentation.
• You need to help your executive stakeholders make sense of the information being conveyed and allow them to understand the importance of cybersecurity.
• Taking your audience through a story will allow them to see the value of the information being presented and better resonate with its message.
• You can derive insights for your storytelling presentation by doing the following:
  • Provide a business case scenario on the topic you are presenting.
  • Identify and communicate the business problem up front and answer the three questions (why, what, how).
  • Quantify the problems in terms of business impact (money, risk, value).

Info-Tech Insight
Developing a storytelling approach will help keep your audience engaged and allow the information to resonate with them, which will add further value to the communication.

Identify the purpose of your presentation

You should be clear about your bottom line and the intent behind your presentation. However, regardless of your bottom line, your presentation must focus on what business problems you are solving and why security can assist in solving the problem.

Examples of communication goals

Info-Tech Insight
Nobody likes surprises. Communicate early and often. The board should be pre-briefed, especially if it is a difficult subject. This also ensures you have support when you deliver a difficult message.

Gather the right information to include in your boardroom presentation

Once you understand your target audience, it’s important to tailor your presentation material to what they will care about.

Typical IT boardroom presentations include:

• Communicating the value of ongoing business technology initiatives.
• Requesting funds or approval for a business initiative that IT is spearheading.
• Security incident response/Risk/DRP.
• Developing a business program or an investment update for an ongoing program.
• Business technology strategy highlights and impacts.
• Digital transformation initiatives (value, ROI, risk).

Info-Tech Insight
You must always have a clear goal or objective for delivering a presentation in front of your board of directors. What is the purpose of your board presentation? Identify your objective and outcome up front and tailor your presentation’s story and contents to fit this purpose.

Info-Tech Insight
Telling a good story is not about the message you want to deliver but the one the executive stakeholders want to hear. Articulate what you want them to think and what you want them to take away, and be explicit about it in your presentation. Make your story logically flow by identifying the business problem, complication, the solution, and how to close the gap. Most importantly, communicate the business impacts the board will care about.

Structure your presentation to tell a logical story

To build a strong story for your presentation, ensure you answer these three questions:

Examples:

Scenario 1: The company has experienced a security incident.

Intent: To inform/educate the board about the security incident.

Scenario 2: Security is recommending investments based on strategic priorities.

Intent: To reach a decision with the board – approve investment proposal.

Time plays a key role in delivering an effective presentation

What you include in your story will often depend on how much time you have available to deliver the message.

Consider the following:

• Presenting to executive stakeholders often means you have a short window of time to deliver your message. The average executive stakeholder presentation is 15 minutes, and this could be cut short due to other unexpected factors.
• If your presentation is too long, you risk overwhelming or losing your audience. You must factor in the time constraints when building your board presentation.
• Your executive stakeholders have a wealth of experience and knowledge, which means they could jump to conclusions quickly based on their own experiences. Ensure you give them plenty of background information in advance. Provide your presentation material, a brief, or any other supporting documentation before the meeting to show you are well prepared.
• Be prepared to have deep conversations about the topic, but respect that the executive stakeholders might not be interested in hearing the tactical information. Build an elevator pitch, a one-pager, back-up slides that support your ask and the story, and be prepared to answer questions within your allotted presentation time to dive deeper.

Navigating through Q&A

Use the Q&A portion to build credibility with the board.

• It is always better to say, “I’m not certain about the answer but will follow up,” than to provide false or inaccurate information on the spot.
• When asked challenging or irrelevant questions, ensure you have an approach to deflect them. Questions can often be out of scope or difficult to answer in a group. Find what works for you to successfully navigate through these questions:
  • “Let’s work with the sub-committee to find you an answer.”
  • “Let’s take that offline to address in more detail.”
  • “I have some follow-up material I can provide you to discuss that further after our meeting.”
• And ensure you follow up! Make sure to follow through on your promise to provide information or answers after the meeting. This helps build trust and credibility with the board.

Info-Tech Insight
The average board presentation is 15 minutes long. Build no more than three or four slides of content to identify the business problem, the business impacts, and the solution. Leave five minutes for questions at the end, and be prepared with back-up slides to support your answers.

Storytelling checklist

Checklist:

• Tailor your presentation based on how much time you have.
• Find out ahead of time how much time you have.
• Identify if your presentation is to inform/educate or reach a decision.
• Identify and communicate the business problem up front and answer the three questions (why, what, how).
• Express the problem in terms of business impact (risk, value, money).
• Prepare and send pre-meeting collateral to the members of the board and executive team.
• Include no more than 5-6 slides for your presentation.
• Factor in Q&A time at the end of your presentation window.
• Articulate what you want them to think and what you want them to take away – put it right up front and remind them at the end.
• Have an elevator speech handy – one or two sentences and a one-pager version of your story.
• Consider how you will build your relationship with the members outside the boardroom.

3.1.3 Build a compelling communication document

Once you’ve identified your communication goals, data, and plan to present to your stakeholders, it’s important to build the compelling communication document that will attract all audiences.

A good slide design increases the likelihood that the audience will read the content carefully.

• Bad slide structure (flow) = Audience loses focus
  • You can have great content on a slide, but if a busy audience gets confused, they’ll just close the file or lose focus. Structure encompasses horizontal and vertical logic.
• Good visual design = Audience might read more
  • Readers will probably skim the slides first. If the slides look ugly, they will already have a negative impression. If the slides are visually appealing, they will be more inclined to read carefully. They may even use some slides to show others.
• Good content + Good structure + Visual appeal = Good presentation
  • A presentation is like a house. Good content is the foundation of the house. Good structure keeps the house strong. Visual appeal differentiates houses.

Slide design best practices

Leverage these slide design best practices to assist you in developing eye-catching presentations.

• Easy to read: Assume reader is tight on time. If a slide looks overwhelming, the reader will close the document.
• Concise and clear: Fewer words = more skim-able.
• Memorable: Use graphics and visuals or pithy quotes whenever you can do so appropriately.
• Horizontal logic: Good horizontal logic will have slide titles that cascade into a story with no holes or gaps.
• Vertical logic: People usually read from left to right, top to bottom, or in a Z pattern. Make sure your slide has an intuitive flow of content.
• Aesthetics: People like looking at visually appealing slides, but make sure your attempts to create visual appeal do not detract from the content.

Your presentation must have a logical flow

Vertical logic should be intuitive

The audience is unsure where to look and in what order.	The audience knows to read the heading first. Then look within the pie chart. Then look within the white boxes to the right.

Horizontal and vertical logic checklists

Make it easy to read

Unnecessary coloring makes it hard on the eyes Margins for title at top is too small Content is not skim-able (best to break up the slide)	Increase skim-ability: Emphasize the subheadings Bold important words Make it easier on the eyes: Declutter and add sections Have more white space

Be concise and clear

1. Write your thoughts down
   • This gets your content documented.
   • Don’t worry about clarity or concision yet.
2. Edit for clarity
   • Make sure the key message is very clear.
   • Find your thesis statement.
3. Edit for concision
   • Remove unnecessary words.
   • Use the active voice, not passive voice (see below for examples).

Be memorable

Easy to read, but hard to remember the stats.	The visuals make it easier to see the size of the problem and make it much more memorable. Remember to: Have some kind of visual (e.g. graphs, icons, tables). Divide the content into sections. Have a bit of color on the page.

Aesthetics

This draft slide is just content from the outline document on a slide with no design applied yet.	Have some kind of visual (e.g. graphs, icons, tables) as long as it’s appropriate. Divide the content into sections. Have a bit of color on the page. Bold or italicize important text.

Why use visuals?

How graphics affect us

Cognitively

• Engage our imagination
• Stimulate the brain
• Heighten creative thinking
• Enhance or affect emotions

Emotionally

• Enhance comprehension
• Increase recollection
• Elevate communication
• Improve retention

Visual clues

• Help decode text
• Attract attention
• Increase memory

Persuasion

• 43% more effective than text alone

Source: Management Information Systems Research Center

Presentation format

Often stakeholders prefer to receive content in a specific format. Make sure you know what you require so that you are not scrambling at the last minute.

• Is there a standard presentation template?
• Is a hard-copy handout required?
• Is there a deadline for draft submission?
• Is there a deadline for final submission?
• Will the presentation be circulated ahead of time?
• Do you know what technology you will be using?
• Have you done a dry run in the meeting room?
• Do you know the meeting organizer?

Checklist to build compelling visuals in your presentation

Leverage this checklist to ensure you are creating the perfect visuals and graphs for your presentation.

Checklist:

• Do the visuals grab the audience’s attention?
• Will the visuals mislead the audience/confuse them?
• Do the visuals facilitate data comparison or highlight trends and differences in a more effective manner than words?
• Do the visuals present information simply, cleanly, and accurately?
• Do the visuals display the information/data in a concentrated way?
• Do the visuals illustrate messages and themes from the accompanying text?

3.2 Security communication templates

Once you have identified your communication goals and plans for building your communication document, you can start building your presentation deck. These presentation templates highlight different security topics depending on your communication drivers, goals, and available data. Info-Tech has created five security templates to assist you in building a compelling presentation. These templates provide support for presentations on the following five topics: Security Initiatives Security & Risk Update Security Metrics Security Incident Response & Recovery Security Funding Request Each template provides instructions on how to use it and tips on ensuring the right information is being presented. All the templates are customizable, which enables you to leverage the sections you need while also editing any sections to your liking.

Download the Security Presentation Templates

Security template example

It’s important to know that not all security presentations for an organization are alike. However, these templates would provide a guideline on what the best practices are when communicating security to executive stakeholders.

Below is an example of instructions to complete the “Security Risk & Update” template. Please note that the security template will have instructions to complete each of its sections.

The first slide following the title slide includes a brief executive summary on what would be discussed in the presentation. This includes the main security threats that would be addressed and the associated risk mitigation strategies.	This slide depicts a holistic overview of the organization’s security posture in different areas along with the main business goals that security is aligning with. Ensure visualizations you include align with the goals highlighted.

Security template example (continued)

This slide displays any top threats and risks an organization is facing. Each threat consists of 2-3 risks and is prioritized based on the negative impact it could have on the organization (i.e. red bar = high priority; green bar = low priority). Include risks that have been addressed in the past quarter, and showcase any prioritization changes to those risks.

This slide follows the “Top Threats & Risks” slide and focuses on the risks that had medium or high priority. You will need to work with subject matter experts to identify risk figures (likelihood, financial impact) that will enable you to quantify the risks (Likelihood x Financial Impact). Develop a threshold for each of the three columns to identify which risks require further prioritization, and apply color coding to group the risks.

Security template example (continued)

This slide showcases further details on the top risks along with their business impact. Be sure to include recommendations for the risks and indicate whether further action is required from the executive stakeholders.	The last slide of the “Security Risk & Update” template presents a timeline of when the different initiatives to mitigate security risks would begin. It depicts what initiatives will be completed within each fiscal year and the total number of months required. As there could be many factors to a project’s timeline, ensure you communicate to your executive stakeholders any changes to the project.

Phase 4

Deliver communication

This phase will walk you through the following activities:

• Identifying a strategy to deliver compelling presentations
• Ensuring you follow best practices for communicating and obtaining your security goals

This phase involves the following participants:

• Security leader

4.1 Deliver a captivating presentation

You’ve gathered all your data, you understand what your audience is expecting, and you are clear on the outcomes you require. Now, it’s time to deliver a presentation that both engages and builds confidence.

Follow these tips to assist you in developing an engaging presentation:

• Start strong: Give your audience confidence that this will be a good investment of their time. Establish a clear direction for what’s going to be covered and what the desired outcome is.
• Use your time wisely: Odds are, your audience is busy, and they have many other things on their minds. Be prepared to cover your content in the time allotted and leave sufficient time for discussion and questions.
• Be flexible while presenting: Do not expect that your presentation will follow the path you have laid out. Anticipate jumping around and spending more or less time than you had planned on a given slide.

Keep your audience engaged with these steps

• Be ready with supporting data. Don’t make the mistake of not knowing your content intimately. Be prepared to answer questions on any part of it. Senior executives are experts at finding holes in your data.
• Know your audience. Who are you presenting to? What are their specific expectations? Are there sensitive topics to be avoided? You can’t be too prepared when it comes to understanding your audience.
• Keep it simple. Don’t assume that your audience wants to learn the details of your content. Most just want to understand the bottom line, the impact on them, and how they can help. More is not always better.
• Focus on solving issues. Your audience members have many of their own problems and issues to worry about. If you show them how you can help make their lives easier, you’ll win them over.

Info-Tech Insight
Establishing credibility and trust with executive stakeholders is important to obtaining their support for security objectives.

Be honest and straightforward with your communication

• Be prepared. Being properly prepared means not only that your update will deliver the value that you expect, but also that you will have confidence and the flexibility you require when you’re taken off track.
• Don’t sugarcoat it. These are smart, driven people that you are presenting to. It is neither beneficial nor wise to try to fool them. Be open and transparent about problems and issues. Ask for help.
• No surprises. An executive stakeholder presentation is not the time or the place for a surprise. Issues seen as unexpected or contentious should always be dealt with prior to the meeting with those most impacted.

Hone presentation skills before meeting with the executive stakeholders

Checklist for presentation logistics

Optimize the timing of your presentation:

• Less is more: Long presentations are detrimental to your cause – they lead to your main points being diluted. Keep your presentation short and concise.
• Keep information relevant: Only present information that is important to your audience. This includes the information that they are expecting to see and information that connects to the business.
• Expect delays: Your audience will likely have questions. While it is important to answer each question fully, it will take away from the precious time given to you for your presentation. Expect that you will not get through all the information you have to present.

Script your presentation:

• Use a script to stay on track: Script your presentation before the meeting. A script will help you present your information in a concise and structured manner.
• Develop a second script: Create a script that is about half the length of the first script but still contains the most important points. This will help you prepare for any delays that may arise during the presentation.
• Prepare for questions: Consider questions that may be asked and script clear and concise answers to each.
• Practice, practice, practice: Practice your presentation until you no longer need the script in front of you.

Checklist for presentation logistics (continued)

Other considerations:

• After the introduction of your presentation, clearly state the objective – don’t keep people guessing and consequently lose focus on your message.
• After the presentation is over, document important information that came up. Write it down or you may forget it soon after.
• Rather than create a long presentation deck full of detailed slides that you plan to skip over during the presentation, create a second, compact deck that contains only the slides you plan to present. Send out the longer deck after the presentation.

Checklist for delivering a captivating presentation

Leverage this checklist to ensure you are prepared to develop and deliver an engaging presentation.

Checklist:

• Start with a story or something memorable to break the ice.
• Go in with the end state in mind (focus on the outcome/end goal and work back from there) – What’s your call to action?
• Content must compliment your end goal, filter out any content that doesn’t compliment the end goal.
• Be prepared to have less time to speak. Be prepared with shorter versions of your presentation.
• Include an appendix with supporting data, but don’t be data heavy in your presentation. Integrate the data into a story. The story should be your focus.

Checklist for delivering a captivating presentation (continued)

• Be deliberate in what you want to show your audience.
• Ensure you have clean slides so the audience can focus on what you’re saying.
• Practice delivering your content multiple times alone and in front of team members or your Info-Tech counselor, who can provide feedback.
• How will you handle being derailed? Be prepared with a way to get back on track if you are derailed.
• Ask for feedback.
• Record yourself presenting.

4.2 Obtain and verify support on security goals

Once you’ve delivered your captivating presentation, it’s imperative to communicate with your executive stakeholders.

• This is your opportunity to open the floor for questions and clarify any information that was conveyed to your audience.
• Leverage your appendix and other supporting documents to justify your goals.
• Different approaches to obtaining and verifying your goals could include:
  • Acknowledgment from the audience that information communicated aligns with the business’s goals.
  • Approval of funding requests for security initiatives.
  • Written and verbal support for implementation of security initiatives.
  • Identifying next steps for information to communicate at the next executive stakeholder meeting.

Info-Tech Insight
Verifying your objectives at the end of the presentation is important, as it ensures you have successfully communicated to executive stakeholders.

Checklist for obtaining and verify support on security goals

Follow this checklist to assist you in obtaining and verifying your communication goals.

Checklist:

• Be clear about follow-up and next steps if applicable.
• Present before you present: Meet with your executive stakeholders before the meeting to review and discuss your presentation and other supporting material and ensure you have executive/CEO buy-in.
• “Be humble, but don’t crumble” – demonstrate to the executive stakeholders that you are an expert while admitting you don’t know everything. However, don’t be afraid to provide your POV and defend it if need be. Strike the right balance to ensure the board has confidence in you while building a strong relationship.
• Prioritize a discussion over a formal presentation. Create an environment where they feel like they are part of the solution.

Summary of Accomplishment

Problem Solved

A better understanding of security communication drivers and goals

• Understanding the difference between communication drivers and goals
• Identifying your drivers and goals for security presentation

A developed a plan for how and where to retrieve data for communication

• Insights on what type of data can be leveraged to support your communication goals
• Understanding who you can collaborate with and potential data sources to retrieve data from

A solidified communication plan with security templates to assist in better presenting to your audience

• A guideline on how to prepare security presentations to executive stakeholders
• A list of security templates that can be customized and used for various security presentations

A defined guideline on how to deliver a captivating presentation to achieve your desired objectives

• Clear message on best practices for delivering security presentations to executive stakeholders
• Understanding how to verify your communication goals have been obtained

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

Contact your account representative for more information.

workshops@infotech.com

1-888-670-8889

Related Info-Tech Research

Build an Information Security Strategy
This blueprint will walk you through the steps of tailoring best practices to effectively manage information security.

Build a Security Metrics Program to Drive Maturity
This blueprint will assist you in identifying security metrics that can tie to your organizational goals and build those metrics to achieve your desired maturity level.

Bibliography

Bhadauriya, Amit S. “Communicating Cybersecurity Effectively to the Board.” Metricstream. Web.
Booth, Steven, et al. “The Biggest Mistakes Made When Presenting Cyber Security to Senior Leadership or the Board, and How to Fix Them.” Mandiant, May 2019. Web.
Bradford, Nate. “6 Slides Every CISO Should Use in Their Board Presentation.” Security Boulevard, 9 July 2020. Web.
Buckalew, Lauren, et al. “Get the Board on Board: Leading Cybersecurity from the Top Down.” Newsroom, 2 Dec. 2019. Web.
Burg, Dave, et al. “Cybersecurity: How Do You Rise above the Waves of a Perfect Storm?” EY US - Home, EY, 22 July 2021. Web.
Carnegie Endowment for International Peace. Web.
“Chief Information Security Officer Salary.” Salary.com, 2022. Web.
“CISO's Guide to Reporting to the Board - Apex Assembly.” CISO's Guide To Reporting to the Board. Web.
“Cyber Security Oversight in the Boardroom” KPMG, Jan. 2016. Web.
“Cybersecurity CEO: My 3 Tips for Presenting in the Boardroom.” Cybercrime Magazine, 31 Mar. 2020. Web.
Dacri , Bryana. Do's & Don'ts for Security Professionals Presenting to Executives. Feb. 2018. Web.
Froehlich, Andrew. “7 Cybersecurity Metrics for the Board and How to Present Them: TechTarget.” Security, TechTarget, 19 Aug. 2022. Web.
“Global Board Risk Survey.” EY. Web.
“Guidance for CISOs Presenting to the C-Suite.” IANS, June 2021. Web.
“How to Communicate Cybersecurity to the Board of Directors.” Cybersecurity Conferences & News, Seguro Group, 12 Mar. 2020. Web.
Ide, R. William, and Amanda Leech. “A Cybersecurity Guide for Directors” Dentons. Web.
Lindberg, Randy. “3 Tips for Communicating Cybersecurity to the Board.” Cybersecurity Software, Rivial Data Security, 8 Mar. 2022. Web.
McLeod, Scott, et al. “How to Present Cybersecurity to Your Board of Directors.” Cybersecurity & Compliance Simplified, Apptega Inc, 9 Aug. 2021. Web.
Mickle, Jirah. “A Recipe for Success: CISOs Share Top Tips for Successful Board Presentations.” Tenable®, 28 Nov. 2022. Web.
Middlesworth, Jeff. “Top-down: Mitigating Cybersecurity Risks Starts with the Board.” Spiceworks, 13 Sept. 2022. Web.
Mishra, Ruchika. “4 Things Every CISO Must Include in Their Board Presentation.” Security Boulevard, 17 Nov. 2020. Web.
O’Donnell-Welch, Lindsey. “CISOs, Board Members and the Search for Cybersecurity Common Ground.” Decipher, 20 Oct. 2022. Web.

Bibliography

“Overseeing Cyber Risk: The Board's Role.” PwC, Jan. 2022. Web.
Pearlson, Keri, and Nelson Novaes Neto. “7 Pressing Cybersecurity Questions Boards Need to Ask.” Harvard Business Review, 7 Mar. 2022. Web.
“Reporting Cybersecurity Risk to the Board of Directors.” Web.
“Reporting Cybersecurity to Your Board - Steps to Prepare.” Pondurance ,12 July 2022. Web.
Staynings, Richard. “Presenting Cybersecurity to the Board.” Resource Library. Web.
“The Future of Cyber Survey.” Deloitte, 29 Aug. 2022. Web.
“Top Cybersecurity Metrics to Share with Your Board.” Packetlabs, 10 May 2022. Web.
Unni, Ajay. “Reporting Cyber Security to the Board? How to Get It Right.” Cybersecurity Services Company in Australia & NZ, 10 Nov. 2022. Web.
Vogel, Douglas, et al. “Persuasion and the Role of Visual Presentation Support.” Management Information Systems Research Center, 1986.
“Welcome to the Cyber Security Toolkit for Boards.” NCSC. Web.

Research Contributors

• Fred Donatucci, New-Indy Containerboard, VP, Information Technology
• Christian Rasmussen, St John Ambulance, Chief Information Officer
• Stephen Rondeau, ZimVie, SVP, Chief Information Officer